npm - @oauth42/next - Versions diffs - 0.1.0 - Mend

@oauth42/next 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/LICENSE +57 -0
package/README.md +226 -0
package/dist/client/index.d.mts +111 -0
package/dist/client/index.d.ts +111 -0
package/dist/client/index.js +234 -0
package/dist/client/index.js.map +1 -0
package/dist/client/index.mjs +197 -0
package/dist/client/index.mjs.map +1 -0
package/dist/index-xJCMwWtK.d.mts +122 -0
package/dist/index-xJCMwWtK.d.ts +122 -0
package/dist/index.d.mts +44 -0
package/dist/index.d.ts +44 -0
package/dist/index.js +305 -0
package/dist/index.js.map +1 -0
package/dist/index.mjs +260 -0
package/dist/index.mjs.map +1 -0
package/dist/server/index.d.mts +5 -0
package/dist/server/index.d.ts +5 -0
package/dist/server/index.js +316 -0
package/dist/server/index.js.map +1 -0
package/dist/server/index.mjs +269 -0
package/dist/server/index.mjs.map +1 -0
package/package.json +79 -0

package/dist/index-xJCMwWtK.d.ts ADDED Viewed

@@ -0,0 +1,122 @@
+import * as next_auth from 'next-auth';
+import { NextAuthOptions } from 'next-auth';
+import { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';
+import { OAuthUserConfig, OAuthConfig } from 'next-auth/providers/oauth';
+import { NextRequest, NextResponse } from 'next/server';
+interface OAuth42Profile {
+    sub: string;
+    email: string;
+    email_verified?: boolean;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    username?: string;
+    id?: string;
+}
+interface OAuth42ProviderOptions {
+    clientId: string;
+    clientSecret: string;
+    issuer?: string;
+    authorizationUrl?: string;
+    tokenUrl?: string;
+    userinfoUrl?: string;
+    scopes?: string[];
+    pkceEnabled?: boolean;
+}
+declare function OAuth42Provider<P extends OAuth42Profile>(options: OAuthUserConfig<P> & Partial<OAuth42ProviderOptions>): OAuthConfig<P>;
+/**
+ * Get the OAuth42 session server-side
+ *
+ * This is the primary method for retrieving sessions in OAuth42 SDK.
+ * Supports both Pages Router and App Router:
+ *
+ * App Router:
+ * ```ts
+ * const session = await getOAuth42Session(authOptions);
+ * ```
+ *
+ * Pages Router:
+ * ```ts
+ * const session = await getOAuth42Session(req, res, authOptions);
+ * ```
+ */
+declare function getOAuth42Session(...args: [GetServerSidePropsContext['req'], GetServerSidePropsContext['res'], NextAuthOptions] | [NextApiRequest, NextApiResponse, NextAuthOptions] | [NextAuthOptions]): Promise<next_auth.Session | null>;
+/**
+ * Helper for protecting API routes
+ */
+declare function withOAuth42Session(handler: (req: NextApiRequest, res: NextApiResponse, session: any) => Promise<void> | void, authOptions: NextAuthOptions): (req: NextApiRequest, res: NextApiResponse) => Promise<void>;
+/**
+ * Helper for protecting server-side props
+ */
+declare function withOAuth42ServerSideProps(getServerSideProps: (context: GetServerSidePropsContext, session: any) => Promise<any>, authOptions: NextAuthOptions): (context: GetServerSidePropsContext) => Promise<any>;
+interface CreateAuthOptions {
+    clientId?: string;
+    clientSecret?: string;
+    issuer?: string;
+    scopes?: string[];
+    pkceEnabled?: boolean;
+    debug?: boolean;
+    callbacks?: NextAuthOptions['callbacks'];
+    pages?: NextAuthOptions['pages'];
+    session?: NextAuthOptions['session'];
+}
+/**
+ * Create a pre-configured NextAuth instance for OAuth42
+ * This provides a simplified setup with sensible defaults
+ */
+declare function createAuth(options?: CreateAuthOptions): {
+    auth: NextAuthOptions;
+    handlers: any;
+};
+/**
+ * Create NextAuth handlers for API routes
+ */
+declare function createHandlers(authOptions: NextAuthOptions): {
+    GET: any;
+    POST: any;
+};
+/**
+ * Helper to get the current session server-side
+ * @deprecated Use getOAuth42Session instead - this is now just an alias for backward compatibility
+ *
+ * This function is maintained for backward compatibility but internally
+ * calls getOAuth42Session which properly handles both App Router and Pages Router
+ */
+declare const getServerSession: typeof getOAuth42Session;
+/**
+ * Token refresh helper
+ */
+declare function refreshAccessToken(token: any, clientId: string, clientSecret: string, issuer?: string): Promise<any>;
+interface OAuth42AuthOptions {
+    pages?: {
+        signIn?: string;
+        error?: string;
+    };
+    callbacks?: {
+        authorized?: (params: {
+            token: any;
+            req: NextRequest;
+        }) => boolean | Promise<boolean>;
+    };
+    protectedPaths?: string[];
+    publicPaths?: string[];
+}
+/**
+ * Middleware helper for protecting routes with OAuth42
+ */
+declare function withOAuth42Auth(options?: OAuth42AuthOptions): (req: NextRequest) => Promise<NextResponse<unknown>>;
+/**
+ * Helper to create middleware configuration
+ */
+declare function createMiddlewareConfig(protectedPaths?: string[], publicPaths?: string[]): {
+    matcher: string[];
+    protectedPaths: string[];
+    publicPaths: string[];
+};
+export { type CreateAuthOptions as C, OAuth42Provider as O, type OAuth42Profile as a, type OAuth42ProviderOptions as b, createAuth as c, createMiddlewareConfig as d, type OAuth42AuthOptions as e, getOAuth42Session as f, getServerSession as g, withOAuth42Session as h, withOAuth42ServerSideProps as i, createHandlers as j, refreshAccessToken as r, withOAuth42Auth as w };

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,44 @@
+export { C as CreateAuthOptions, e as OAuth42AuthOptions, a as OAuth42Profile, O as OAuth42Provider, b as OAuth42ProviderOptions, c as createAuth, d as createMiddlewareConfig, f as getOAuth42Session, g as getServerSession, r as refreshAccessToken, w as withOAuth42Auth, i as withOAuth42ServerSideProps, h as withOAuth42Session } from './index-xJCMwWtK.mjs';
+import { DefaultSession } from 'next-auth';
+export { Session, User } from 'next-auth';
+import 'next';
+import 'next-auth/providers/oauth';
+import 'next/server';
+declare module 'next-auth' {
+    interface Session extends DefaultSession {
+        accessToken?: string;
+        idToken?: string;
+        user?: {
+            id?: string;
+            email?: string | null;
+            name?: string | null;
+            image?: string | null;
+            username?: string;
+            emailVerified?: boolean;
+        };
+    }
+    interface JWT {
+        accessToken?: string;
+        refreshToken?: string;
+        idToken?: string;
+        expiresAt?: number;
+        username?: string;
+        emailVerified?: boolean;
+        error?: string;
+    }
+}
+interface OAuth42Config {
+    clientId: string;
+    clientSecret?: string;
+    issuer?: string;
+    authorizationUrl?: string;
+    tokenUrl?: string;
+    userinfoUrl?: string;
+    jwksUrl?: string;
+    scopes?: string[];
+    pkceEnabled?: boolean;
+    debug?: boolean;
+}
+export type { OAuth42Config };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,44 @@
+export { C as CreateAuthOptions, e as OAuth42AuthOptions, a as OAuth42Profile, O as OAuth42Provider, b as OAuth42ProviderOptions, c as createAuth, d as createMiddlewareConfig, f as getOAuth42Session, g as getServerSession, r as refreshAccessToken, w as withOAuth42Auth, i as withOAuth42ServerSideProps, h as withOAuth42Session } from './index-xJCMwWtK.js';
+import { DefaultSession } from 'next-auth';
+export { Session, User } from 'next-auth';
+import 'next';
+import 'next-auth/providers/oauth';
+import 'next/server';
+declare module 'next-auth' {
+    interface Session extends DefaultSession {
+        accessToken?: string;
+        idToken?: string;
+        user?: {
+            id?: string;
+            email?: string | null;
+            name?: string | null;
+            image?: string | null;
+            username?: string;
+            emailVerified?: boolean;
+        };
+    }
+    interface JWT {
+        accessToken?: string;
+        refreshToken?: string;
+        idToken?: string;
+        expiresAt?: number;
+        username?: string;
+        emailVerified?: boolean;
+        error?: string;
+    }
+}
+interface OAuth42Config {
+    clientId: string;
+    clientSecret?: string;
+    issuer?: string;
+    authorizationUrl?: string;
+    tokenUrl?: string;
+    userinfoUrl?: string;
+    jwksUrl?: string;
+    scopes?: string[];
+    pkceEnabled?: boolean;
+    debug?: boolean;
+}
+export type { OAuth42Config };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,305 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  OAuth42Provider: () => OAuth42Provider,
+  createAuth: () => createAuth,
+  createMiddlewareConfig: () => createMiddlewareConfig,
+  getOAuth42Session: () => getOAuth42Session,
+  getServerSession: () => getServerSession,
+  refreshAccessToken: () => refreshAccessToken,
+  withOAuth42Auth: () => withOAuth42Auth,
+  withOAuth42ServerSideProps: () => withOAuth42ServerSideProps,
+  withOAuth42Session: () => withOAuth42Session
+});
+module.exports = __toCommonJS(src_exports);
+// src/provider.ts
+function OAuth42Provider(options) {
+  const issuer = options.issuer || process.env.OAUTH42_ISSUER || "https://oauth42.com";
+  const baseUrl = issuer.replace(/\/$/, "");
+  return {
+    id: "oauth42",
+    name: "OAuth42",
+    type: "oauth",
+    version: "2.0",
+    // Use OIDC discovery to automatically find endpoints
+    wellKnown: `${baseUrl}/.well-known/openid-configuration`,
+    // Also set individual endpoints for compatibility
+    authorization: {
+      url: `${baseUrl}/oauth2/authorize`,
+      params: {
+        scope: (options.scopes || ["openid", "profile", "email"]).join(" "),
+        response_type: "code"
+      }
+    },
+    token: `${baseUrl}/oauth2/token`,
+    userinfo: `${baseUrl}/oauth2/userinfo`,
+    client: {
+      id: options.clientId,
+      secret: options.clientSecret,
+      token_endpoint_auth_method: "client_secret_post",
+      id_token_signed_response_alg: "HS256"
+      // OAuth42 uses HS256 for ID tokens
+    },
+    issuer: baseUrl,
+    checks: options.pkceEnabled !== false ? ["pkce", "state"] : ["state"],
+    profile(profile, tokens) {
+      return {
+        id: profile.sub || profile.id || profile.email,
+        email: profile.email,
+        emailVerified: profile.email_verified ? /* @__PURE__ */ new Date() : null,
+        name: profile.name || `${profile.given_name || ""} ${profile.family_name || ""}`.trim(),
+        image: profile.picture
+      };
+    },
+    style: {
+      logo: "/oauth42-logo.svg",
+      bg: "#1e40af",
+      text: "#ffffff"
+    },
+    options
+  };
+}
+// src/server/auth.ts
+var import_next_auth2 = __toESM(require("next-auth"));
+// src/server/session.ts
+var import_next_auth = require("next-auth");
+async function getOAuth42Session(...args) {
+  return (0, import_next_auth.getServerSession)(...args);
+}
+function withOAuth42Session(handler, authOptions) {
+  return async (req, res) => {
+    const session = await getOAuth42Session(req, res, authOptions);
+    if (!session) {
+      return res.status(401).json({ error: "Unauthorized" });
+    }
+    return handler(req, res, session);
+  };
+}
+function withOAuth42ServerSideProps(getServerSideProps, authOptions) {
+  return async (context) => {
+    const session = await getOAuth42Session(
+      context.req,
+      context.res,
+      authOptions
+    );
+    if (!session) {
+      return {
+        redirect: {
+          destination: "/auth/signin",
+          permanent: false
+        }
+      };
+    }
+    return getServerSideProps(context, session);
+  };
+}
+// src/server/auth.ts
+var NextAuth = import_next_auth2.default.default || import_next_auth2.default;
+function createAuth(options = {}) {
+  const clientId = options.clientId || process.env.OAUTH42_CLIENT_ID;
+  const clientSecret = options.clientSecret || process.env.OAUTH42_CLIENT_SECRET;
+  if (!clientId || !clientSecret) {
+    throw new Error(
+      "OAuth42 client credentials are required. Set OAUTH42_CLIENT_ID and OAUTH42_CLIENT_SECRET environment variables or pass them in the options."
+    );
+  }
+  const authOptions = {
+    providers: [
+      OAuth42Provider({
+        clientId,
+        clientSecret,
+        issuer: options.issuer,
+        scopes: options.scopes,
+        pkceEnabled: options.pkceEnabled
+      })
+    ],
+    callbacks: {
+      async jwt({ token, account, profile }) {
+        if (account) {
+          token.accessToken = account.access_token;
+          token.refreshToken = account.refresh_token;
+          token.expiresAt = account.expires_at;
+          token.idToken = account.id_token;
+        }
+        if (profile) {
+          const oauth42Profile = profile;
+          token.email = oauth42Profile.email;
+          token.username = oauth42Profile.username;
+          token.emailVerified = oauth42Profile.email_verified;
+        }
+        if (options.callbacks?.jwt) {
+          return options.callbacks.jwt({ token, account, profile });
+        }
+        return token;
+      },
+      async session({ session, token }) {
+        session.accessToken = token.accessToken;
+        session.idToken = token.idToken;
+        if (session.user) {
+          session.user.email = token.email;
+          session.user.username = token.username;
+          session.user.emailVerified = token.emailVerified;
+        }
+        if (options.callbacks?.session) {
+          return options.callbacks.session({ session, token });
+        }
+        return session;
+      },
+      ...options.callbacks
+    },
+    pages: {
+      signIn: "/auth/signin",
+      signOut: "/auth/signout",
+      error: "/auth/error",
+      ...options.pages
+    },
+    session: {
+      strategy: "jwt",
+      ...options.session
+    },
+    debug: options.debug || process.env.NODE_ENV === "development",
+    secret: process.env.NEXTAUTH_SECRET
+  };
+  return {
+    auth: authOptions,
+    handlers: NextAuth(authOptions)
+  };
+}
+var getServerSession = getOAuth42Session;
+async function refreshAccessToken(token, clientId, clientSecret, issuer) {
+  try {
+    const baseUrl = issuer || process.env.OAUTH42_ISSUER || "https://oauth42.com";
+    const tokenUrl = `${baseUrl}/oauth2/token`;
+    const fetchOptions = {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        grant_type: "refresh_token",
+        refresh_token: token.refreshToken,
+        client_id: clientId,
+        client_secret: clientSecret
+      })
+    };
+    if (process.env.NODE_ENV !== "production" && tokenUrl.startsWith("https://")) {
+      const https = await import("https");
+      fetchOptions.agent = new https.Agent({
+        rejectUnauthorized: false
+      });
+    }
+    const response = await fetch(tokenUrl, fetchOptions);
+    const refreshedTokens = await response.json();
+    if (!response.ok) {
+      throw refreshedTokens;
+    }
+    return {
+      ...token,
+      accessToken: refreshedTokens.access_token,
+      refreshToken: refreshedTokens.refresh_token ?? token.refreshToken,
+      // Store expiration time in seconds (Unix timestamp)
+      expiresAt: Math.floor(Date.now() / 1e3) + (refreshedTokens.expires_in || 3600),
+      // Explicitly remove any error property on successful refresh
+      error: void 0
+    };
+  } catch (error) {
+    console.error("Failed to refresh access token:", error);
+    return {
+      ...token,
+      error: "RefreshAccessTokenError"
+    };
+  }
+}
+// src/server/middleware.ts
+var import_server = require("next/server");
+var import_jwt = require("next-auth/jwt");
+function withOAuth42Auth(options = {}) {
+  return async function middleware(req) {
+    const token = await (0, import_jwt.getToken)({
+      req,
+      secret: process.env.NEXTAUTH_SECRET
+    });
+    const pathname = req.nextUrl.pathname;
+    if (options.publicPaths?.some((path) => pathname.startsWith(path))) {
+      return import_server.NextResponse.next();
+    }
+    const needsProtection = options.protectedPaths ? options.protectedPaths.some((path) => pathname.startsWith(path)) : true;
+    if (!needsProtection) {
+      return import_server.NextResponse.next();
+    }
+    let isAuthorized = !!token;
+    if (options.callbacks?.authorized) {
+      isAuthorized = await options.callbacks.authorized({ token, req });
+    }
+    if (!isAuthorized) {
+      const signInUrl = options.pages?.signIn || "/auth/signin";
+      const url = new URL(signInUrl, req.url);
+      url.searchParams.set("callbackUrl", pathname);
+      return import_server.NextResponse.redirect(url);
+    }
+    return import_server.NextResponse.next();
+  };
+}
+function createMiddlewareConfig(protectedPaths = ["/protected"], publicPaths = ["/auth", "/api/auth"]) {
+  return {
+    matcher: [
+      /*
+       * Match all request paths except for the ones starting with:
+       * - _next/static (static files)
+       * - _next/image (image optimization files)
+       * - favicon.ico (favicon file)
+       * - public folder
+       */
+      "/((?!_next/static|_next/image|favicon.ico|public).*)"
+    ],
+    protectedPaths,
+    publicPaths
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  OAuth42Provider,
+  createAuth,
+  createMiddlewareConfig,
+  getOAuth42Session,
+  getServerSession,
+  refreshAccessToken,
+  withOAuth42Auth,
+  withOAuth42ServerSideProps,
+  withOAuth42Session
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/provider.ts","../src/server/auth.ts","../src/server/session.ts","../src/server/middleware.ts"],"sourcesContent":["// Main exports\nexport { OAuth42Provider } from './provider';\nexport type { OAuth42Profile, OAuth42ProviderOptions } from './provider';\n\n// Server-side exports\nexport { createAuth, getServerSession, refreshAccessToken } from './server/auth';\nexport type { CreateAuthOptions } from './server/auth';\n\nexport { withOAuth42Auth, createMiddlewareConfig } from './server/middleware';\nexport type { OAuth42AuthOptions } from './server/middleware';\n\nexport { getOAuth42Session, withOAuth42Session, withOAuth42ServerSideProps } from './server/session';\n\n// Type exports\nexport type { OAuth42Config } from './types';\n\n// Re-export NextAuth types for convenience\nexport type { Session, User } from 'next-auth';","import type { OAuthConfig, OAuthUserConfig } from 'next-auth/providers/oauth';\n\nexport interface OAuth42Profile {\n sub: string;\n email: string;\n email_verified?: boolean;\n name?: string;\n given_name?: string;\n family_name?: string;\n picture?: string;\n username?: string;\n id?: string;\n}\n\nexport interface OAuth42ProviderOptions {\n clientId: string;\n clientSecret: string;\n issuer?: string;\n authorizationUrl?: string;\n tokenUrl?: string;\n userinfoUrl?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n}\n\nexport function OAuth42Provider<P extends OAuth42Profile>(\n options: OAuthUserConfig<P> & Partial<OAuth42ProviderOptions>\n): OAuthConfig<P> {\n const issuer = options.issuer || process.env.OAUTH42_ISSUER || 'https://oauth42.com';\n const baseUrl = issuer.replace(/\\/$/, '');\n \n return {\n id: 'oauth42',\n name: 'OAuth42',\n type: 'oauth',\n version: '2.0',\n \n // Use OIDC discovery to automatically find endpoints\n wellKnown: `${baseUrl}/.well-known/openid-configuration`,\n \n // Also set individual endpoints for compatibility\n authorization: {\n url: `${baseUrl}/oauth2/authorize`,\n params: {\n scope: (options.scopes || ['openid', 'profile', 'email']).join(' '),\n response_type: 'code',\n },\n },\n token: `${baseUrl}/oauth2/token`,\n userinfo: `${baseUrl}/oauth2/userinfo`,\n \n client: {\n id: options.clientId,\n secret: options.clientSecret,\n token_endpoint_auth_method: 'client_secret_post',\n id_token_signed_response_alg: 'HS256', // OAuth42 uses HS256 for ID tokens\n },\n \n issuer: baseUrl,\n \n checks: options.pkceEnabled !== false ? ['pkce', 'state'] : ['state'],\n \n profile(profile: OAuth42Profile, tokens: any) {\n return {\n id: profile.sub || profile.id || profile.email,\n email: profile.email,\n emailVerified: profile.email_verified ? new Date() : null,\n name: profile.name || `${profile.given_name || ''} ${profile.family_name || ''}`.trim(),\n image: profile.picture,\n };\n },\n \n style: {\n logo: '/oauth42-logo.svg',\n bg: '#1e40af',\n text: '#ffffff',\n },\n \n options,\n };\n}","import NextAuthDefault from 'next-auth';\nimport type { NextAuthOptions } from 'next-auth';\nimport { OAuth42Provider, OAuth42Profile } from '../provider';\nimport { getOAuth42Session } from './session';\n\n// Handle both CommonJS and ESM exports\nconst NextAuth = (NextAuthDefault as any).default || NextAuthDefault;\n\nexport { type NextAuthOptions };\n\nexport interface CreateAuthOptions {\n clientId?: string;\n clientSecret?: string;\n issuer?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n debug?: boolean;\n callbacks?: NextAuthOptions['callbacks'];\n pages?: NextAuthOptions['pages'];\n session?: NextAuthOptions['session'];\n}\n\n/**\n * Create a pre-configured NextAuth instance for OAuth42\n * This provides a simplified setup with sensible defaults\n */\nexport function createAuth(options: CreateAuthOptions = {}) {\n const clientId = options.clientId || process.env.OAUTH42_CLIENT_ID;\n const clientSecret = options.clientSecret || process.env.OAUTH42_CLIENT_SECRET;\n \n if (!clientId || !clientSecret) {\n throw new Error(\n 'OAuth42 client credentials are required. ' +\n 'Set OAUTH42_CLIENT_ID and OAUTH42_CLIENT_SECRET environment variables ' +\n 'or pass them in the options.'\n );\n }\n \n const authOptions: NextAuthOptions = {\n providers: [\n OAuth42Provider({\n clientId,\n clientSecret,\n issuer: options.issuer,\n scopes: options.scopes,\n pkceEnabled: options.pkceEnabled,\n }),\n ],\n \n callbacks: {\n async jwt({ token, account, profile }) {\n // Store OAuth tokens in the JWT\n if (account) {\n token.accessToken = account.access_token;\n token.refreshToken = account.refresh_token;\n token.expiresAt = account.expires_at;\n token.idToken = account.id_token;\n }\n \n // Add user profile data\n if (profile) {\n const oauth42Profile = profile as OAuth42Profile;\n token.email = oauth42Profile.email;\n token.username = oauth42Profile.username;\n token.emailVerified = oauth42Profile.email_verified;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.jwt) {\n return options.callbacks.jwt({ token, account, profile } as any);\n }\n \n return token;\n },\n \n async session({ session, token }) {\n // Add OAuth42-specific data to session\n session.accessToken = token.accessToken as string;\n session.idToken = token.idToken as string;\n \n if (session.user) {\n session.user.email = token.email as string;\n session.user.username = token.username as string;\n session.user.emailVerified = token.emailVerified as boolean;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.session) {\n return options.callbacks.session({ session, token } as any);\n }\n \n return session;\n },\n \n ...options.callbacks,\n },\n \n pages: {\n signIn: '/auth/signin',\n signOut: '/auth/signout',\n error: '/auth/error',\n ...options.pages,\n },\n \n session: {\n strategy: 'jwt',\n ...options.session,\n },\n \n debug: options.debug || process.env.NODE_ENV === 'development',\n \n secret: process.env.NEXTAUTH_SECRET,\n };\n \n // Return the configuration and a function to create handlers\n return {\n auth: authOptions,\n handlers: NextAuth(authOptions),\n };\n}\n\n/**\n * Create NextAuth handlers for API routes\n */\nexport function createHandlers(authOptions: NextAuthOptions) {\n const handler = NextAuth(authOptions);\n return { GET: handler, POST: handler };\n}\n\n/**\n * Helper to get the current session server-side\n * @deprecated Use getOAuth42Session instead - this is now just an alias for backward compatibility\n * \n * This function is maintained for backward compatibility but internally\n * calls getOAuth42Session which properly handles both App Router and Pages Router\n */\nexport const getServerSession = getOAuth42Session;\n\n/**\n * Token refresh helper\n */\nexport async function refreshAccessToken(token: any, clientId: string, clientSecret: string, issuer?: string) {\n try {\n const baseUrl = issuer || process.env.OAUTH42_ISSUER || 'https://oauth42.com';\n const tokenUrl = `${baseUrl}/oauth2/token`;\n \n // In development, we need to handle self-signed certificates\n const fetchOptions: any = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: token.refreshToken,\n client_id: clientId,\n client_secret: clientSecret,\n }),\n };\n \n // Add agent for self-signed certificates in development\n if (process.env.NODE_ENV !== 'production' && tokenUrl.startsWith('https://')) {\n const https = await import('https');\n fetchOptions.agent = new https.Agent({\n rejectUnauthorized: false\n });\n }\n \n const response = await fetch(tokenUrl, fetchOptions);\n const refreshedTokens = await response.json();\n \n if (!response.ok) {\n throw refreshedTokens;\n }\n \n return {\n ...token,\n accessToken: refreshedTokens.access_token,\n refreshToken: refreshedTokens.refresh_token ?? token.refreshToken,\n // Store expiration time in seconds (Unix timestamp)\n expiresAt: Math.floor(Date.now() / 1000) + (refreshedTokens.expires_in || 3600),\n // Explicitly remove any error property on successful refresh\n error: undefined,\n };\n } catch (error) {\n console.error('Failed to refresh access token:', error);\n return {\n ...token,\n error: 'RefreshAccessTokenError',\n };\n }\n}","import { getServerSession as getNextAuthSession } from 'next-auth';\nimport { NextAuthOptions } from 'next-auth';\nimport { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';\n\n/**\n * Get the OAuth42 session server-side\n * \n * This is the primary method for retrieving sessions in OAuth42 SDK.\n * Supports both Pages Router and App Router:\n * \n * App Router:\n * ```ts\n * const session = await getOAuth42Session(authOptions);\n * ```\n * \n * Pages Router:\n * ```ts\n * const session = await getOAuth42Session(req, res, authOptions);\n * ```\n */\nexport async function getOAuth42Session(\n ...args: \n | [GetServerSidePropsContext['req'], GetServerSidePropsContext['res'], NextAuthOptions]\n | [NextApiRequest, NextApiResponse, NextAuthOptions]\n | [NextAuthOptions]\n) {\n return getNextAuthSession(...args as any);\n}\n\n/**\n * Helper for protecting API routes\n */\nexport function withOAuth42Session(\n handler: (req: NextApiRequest, res: NextApiResponse, session: any) => Promise<void> | void,\n authOptions: NextAuthOptions\n) {\n return async (req: NextApiRequest, res: NextApiResponse) => {\n const session = await getOAuth42Session(req, res, authOptions);\n \n if (!session) {\n return res.status(401).json({ error: 'Unauthorized' });\n }\n \n return handler(req, res, session);\n };\n}\n\n/**\n * Helper for protecting server-side props\n */\nexport function withOAuth42ServerSideProps(\n getServerSideProps: (\n context: GetServerSidePropsContext,\n session: any\n ) => Promise<any>,\n authOptions: NextAuthOptions\n) {\n return async (context: GetServerSidePropsContext) => {\n const session = await getOAuth42Session(\n context.req,\n context.res,\n authOptions\n );\n \n if (!session) {\n return {\n redirect: {\n destination: '/auth/signin',\n permanent: false,\n },\n };\n }\n \n return getServerSideProps(context, session);\n };\n}","import { NextRequest, NextResponse } from 'next/server';\nimport { getToken } from 'next-auth/jwt';\n\nexport interface OAuth42AuthOptions {\n pages?: {\n signIn?: string;\n error?: string;\n };\n callbacks?: {\n authorized?: (params: { token: any; req: NextRequest }) => boolean | Promise<boolean>;\n };\n protectedPaths?: string[];\n publicPaths?: string[];\n}\n\n/**\n * Middleware helper for protecting routes with OAuth42\n */\nexport function withOAuth42Auth(options: OAuth42AuthOptions = {}) {\n return async function middleware(req: NextRequest) {\n const token = await getToken({ \n req: req as any, \n secret: process.env.NEXTAUTH_SECRET \n });\n \n const pathname = req.nextUrl.pathname;\n \n // Check if path is explicitly public\n if (options.publicPaths?.some(path => pathname.startsWith(path))) {\n return NextResponse.next();\n }\n \n // Check if path needs protection\n const needsProtection = options.protectedPaths\n ? options.protectedPaths.some(path => pathname.startsWith(path))\n : true; // Default to protecting all paths\n \n if (!needsProtection) {\n return NextResponse.next();\n }\n \n // Check authorization\n let isAuthorized = !!token;\n \n if (options.callbacks?.authorized) {\n isAuthorized = await options.callbacks.authorized({ token, req });\n }\n \n if (!isAuthorized) {\n const signInUrl = options.pages?.signIn || '/auth/signin';\n const url = new URL(signInUrl, req.url);\n url.searchParams.set('callbackUrl', pathname);\n return NextResponse.redirect(url);\n }\n \n return NextResponse.next();\n };\n}\n\n/**\n * Helper to create middleware configuration\n */\nexport function createMiddlewareConfig(\n protectedPaths: string[] = ['/protected'],\n publicPaths: string[] = ['/auth', '/api/auth']\n) {\n return {\n matcher: [\n /*\n * Match all request paths except for the ones starting with:\n * - _next/static (static files)\n * - _next/image (image optimization files)\n * - favicon.ico (favicon file)\n * - public folder\n */\n '/((?!_next/static|_next/image|favicon.ico|public).*)',\n ],\n protectedPaths,\n publicPaths,\n };\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACyBO,SAAS,gBACd,SACgB;AAChB,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,kBAAkB;AAC/D,QAAM,UAAU,OAAO,QAAQ,OAAO,EAAE;AAExC,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA;AAAA,IAGT,WAAW,GAAG,OAAO;AAAA;AAAA,IAGrB,eAAe;AAAA,MACb,KAAK,GAAG,OAAO;AAAA,MACf,QAAQ;AAAA,QACN,QAAQ,QAAQ,UAAU,CAAC,UAAU,WAAW,OAAO,GAAG,KAAK,GAAG;AAAA,QAClE,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,IACA,OAAO,GAAG,OAAO;AAAA,IACjB,UAAU,GAAG,OAAO;AAAA,IAEpB,QAAQ;AAAA,MACN,IAAI,QAAQ;AAAA,MACZ,QAAQ,QAAQ;AAAA,MAChB,4BAA4B;AAAA,MAC5B,8BAA8B;AAAA;AAAA,IAChC;AAAA,IAEA,QAAQ;AAAA,IAER,QAAQ,QAAQ,gBAAgB,QAAQ,CAAC,QAAQ,OAAO,IAAI,CAAC,OAAO;AAAA,IAEpE,QAAQ,SAAyB,QAAa;AAC5C,aAAO;AAAA,QACL,IAAI,QAAQ,OAAO,QAAQ,MAAM,QAAQ;AAAA,QACzC,OAAO,QAAQ;AAAA,QACf,eAAe,QAAQ,iBAAiB,oBAAI,KAAK,IAAI;AAAA,QACrD,MAAM,QAAQ,QAAQ,GAAG,QAAQ,cAAc,EAAE,IAAI,QAAQ,eAAe,EAAE,GAAG,KAAK;AAAA,QACtF,OAAO,QAAQ;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,IAAI;AAAA,MACJ,MAAM;AAAA,IACR;AAAA,IAEA;AAAA,EACF;AACF;;;AChFA,IAAAA,oBAA4B;;;ACA5B,uBAAuD;AAoBvD,eAAsB,qBACjB,MAIH;AACA,aAAO,iBAAAC,kBAAmB,GAAG,IAAW;AAC1C;AAKO,SAAS,mBACd,SACA,aACA;AACA,SAAO,OAAO,KAAqB,QAAyB;AAC1D,UAAM,UAAU,MAAM,kBAAkB,KAAK,KAAK,WAAW;AAE7D,QAAI,CAAC,SAAS;AACZ,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,IACvD;AAEA,WAAO,QAAQ,KAAK,KAAK,OAAO;AAAA,EAClC;AACF;AAKO,SAAS,2BACd,oBAIA,aACA;AACA,SAAO,OAAO,YAAuC;AACnD,UAAM,UAAU,MAAM;AAAA,MACpB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF;AAEA,WAAO,mBAAmB,SAAS,OAAO;AAAA,EAC5C;AACF;;;ADrEA,IAAM,WAAY,kBAAAC,QAAwB,WAAW,kBAAAA;AAoB9C,SAAS,WAAW,UAA6B,CAAC,GAAG;AAC1D,QAAM,WAAW,QAAQ,YAAY,QAAQ,IAAI;AACjD,QAAM,eAAe,QAAQ,gBAAgB,QAAQ,IAAI;AAEzD,MAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,UAAM,IAAI;AAAA,MACR;AAAA,IAGF;AAAA,EACF;AAEA,QAAM,cAA+B;AAAA,IACnC,WAAW;AAAA,MACT,gBAAgB;AAAA,QACd;AAAA,QACA;AAAA,QACA,QAAQ,QAAQ;AAAA,QAChB,QAAQ,QAAQ;AAAA,QAChB,aAAa,QAAQ;AAAA,MACvB,CAAC;AAAA,IACH;AAAA,IAEA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,SAAS,QAAQ,GAAG;AAErC,YAAI,SAAS;AACX,gBAAM,cAAc,QAAQ;AAC5B,gBAAM,eAAe,QAAQ;AAC7B,gBAAM,YAAY,QAAQ;AAC1B,gBAAM,UAAU,QAAQ;AAAA,QAC1B;AAGA,YAAI,SAAS;AACX,gBAAM,iBAAiB;AACvB,gBAAM,QAAQ,eAAe;AAC7B,gBAAM,WAAW,eAAe;AAChC,gBAAM,gBAAgB,eAAe;AAAA,QACvC;AAGA,YAAI,QAAQ,WAAW,KAAK;AAC1B,iBAAO,QAAQ,UAAU,IAAI,EAAE,OAAO,SAAS,QAAQ,CAAQ;AAAA,QACjE;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAEhC,gBAAQ,cAAc,MAAM;AAC5B,gBAAQ,UAAU,MAAM;AAExB,YAAI,QAAQ,MAAM;AAChB,kBAAQ,KAAK,QAAQ,MAAM;AAC3B,kBAAQ,KAAK,WAAW,MAAM;AAC9B,kBAAQ,KAAK,gBAAgB,MAAM;AAAA,QACrC;AAGA,YAAI,QAAQ,WAAW,SAAS;AAC9B,iBAAO,QAAQ,UAAU,QAAQ,EAAE,SAAS,MAAM,CAAQ;AAAA,QAC5D;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAO;AAAA,MACP,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,SAAS;AAAA,MACP,UAAU;AAAA,MACV,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAAA,IAEjD,QAAQ,QAAQ,IAAI;AAAA,EACtB;AAGA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,SAAS,WAAW;AAAA,EAChC;AACF;AAiBO,IAAM,mBAAmB;AAKhC,eAAsB,mBAAmB,OAAY,UAAkB,cAAsB,QAAiB;AAC5G,MAAI;AACF,UAAM,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AACxD,UAAM,WAAW,GAAG,OAAO;AAG3B,UAAM,eAAoB;AAAA,MACxB,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,IAAI,gBAAgB;AAAA,QACxB,YAAY;AAAA,QACZ,eAAe,MAAM;AAAA,QACrB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAAA,IACH;AAGA,QAAI,QAAQ,IAAI,aAAa,gBAAgB,SAAS,WAAW,UAAU,GAAG;AAC5E,YAAM,QAAQ,MAAM,OAAO,OAAO;AAClC,mBAAa,QAAQ,IAAI,MAAM,MAAM;AAAA,QACnC,oBAAoB;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,UAAM,WAAW,MAAM,MAAM,UAAU,YAAY;AACnD,UAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,MACL,GAAG;AAAA,MACH,aAAa,gBAAgB;AAAA,MAC7B,cAAc,gBAAgB,iBAAiB,MAAM;AAAA;AAAA,MAErD,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,gBAAgB,cAAc;AAAA;AAAA,MAE1E,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,mCAAmC,KAAK;AACtD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AE/LA,oBAA0C;AAC1C,iBAAyB;AAiBlB,SAAS,gBAAgB,UAA8B,CAAC,GAAG;AAChE,SAAO,eAAe,WAAW,KAAkB;AACjD,UAAM,QAAQ,UAAM,qBAAS;AAAA,MAC3B;AAAA,MACA,QAAQ,QAAQ,IAAI;AAAA,IACtB,CAAC;AAED,UAAM,WAAW,IAAI,QAAQ;AAG7B,QAAI,QAAQ,aAAa,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,GAAG;AAChE,aAAO,2BAAa,KAAK;AAAA,IAC3B;AAGA,UAAM,kBAAkB,QAAQ,iBAC5B,QAAQ,eAAe,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,IAC7D;AAEJ,QAAI,CAAC,iBAAiB;AACpB,aAAO,2BAAa,KAAK;AAAA,IAC3B;AAGA,QAAI,eAAe,CAAC,CAAC;AAErB,QAAI,QAAQ,WAAW,YAAY;AACjC,qBAAe,MAAM,QAAQ,UAAU,WAAW,EAAE,OAAO,IAAI,CAAC;AAAA,IAClE;AAEA,QAAI,CAAC,cAAc;AACjB,YAAM,YAAY,QAAQ,OAAO,UAAU;AAC3C,YAAM,MAAM,IAAI,IAAI,WAAW,IAAI,GAAG;AACtC,UAAI,aAAa,IAAI,eAAe,QAAQ;AAC5C,aAAO,2BAAa,SAAS,GAAG;AAAA,IAClC;AAEA,WAAO,2BAAa,KAAK;AAAA,EAC3B;AACF;AAKO,SAAS,uBACd,iBAA2B,CAAC,YAAY,GACxC,cAAwB,CAAC,SAAS,WAAW,GAC7C;AACA,SAAO;AAAA,IACL,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAQP;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["import_next_auth","getNextAuthSession","NextAuthDefault"]}