@imtbl/auth-nextjs 2.12.4-alpha.5 → 2.12.4-alpha.6

package/dist/node/index.cjs

@@ -30,8 +30,14 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
+  DEFAULT_AUDIENCE: () => DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN: () => DEFAULT_AUTH_DOMAIN,
+  DEFAULT_NEXTAUTH_BASE_PATH: () => DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_SCOPE: () => DEFAULT_SCOPE,
   ImmutableAuth: () => ImmutableAuth,
   MarketingConsentStatus: () => import_auth.MarketingConsentStatus,
+  createAuthConfig: () => createAuthConfig,
+  createImmutableAuth: () => createImmutableAuth,
   isTokenExpired: () => isTokenExpired,
   refreshAccessToken: () => refreshAccessToken
 });
@@ -43,7 +49,10 @@ var import_credentials = __toESM(require("next-auth/providers/credentials"), 1);
 
 // src/constants.ts
 var DEFAULT_AUTH_DOMAIN = "https://auth.immutable.com";
+var DEFAULT_AUDIENCE = "platform_api";
+var DEFAULT_SCOPE = "openid profile email offline_access transact";
 var IMMUTABLE_PROVIDER_ID = "immutable";
+var DEFAULT_NEXTAUTH_BASE_PATH = "/api/auth";
 var DEFAULT_TOKEN_EXPIRY_SECONDS = 900;
 var DEFAULT_TOKEN_EXPIRY_MS = DEFAULT_TOKEN_EXPIRY_SECONDS * 1e3;
 var TOKEN_EXPIRY_BUFFER_SECONDS = 60;
@@ -111,7 +120,7 @@ function isTokenExpired(accessTokenExpires, bufferSeconds = TOKEN_EXPIRY_BUFFER_
 }
 
 // src/config.ts
-var CredentialsProvider = import_credentials.default.default || import_credentials.default;
+var Credentials = import_credentials.default.default || import_credentials.default;
 async function validateTokens(accessToken, authDomain) {
   try {
     const response = await fetch(`${authDomain}/userinfo`, {
@@ -130,18 +139,18 @@ async function validateTokens(accessToken, authDomain) {
     return null;
   }
 }
-function createAuthOptions(config) {
+function createAuthConfig(config) {
   const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
   return {
     providers: [
-      CredentialsProvider({
+      Credentials({
         id: IMMUTABLE_PROVIDER_ID,
         name: "Immutable",
         credentials: {
           tokens: { label: "Tokens", type: "text" }
         },
         async authorize(credentials) {
-          if (!credentials?.tokens) {
+          if (!credentials?.tokens || typeof credentials.tokens !== "string") {
             return null;
           }
           let tokenData;
@@ -184,6 +193,7 @@ function createAuthOptions(config) {
       })
     ],
     callbacks: {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
       async jwt({
         token,
         user,
@@ -204,13 +214,14 @@ function createAuthOptions(config) {
           };
         }
         if (trigger === "update" && sessionUpdate) {
+          const update = sessionUpdate;
           return {
             ...token,
-            ...sessionUpdate.accessToken && { accessToken: sessionUpdate.accessToken },
-            ...sessionUpdate.refreshToken && { refreshToken: sessionUpdate.refreshToken },
-            ...sessionUpdate.idToken && { idToken: sessionUpdate.idToken },
-            ...sessionUpdate.accessTokenExpires && { accessTokenExpires: sessionUpdate.accessTokenExpires },
-            ...sessionUpdate.zkEvm && { zkEvm: sessionUpdate.zkEvm }
+            ...update.accessToken ? { accessToken: update.accessToken } : {},
+            ...update.refreshToken ? { refreshToken: update.refreshToken } : {},
+            ...update.idToken ? { idToken: update.idToken } : {},
+            ...update.accessTokenExpires ? { accessTokenExpires: update.accessTokenExpires } : {},
+            ...update.zkEvm ? { zkEvm: update.zkEvm } : {}
           };
         }
         if (!isTokenExpired(token.accessTokenExpires)) {
@@ -218,10 +229,12 @@ function createAuthOptions(config) {
         }
         return refreshAccessToken(token, config);
       },
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
       async session({ session, token }) {
         return {
           ...session,
           user: {
+            ...session.user,
             sub: token.sub,
             email: token.email,
             nickname: token.nickname
@@ -239,26 +252,24 @@ function createAuthOptions(config) {
       strategy: "jwt",
       // Session max age in seconds (30 days default)
       maxAge: DEFAULT_SESSION_MAX_AGE_SECONDS
-    },
-    // Use NEXTAUTH_SECRET from environment
-    secret: process.env.NEXTAUTH_SECRET
+    }
   };
 }
 
 // src/index.ts
 var import_auth = require("@imtbl/auth");
 var NextAuth = import_next_auth.default.default || import_next_auth.default;
-function ImmutableAuth(config, overrides) {
-  const authOptions = createAuthOptions(config);
+function createImmutableAuth(config, overrides) {
+  const authConfig = createAuthConfig(config);
   if (!overrides) {
-    return NextAuth(authOptions);
+    return NextAuth(authConfig);
   }
   const composedCallbacks = {
-    ...authOptions.callbacks
+    ...authConfig.callbacks
   };
   if (overrides.callbacks) {
     if (overrides.callbacks.jwt) {
-      const internalJwt = authOptions.callbacks?.jwt;
+      const internalJwt = authConfig.callbacks?.jwt;
       const userJwt = overrides.callbacks.jwt;
       composedCallbacks.jwt = async (params) => {
         const token = internalJwt ? await internalJwt(params) : params.token;
@@ -266,7 +277,7 @@ function ImmutableAuth(config, overrides) {
       };
     }
     if (overrides.callbacks.session) {
-      const internalSession = authOptions.callbacks?.session;
+      const internalSession = authConfig.callbacks?.session;
       const userSession = overrides.callbacks.session;
       composedCallbacks.session = async (params) => {
         const session = internalSession ? await internalSession(params) : params.session;
@@ -280,17 +291,24 @@ function ImmutableAuth(config, overrides) {
       composedCallbacks.redirect = overrides.callbacks.redirect;
     }
   }
-  const mergedOptions = {
-    ...authOptions,
+  const mergedConfig = {
+    ...authConfig,
     ...overrides,
     callbacks: composedCallbacks
   };
-  return NextAuth(mergedOptions);
+  return NextAuth(mergedConfig);
 }
+var ImmutableAuth = createImmutableAuth;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN,
+  DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_SCOPE,
   ImmutableAuth,
   MarketingConsentStatus,
+  createAuthConfig,
+  createImmutableAuth,
   isTokenExpired,
   refreshAccessToken
 });

package/dist/node/index.js

@@ -1,55 +1,24 @@
 import {
-  createAuthOptions,
+  DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN,
+  DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_SCOPE,
+  ImmutableAuth,
+  MarketingConsentStatus,
+  createAuthConfig,
+  createImmutableAuth,
   isTokenExpired,
   refreshAccessToken
-} from "./chunk-OPPMGNFZ.js";
-
-// src/index.ts
-import NextAuthDefault from "next-auth";
-import { MarketingConsentStatus } from "@imtbl/auth";
-var NextAuth = NextAuthDefault.default || NextAuthDefault;
-function ImmutableAuth(config, overrides) {
-  const authOptions = createAuthOptions(config);
-  if (!overrides) {
-    return NextAuth(authOptions);
-  }
-  const composedCallbacks = {
-    ...authOptions.callbacks
-  };
-  if (overrides.callbacks) {
-    if (overrides.callbacks.jwt) {
-      const internalJwt = authOptions.callbacks?.jwt;
-      const userJwt = overrides.callbacks.jwt;
-      composedCallbacks.jwt = async (params) => {
-        const token = internalJwt ? await internalJwt(params) : params.token;
-        return userJwt({ ...params, token });
-      };
-    }
-    if (overrides.callbacks.session) {
-      const internalSession = authOptions.callbacks?.session;
-      const userSession = overrides.callbacks.session;
-      composedCallbacks.session = async (params) => {
-        const session = internalSession ? await internalSession(params) : params.session;
-        return userSession({ ...params, session });
-      };
-    }
-    if (overrides.callbacks.signIn) {
-      composedCallbacks.signIn = overrides.callbacks.signIn;
-    }
-    if (overrides.callbacks.redirect) {
-      composedCallbacks.redirect = overrides.callbacks.redirect;
-    }
-  }
-  const mergedOptions = {
-    ...authOptions,
-    ...overrides,
-    callbacks: composedCallbacks
-  };
-  return NextAuth(mergedOptions);
-}
+} from "./chunk-BRDI4KXS.js";
 export {
+  DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN,
+  DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_SCOPE,
   ImmutableAuth,
   MarketingConsentStatus,
+  createAuthConfig,
+  createImmutableAuth,
   isTokenExpired,
   refreshAccessToken
 };

package/dist/node/server/index.cjs

@@ -30,13 +30,16 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/server/index.ts
 var server_exports = {};
 __export(server_exports, {
-  getImmutableSession: () => getImmutableSession,
-  withPageAuthRequired: () => withPageAuthRequired
+  createAuthConfig: () => createAuthConfig,
+  createAuthMiddleware: () => createAuthMiddleware,
+  createImmutableAuth: () => createImmutableAuth,
+  withAuth: () => withAuth
 });
 module.exports = __toCommonJS(server_exports);
+var import_server = require("next/server");
 
-// src/server/with-page-auth.ts
-var import_next_auth = require("next-auth");
+// src/index.ts
+var import_next_auth = __toESM(require("next-auth"), 1);
 
 // src/config.ts
 var import_credentials = __toESM(require("next-auth/providers/credentials"), 1);
@@ -111,7 +114,7 @@ function isTokenExpired(accessTokenExpires, bufferSeconds = TOKEN_EXPIRY_BUFFER_
 }
 
 // src/config.ts
-var CredentialsProvider = import_credentials.default.default || import_credentials.default;
+var Credentials = import_credentials.default.default || import_credentials.default;
 async function validateTokens(accessToken, authDomain) {
   try {
     const response = await fetch(`${authDomain}/userinfo`, {
@@ -130,18 +133,18 @@ async function validateTokens(accessToken, authDomain) {
     return null;
   }
 }
-function createAuthOptions(config) {
+function createAuthConfig(config) {
   const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
   return {
     providers: [
-      CredentialsProvider({
+      Credentials({
         id: IMMUTABLE_PROVIDER_ID,
         name: "Immutable",
         credentials: {
           tokens: { label: "Tokens", type: "text" }
         },
         async authorize(credentials) {
-          if (!credentials?.tokens) {
+          if (!credentials?.tokens || typeof credentials.tokens !== "string") {
             return null;
           }
           let tokenData;
@@ -184,6 +187,7 @@ function createAuthOptions(config) {
       })
     ],
     callbacks: {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
       async jwt({
         token,
         user,
@@ -204,13 +208,14 @@ function createAuthOptions(config) {
           };
         }
         if (trigger === "update" && sessionUpdate) {
+          const update = sessionUpdate;
           return {
             ...token,
-            ...sessionUpdate.accessToken && { accessToken: sessionUpdate.accessToken },
-            ...sessionUpdate.refreshToken && { refreshToken: sessionUpdate.refreshToken },
-            ...sessionUpdate.idToken && { idToken: sessionUpdate.idToken },
-            ...sessionUpdate.accessTokenExpires && { accessTokenExpires: sessionUpdate.accessTokenExpires },
-            ...sessionUpdate.zkEvm && { zkEvm: sessionUpdate.zkEvm }
+            ...update.accessToken ? { accessToken: update.accessToken } : {},
+            ...update.refreshToken ? { refreshToken: update.refreshToken } : {},
+            ...update.idToken ? { idToken: update.idToken } : {},
+            ...update.accessTokenExpires ? { accessTokenExpires: update.accessTokenExpires } : {},
+            ...update.zkEvm ? { zkEvm: update.zkEvm } : {}
           };
         }
         if (!isTokenExpired(token.accessTokenExpires)) {
@@ -218,10 +223,12 @@ function createAuthOptions(config) {
         }
         return refreshAccessToken(token, config);
       },
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
       async session({ session, token }) {
         return {
           ...session,
           user: {
+            ...session.user,
             sub: token.sub,
             email: token.email,
             nickname: token.nickname
@@ -239,62 +246,103 @@ function createAuthOptions(config) {
       strategy: "jwt",
       // Session max age in seconds (30 days default)
       maxAge: DEFAULT_SESSION_MAX_AGE_SECONDS
-    },
-    // Use NEXTAUTH_SECRET from environment
-    secret: process.env.NEXTAUTH_SECRET
+    }
   };
 }
 
-// src/server/with-page-auth.ts
-async function getImmutableSession(req, res, config) {
-  const authOptions = createAuthOptions(config);
-  return (0, import_next_auth.getServerSession)(req, res, authOptions);
-}
-function withPageAuthRequired(config, options = {}) {
-  const {
-    loginUrl = "/login",
-    returnTo,
-    getServerSideProps: customGetServerSideProps
-  } = options;
-  const authOptions = createAuthOptions(config);
-  return async (ctx) => {
-    const session = await (0, import_next_auth.getServerSession)(ctx.req, ctx.res, authOptions);
-    if (!session) {
-      let destination = loginUrl;
-      if (returnTo !== false) {
-        const returnPath = returnTo || ctx.resolvedUrl;
-        const separator = loginUrl.includes("?") ? "&" : "?";
-        destination = `${loginUrl}${separator}returnTo=${encodeURIComponent(returnPath)}`;
-      }
-      return {
-        redirect: {
-          destination,
-          permanent: false
-        }
+// src/index.ts
+var import_auth = require("@imtbl/auth");
+var NextAuth = import_next_auth.default.default || import_next_auth.default;
+function createImmutableAuth(config, overrides) {
+  const authConfig = createAuthConfig(config);
+  if (!overrides) {
+    return NextAuth(authConfig);
+  }
+  const composedCallbacks = {
+    ...authConfig.callbacks
+  };
+  if (overrides.callbacks) {
+    if (overrides.callbacks.jwt) {
+      const internalJwt = authConfig.callbacks?.jwt;
+      const userJwt = overrides.callbacks.jwt;
+      composedCallbacks.jwt = async (params) => {
+        const token = internalJwt ? await internalJwt(params) : params.token;
+        return userJwt({ ...params, token });
       };
     }
-    if (customGetServerSideProps) {
-      const result = await customGetServerSideProps(ctx, session);
-      if ("redirect" in result || "notFound" in result) {
-        return result;
-      }
-      const userProps = await result.props;
-      return {
-        props: {
-          ...userProps,
-          session
-        }
+    if (overrides.callbacks.session) {
+      const internalSession = authConfig.callbacks?.session;
+      const userSession = overrides.callbacks.session;
+      composedCallbacks.session = async (params) => {
+        const session = internalSession ? await internalSession(params) : params.session;
+        return userSession({ ...params, session });
       };
     }
-    return {
-      props: {
-        session
+    if (overrides.callbacks.signIn) {
+      composedCallbacks.signIn = overrides.callbacks.signIn;
+    }
+    if (overrides.callbacks.redirect) {
+      composedCallbacks.redirect = overrides.callbacks.redirect;
+    }
+  }
+  const mergedConfig = {
+    ...authConfig,
+    ...overrides,
+    callbacks: composedCallbacks
+  };
+  return NextAuth(mergedConfig);
+}
+
+// src/server/index.ts
+function createAuthMiddleware(auth, options = {}) {
+  const { loginUrl = "/login", protectedPaths, publicPaths } = options;
+  return async function middleware(request) {
+    const { pathname } = request.nextUrl;
+    if (publicPaths) {
+      const isPublic = publicPaths.some((pattern) => {
+        if (typeof pattern === "string") {
+          return pathname === pattern || pathname.startsWith(pattern);
+        }
+        return pattern.test(pathname);
+      });
+      if (isPublic) {
+        return import_server.NextResponse.next();
       }
-    };
+    }
+    if (protectedPaths) {
+      const isProtected = protectedPaths.some((pattern) => {
+        if (typeof pattern === "string") {
+          return pathname === pattern || pathname.startsWith(pattern);
+        }
+        return pattern.test(pathname);
+      });
+      if (!isProtected) {
+        return import_server.NextResponse.next();
+      }
+    }
+    const session = await auth();
+    if (!session) {
+      const url = new URL(loginUrl, request.url);
+      const returnTo = request.nextUrl.search ? `${pathname}${request.nextUrl.search}` : pathname;
+      url.searchParams.set("returnTo", returnTo);
+      return import_server.NextResponse.redirect(url);
+    }
+    return import_server.NextResponse.next();
+  };
+}
+function withAuth(auth, handler) {
+  return async (...args) => {
+    const session = await auth();
+    if (!session) {
+      throw new Error("Unauthorized: No active session");
+    }
+    return handler(session, ...args);
   };
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  getImmutableSession,
-  withPageAuthRequired
+  createAuthConfig,
+  createAuthMiddleware,
+  createImmutableAuth,
+  withAuth
 });

package/dist/node/server/index.js

@@ -1,57 +1,58 @@
 import {
-  createAuthOptions
-} from "../chunk-OPPMGNFZ.js";
+  createAuthConfig,
+  createImmutableAuth
+} from "../chunk-BRDI4KXS.js";
 
-// src/server/with-page-auth.ts
-import { getServerSession as nextAuthGetServerSession } from "next-auth";
-async function getImmutableSession(req, res, config) {
-  const authOptions = createAuthOptions(config);
-  return nextAuthGetServerSession(req, res, authOptions);
-}
-function withPageAuthRequired(config, options = {}) {
-  const {
-    loginUrl = "/login",
-    returnTo,
-    getServerSideProps: customGetServerSideProps
-  } = options;
-  const authOptions = createAuthOptions(config);
-  return async (ctx) => {
-    const session = await nextAuthGetServerSession(ctx.req, ctx.res, authOptions);
-    if (!session) {
-      let destination = loginUrl;
-      if (returnTo !== false) {
-        const returnPath = returnTo || ctx.resolvedUrl;
-        const separator = loginUrl.includes("?") ? "&" : "?";
-        destination = `${loginUrl}${separator}returnTo=${encodeURIComponent(returnPath)}`;
-      }
-      return {
-        redirect: {
-          destination,
-          permanent: false
+// src/server/index.ts
+import { NextResponse } from "next/server";
+function createAuthMiddleware(auth, options = {}) {
+  const { loginUrl = "/login", protectedPaths, publicPaths } = options;
+  return async function middleware(request) {
+    const { pathname } = request.nextUrl;
+    if (publicPaths) {
+      const isPublic = publicPaths.some((pattern) => {
+        if (typeof pattern === "string") {
+          return pathname === pattern || pathname.startsWith(pattern);
         }
-      };
-    }
-    if (customGetServerSideProps) {
-      const result = await customGetServerSideProps(ctx, session);
-      if ("redirect" in result || "notFound" in result) {
-        return result;
+        return pattern.test(pathname);
+      });
+      if (isPublic) {
+        return NextResponse.next();
       }
-      const userProps = await result.props;
-      return {
-        props: {
-          ...userProps,
-          session
-        }
-      };
     }
-    return {
-      props: {
-        session
+    if (protectedPaths) {
+      const isProtected = protectedPaths.some((pattern) => {
+        if (typeof pattern === "string") {
+          return pathname === pattern || pathname.startsWith(pattern);
+        }
+        return pattern.test(pathname);
+      });
+      if (!isProtected) {
+        return NextResponse.next();
       }
-    };
+    }
+    const session = await auth();
+    if (!session) {
+      const url = new URL(loginUrl, request.url);
+      const returnTo = request.nextUrl.search ? `${pathname}${request.nextUrl.search}` : pathname;
+      url.searchParams.set("returnTo", returnTo);
+      return NextResponse.redirect(url);
+    }
+    return NextResponse.next();
+  };
+}
+function withAuth(auth, handler) {
+  return async (...args) => {
+    const session = await auth();
+    if (!session) {
+      throw new Error("Unauthorized: No active session");
+    }
+    return handler(session, ...args);
   };
 }
 export {
-  getImmutableSession,
-  withPageAuthRequired
+  createAuthConfig,
+  createAuthMiddleware,
+  createImmutableAuth,
+  withAuth
 };

package/dist/types/client/callback.d.ts

@@ -19,18 +19,23 @@ export interface CallbackPageProps {
     errorComponent?: (error: string) => React.ReactElement | null;
 }
 /**
- * Callback page component for handling OAuth redirects.
+ * Callback page component for handling OAuth redirects (App Router version).
  *
  * Use this in your callback page to process authentication responses.
  *
  * @example
  * ```tsx
- * // pages/callback.tsx
+ * // app/callback/page.tsx
+ * "use client";
  * import { CallbackPage } from "@imtbl/auth-nextjs/client";
- * import { immutableConfig } from "@/lib/auth-nextjs";
+ *
+ * const config = {
+ *   clientId: process.env.NEXT_PUBLIC_IMMUTABLE_CLIENT_ID!,
+ *   redirectUri: `${process.env.NEXT_PUBLIC_BASE_URL}/callback`,
+ * };
  *
  * export default function Callback() {
- *   return <CallbackPage config={immutableConfig} />;
+ *   return <CallbackPage config={config} />;
  * }
  * ```
  */

package/dist/types/client/provider.d.ts

@@ -1,12 +1,13 @@
 import type { ImmutableAuthProviderProps, UseImmutableAuthReturn } from '../types';
 /**
- * Provider component for Immutable authentication with NextAuth
+ * Provider component for Immutable authentication with Auth.js v5
  *
  * Wraps your app to provide authentication state via useImmutableAuth hook.
  *
- * @example
+ * @example App Router (recommended)
  * ```tsx
- * // pages/_app.tsx
+ * // app/providers.tsx
+ * "use client";
  * import { ImmutableAuthProvider } from "@imtbl/auth-nextjs/client";
  *
  * const config = {
@@ -14,13 +15,26 @@ import type { ImmutableAuthProviderProps, UseImmutableAuthReturn } from '../type
  *   redirectUri: `${process.env.NEXT_PUBLIC_BASE_URL}/callback`,
  * };
  *
- * export default function App({ Component, pageProps }: AppProps) {
+ * export function Providers({ children }: { children: React.ReactNode }) {
  *   return (
- *     <ImmutableAuthProvider config={config} session={pageProps.session}>
- *       <Component {...pageProps} />
+ *     <ImmutableAuthProvider config={config}>
+ *       {children}
  *     </ImmutableAuthProvider>
  *   );
  * }
+ *
+ * // app/layout.tsx
+ * import { Providers } from "./providers";
+ *
+ * export default function RootLayout({ children }: { children: React.ReactNode }) {
+ *   return (
+ *     <html>
+ *       <body>
+ *         <Providers>{children}</Providers>
+ *       </body>
+ *     </html>
+ *   );
+ * }
  * ```
  */
 export declare function ImmutableAuthProvider({ children, config, session, basePath, }: ImmutableAuthProviderProps): import("react/jsx-runtime").JSX.Element;