npm - @oauth42/next - Versions diffs - 0.2.1 → 0.2.3 - Mend

@oauth42/next 0.2.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.d.mts +2 -2
package/dist/index.d.ts +2 -2
package/dist/server/index.d.mts +55 -3
package/dist/server/index.d.ts +55 -3
package/dist/server/index.js +101 -2
package/dist/server/index.js.map +1 -1
package/dist/server/index.mjs +100 -2
package/dist/server/index.mjs.map +1 -1
package/package.json +1 -1
package/dist/{index-xJCMwWtK.d.mts → middleware-B8dYrjZ1.d.mts} +1 -1
package/dist/{index-xJCMwWtK.d.ts → middleware-B8dYrjZ1.d.ts} +1 -1

package/dist/index.d.mts CHANGED Viewed

@@ -1,8 +1,8 @@
-export { C as CreateAuthOptions, e as OAuth42AuthOptions, a as OAuth42Profile, O as OAuth42Provider, b as OAuth42ProviderOptions, c as createAuth, d as createMiddlewareConfig, f as getOAuth42Session, g as getServerSession, r as refreshAccessToken, w as withOAuth42Auth, i as withOAuth42ServerSideProps, h as withOAuth42Session } from './index-xJCMwWtK.mjs';
+export { C as CreateAuthOptions, e as OAuth42AuthOptions, a as OAuth42Profile, O as OAuth42Provider, b as OAuth42ProviderOptions, c as createAuth, d as createMiddlewareConfig, f as getOAuth42Session, g as getServerSession, r as refreshAccessToken, w as withOAuth42Auth, i as withOAuth42ServerSideProps, h as withOAuth42Session } from './middleware-B8dYrjZ1.mjs';
 import { DefaultSession } from 'next-auth';
 export { Session, User } from 'next-auth';
-import 'next';
 import 'next-auth/providers/oauth';
+import 'next';
 import 'next/server';
 declare module 'next-auth' {

package/dist/index.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
-export { C as CreateAuthOptions, e as OAuth42AuthOptions, a as OAuth42Profile, O as OAuth42Provider, b as OAuth42ProviderOptions, c as createAuth, d as createMiddlewareConfig, f as getOAuth42Session, g as getServerSession, r as refreshAccessToken, w as withOAuth42Auth, i as withOAuth42ServerSideProps, h as withOAuth42Session } from './index-xJCMwWtK.js';
+export { C as CreateAuthOptions, e as OAuth42AuthOptions, a as OAuth42Profile, O as OAuth42Provider, b as OAuth42ProviderOptions, c as createAuth, d as createMiddlewareConfig, f as getOAuth42Session, g as getServerSession, r as refreshAccessToken, w as withOAuth42Auth, i as withOAuth42ServerSideProps, h as withOAuth42Session } from './middleware-B8dYrjZ1.js';
 import { DefaultSession } from 'next-auth';
 export { Session, User } from 'next-auth';
-import 'next';
 import 'next-auth/providers/oauth';
+import 'next';
 import 'next/server';
 declare module 'next-auth' {

package/dist/server/index.d.mts CHANGED Viewed

@@ -1,5 +1,57 @@
-export { C as CreateAuthOptions, e as OAuth42AuthOptions, O as OAuth42Provider, c as createAuth, j as createHandlers, d as createMiddlewareConfig, f as getOAuth42Session, g as getServerSession, r as refreshAccessToken, w as withOAuth42Auth, i as withOAuth42ServerSideProps, h as withOAuth42Session } from '../index-xJCMwWtK.mjs';
+export { C as CreateAuthOptions, e as OAuth42AuthOptions, O as OAuth42Provider, c as createAuth, j as createHandlers, d as createMiddlewareConfig, f as getOAuth42Session, g as getServerSession, r as refreshAccessToken, w as withOAuth42Auth, i as withOAuth42ServerSideProps, h as withOAuth42Session } from '../middleware-B8dYrjZ1.mjs';
 export { default as NextAuth, NextAuthOptions } from 'next-auth';
-import 'next';
+import { NextRequest, NextResponse } from 'next/server';
 import 'next-auth/providers/oauth';
-import 'next/server';
+import 'next';
+interface HostedAuthCallbackOptions {
+    /**
+     * OAuth42 issuer URL (e.g., 'https://api.oauth42.com' or 'https://localhost:8443')
+     */
+    issuer?: string;
+    /**
+     * OAuth2 client ID
+     */
+    clientId?: string;
+    /**
+     * OAuth2 client secret
+     */
+    clientSecret?: string;
+    /**
+     * Application base URL (e.g., 'http://localhost:3000')
+     */
+    baseUrl?: string;
+    /**
+     * NextAuth secret for JWT encoding
+     */
+    nextAuthSecret?: string;
+    /**
+     * URL to redirect to after successful authentication
+     * @default '/dashboard'
+     */
+    redirectUrl?: string;
+    /**
+     * URL to redirect to on error
+     * @default '/'
+     */
+    errorUrl?: string;
+}
+/**
+ * Creates a handler for OAuth42 hosted auth callback that integrates with NextAuth.
+ *
+ * This function handles the OAuth callback, exchanges the authorization code for tokens,
+ * fetches user info, and creates a NextAuth-compatible session cookie.
+ *
+ * @example
+ * ```typescript
+ * // app/api/oauth/callback/route.ts
+ * import { createHostedAuthCallback } from '@oauth42/next/server';
+ *
+ * export const GET = createHostedAuthCallback({
+ *   redirectUrl: '/dashboard',
+ * });
+ * ```
+ */
+declare function createHostedAuthCallback(options?: HostedAuthCallbackOptions): (request: NextRequest) => Promise<NextResponse<unknown>>;
+export { type HostedAuthCallbackOptions, createHostedAuthCallback };

package/dist/server/index.d.ts CHANGED Viewed

@@ -1,5 +1,57 @@
-export { C as CreateAuthOptions, e as OAuth42AuthOptions, O as OAuth42Provider, c as createAuth, j as createHandlers, d as createMiddlewareConfig, f as getOAuth42Session, g as getServerSession, r as refreshAccessToken, w as withOAuth42Auth, i as withOAuth42ServerSideProps, h as withOAuth42Session } from '../index-xJCMwWtK.js';
+export { C as CreateAuthOptions, e as OAuth42AuthOptions, O as OAuth42Provider, c as createAuth, j as createHandlers, d as createMiddlewareConfig, f as getOAuth42Session, g as getServerSession, r as refreshAccessToken, w as withOAuth42Auth, i as withOAuth42ServerSideProps, h as withOAuth42Session } from '../middleware-B8dYrjZ1.js';
 export { default as NextAuth, NextAuthOptions } from 'next-auth';
-import 'next';
+import { NextRequest, NextResponse } from 'next/server';
 import 'next-auth/providers/oauth';
-import 'next/server';
+import 'next';
+interface HostedAuthCallbackOptions {
+    /**
+     * OAuth42 issuer URL (e.g., 'https://api.oauth42.com' or 'https://localhost:8443')
+     */
+    issuer?: string;
+    /**
+     * OAuth2 client ID
+     */
+    clientId?: string;
+    /**
+     * OAuth2 client secret
+     */
+    clientSecret?: string;
+    /**
+     * Application base URL (e.g., 'http://localhost:3000')
+     */
+    baseUrl?: string;
+    /**
+     * NextAuth secret for JWT encoding
+     */
+    nextAuthSecret?: string;
+    /**
+     * URL to redirect to after successful authentication
+     * @default '/dashboard'
+     */
+    redirectUrl?: string;
+    /**
+     * URL to redirect to on error
+     * @default '/'
+     */
+    errorUrl?: string;
+}
+/**
+ * Creates a handler for OAuth42 hosted auth callback that integrates with NextAuth.
+ *
+ * This function handles the OAuth callback, exchanges the authorization code for tokens,
+ * fetches user info, and creates a NextAuth-compatible session cookie.
+ *
+ * @example
+ * ```typescript
+ * // app/api/oauth/callback/route.ts
+ * import { createHostedAuthCallback } from '@oauth42/next/server';
+ *
+ * export const GET = createHostedAuthCallback({
+ *   redirectUrl: '/dashboard',
+ * });
+ * ```
+ */
+declare function createHostedAuthCallback(options?: HostedAuthCallbackOptions): (request: NextRequest) => Promise<NextResponse<unknown>>;
+export { type HostedAuthCallbackOptions, createHostedAuthCallback };

package/dist/server/index.js CHANGED Viewed

@@ -34,6 +34,7 @@ __export(server_exports, {
   OAuth42Provider: () => OAuth42Provider,
   createAuth: () => createAuth,
   createHandlers: () => createHandlers,
+  createHostedAuthCallback: () => createHostedAuthCallback,
   createMiddlewareConfig: () => createMiddlewareConfig,
   getOAuth42Session: () => getOAuth42Session,
   getServerSession: () => getServerSession,
@@ -222,8 +223,8 @@ async function refreshAccessToken(token, clientId, clientSecret, issuer) {
       })
     };
     if (process.env.NODE_ENV !== "production" && tokenUrl.startsWith("https://")) {
-      const https = await import("https");
-      fetchOptions.agent = new https.Agent({
+      const https2 = await import("https");
+      fetchOptions.agent = new https2.Agent({
         rejectUnauthorized: false
       });
     }
@@ -299,12 +300,110 @@ function createMiddlewareConfig(protectedPaths = ["/protected"], publicPaths = [
     publicPaths
   };
 }
+// src/server/hosted-auth-callback.ts
+var import_server2 = require("next/server");
+var import_https = __toESM(require("https"));
+var import_jwt2 = require("next-auth/jwt");
+function createHostedAuthCallback(options = {}) {
+  return async function GET(request) {
+    const {
+      issuer = process.env.OAUTH42_ISSUER || "https://api.oauth42.com",
+      clientId = process.env.OAUTH42_CLIENT_ID,
+      clientSecret = process.env.OAUTH42_CLIENT_SECRET,
+      baseUrl = process.env.NEXTAUTH_URL,
+      nextAuthSecret = process.env.NEXTAUTH_SECRET,
+      redirectUrl = "/dashboard",
+      errorUrl = "/"
+    } = options;
+    if (!clientId || !clientSecret) {
+      console.error("OAuth42 client credentials are required");
+      return import_server2.NextResponse.redirect(new URL(`${errorUrl}?error=missing_credentials`, request.url));
+    }
+    if (!nextAuthSecret) {
+      console.error("NEXTAUTH_SECRET is required");
+      return import_server2.NextResponse.redirect(new URL(`${errorUrl}?error=missing_secret`, request.url));
+    }
+    const searchParams = request.nextUrl.searchParams;
+    const code = searchParams.get("code");
+    if (!code) {
+      return import_server2.NextResponse.redirect(new URL(`${errorUrl}?error=missing_code`, request.url));
+    }
+    try {
+      const tokenEndpoint = `${issuer}/oauth2/token`;
+      const body = new URLSearchParams({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: `${baseUrl}/api/oauth/callback`,
+        client_id: clientId,
+        client_secret: clientSecret
+      });
+      const fetchOptions = {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: body.toString()
+      };
+      if (process.env.NODE_ENV !== "production") {
+        const agent = new import_https.default.Agent({
+          rejectUnauthorized: false
+        });
+        fetchOptions.agent = agent;
+      }
+      const tokenResponse = await fetch(tokenEndpoint, fetchOptions);
+      const tokens = await tokenResponse.json();
+      if (!tokenResponse.ok) {
+        console.error("Token exchange failed:", tokens);
+        return import_server2.NextResponse.redirect(new URL(`${errorUrl}?error=token_exchange_failed`, request.url));
+      }
+      const userInfoEndpoint = `${issuer}/oauth2/userinfo`;
+      const userInfoResponse = await fetch(userInfoEndpoint, {
+        headers: {
+          "Authorization": `Bearer ${tokens.access_token}`
+        },
+        ...process.env.NODE_ENV !== "production" ? {
+          agent: new import_https.default.Agent({ rejectUnauthorized: false })
+        } : {}
+      });
+      const userInfo = await userInfoResponse.json();
+      const sessionToken = await (0, import_jwt2.encode)({
+        token: {
+          accessToken: tokens.access_token,
+          refreshToken: tokens.refresh_token,
+          expiresAt: Math.floor(Date.now() / 1e3) + (tokens.expires_in || 3600),
+          idToken: tokens.id_token,
+          email: userInfo.email,
+          username: userInfo.username,
+          name: userInfo.name,
+          sub: userInfo.sub
+        },
+        secret: nextAuthSecret
+      });
+      const redirectResponse = import_server2.NextResponse.redirect(new URL(redirectUrl, request.url));
+      const cookieName = process.env.NODE_ENV === "production" ? "__Secure-next-auth.session-token" : "next-auth.session-token";
+      redirectResponse.cookies.set(cookieName, sessionToken, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        maxAge: 60 * 60 * 24 * 30,
+        // 30 days
+        path: "/"
+      });
+      return redirectResponse;
+    } catch (error) {
+      console.error("OAuth callback error:", error);
+      return import_server2.NextResponse.redirect(new URL(`${errorUrl}?error=callback_failed`, request.url));
+    }
+  };
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   NextAuth,
   OAuth42Provider,
   createAuth,
   createHandlers,
+  createHostedAuthCallback,
   createMiddlewareConfig,
   getOAuth42Session,
   getServerSession,

package/dist/server/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/server/index.ts","../../src/server/auth.ts","../../src/provider.ts","../../src/server/session.ts","../../src/server/middleware.ts"],"sourcesContent":["// Server-side exports\nexport { createAuth, createHandlers, getServerSession, refreshAccessToken } from './auth';\nexport type { CreateAuthOptions, NextAuthOptions } from './auth';\n\n// Re-export NextAuth from next-auth\nexport { default as NextAuth } from 'next-auth';\n\n// Re-export OAuth42Provider\nexport { OAuth42Provider } from '../provider';\n\nexport { withOAuth42Auth, createMiddlewareConfig } from './middleware';\nexport type { OAuth42AuthOptions } from './middleware';\n\nexport { getOAuth42Session, withOAuth42Session, withOAuth42ServerSideProps } from './session';","import NextAuthDefault from 'next-auth';\nimport type { NextAuthOptions } from 'next-auth';\nimport { OAuth42Provider, OAuth42Profile } from '../provider';\nimport { getOAuth42Session } from './session';\n\n// Handle both CommonJS and ESM exports\nconst NextAuth = (NextAuthDefault as any).default \|\| NextAuthDefault;\n\nexport { type NextAuthOptions };\n\nexport interface CreateAuthOptions {\n clientId?: string;\n clientSecret?: string;\n issuer?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n debug?: boolean;\n callbacks?: NextAuthOptions['callbacks'];\n pages?: NextAuthOptions['pages'];\n session?: NextAuthOptions['session'];\n}\n\n/*\n Create a pre-configured NextAuth instance for OAuth42\n * This provides a simplified setup with sensible defaults\n /\nexport function createAuth(options: CreateAuthOptions = {}) {\n const clientId = options.clientId \|\| process.env.OAUTH42_CLIENT_ID;\n const clientSecret = options.clientSecret \|\| process.env.OAUTH42_CLIENT_SECRET;\n \n if (!clientId \|\| !clientSecret) {\n throw new Error(\n 'OAuth42 client credentials are required. ' +\n 'Set OAUTH42_CLIENT_ID and OAUTH42_CLIENT_SECRET environment variables ' +\n 'or pass them in the options.'\n );\n }\n \n const authOptions: NextAuthOptions = {\n providers: [\n OAuth42Provider({\n clientId,\n clientSecret,\n issuer: options.issuer,\n scopes: options.scopes,\n pkceEnabled: options.pkceEnabled,\n }),\n ],\n \n callbacks: {\n async jwt({ token, account, profile }) {\n // Store OAuth tokens in the JWT\n if (account) {\n token.accessToken = account.access_token;\n token.refreshToken = account.refresh_token;\n token.expiresAt = account.expires_at;\n token.idToken = account.id_token;\n }\n \n // Add user profile data\n if (profile) {\n const oauth42Profile = profile as OAuth42Profile;\n token.email = oauth42Profile.email;\n token.username = oauth42Profile.username;\n token.emailVerified = oauth42Profile.email_verified;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.jwt) {\n return options.callbacks.jwt({ token, account, profile } as any);\n }\n \n return token;\n },\n \n async session({ session, token }) {\n // Add OAuth42-specific data to session\n session.accessToken = token.accessToken as string;\n session.idToken = token.idToken as string;\n \n if (session.user) {\n session.user.email = token.email as string;\n session.user.username = token.username as string;\n session.user.emailVerified = token.emailVerified as boolean;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.session) {\n return options.callbacks.session({ session, token } as any);\n }\n \n return session;\n },\n \n ...options.callbacks,\n },\n \n pages: {\n signIn: '/auth/signin',\n signOut: '/auth/signout',\n error: '/auth/error',\n ...options.pages,\n },\n \n session: {\n strategy: 'jwt',\n ...options.session,\n },\n \n debug: options.debug \|\| process.env.NODE_ENV === 'development',\n \n secret: process.env.NEXTAUTH_SECRET,\n };\n \n // Return the configuration and a function to create handlers\n return {\n auth: authOptions,\n handlers: NextAuth(authOptions),\n };\n}\n\n/\n Create NextAuth handlers for API routes\n /\nexport function createHandlers(authOptions: NextAuthOptions) {\n const handler = NextAuth(authOptions);\n return { GET: handler, POST: handler };\n}\n\n/\n Helper to get the current session server-side\n * @deprecated Use getOAuth42Session instead - this is now just an alias for backward compatibility\n * \n * This function is maintained for backward compatibility but internally\n * calls getOAuth42Session which properly handles both App Router and Pages Router\n /\nexport const getServerSession = getOAuth42Session;\n\n/\n Token refresh helper\n /\nexport async function refreshAccessToken(token: any, clientId: string, clientSecret: string, issuer?: string) {\n try {\n const baseUrl = issuer \|\| process.env.OAUTH42_ISSUER \|\| 'https://oauth42.com';\n const tokenUrl = `${baseUrl}/oauth2/token`;\n \n // In development, we need to handle self-signed certificates\n const fetchOptions: any = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: token.refreshToken,\n client_id: clientId,\n client_secret: clientSecret,\n }),\n };\n \n // Add agent for self-signed certificates in development\n if (process.env.NODE_ENV !== 'production' && tokenUrl.startsWith('https://')) {\n const https = await import('https');\n fetchOptions.agent = new https.Agent({\n rejectUnauthorized: false\n });\n }\n \n const response = await fetch(tokenUrl, fetchOptions);\n const refreshedTokens = await response.json();\n \n if (!response.ok) {\n throw refreshedTokens;\n }\n \n return {\n ...token,\n accessToken: refreshedTokens.access_token,\n refreshToken: refreshedTokens.refresh_token ?? token.refreshToken,\n // Store expiration time in seconds (Unix timestamp)\n expiresAt: Math.floor(Date.now() / 1000) + (refreshedTokens.expires_in \|\| 3600),\n // Explicitly remove any error property on successful refresh\n error: undefined,\n };\n } catch (error) {\n console.error('Failed to refresh access token:', error);\n return {\n ...token,\n error: 'RefreshAccessTokenError',\n };\n }\n}","import type { OAuthConfig, OAuthUserConfig } from 'next-auth/providers/oauth';\n\nexport interface OAuth42Profile {\n sub: string;\n email: string;\n email_verified?: boolean;\n name?: string;\n given_name?: string;\n family_name?: string;\n picture?: string;\n username?: string;\n id?: string;\n}\n\nexport interface OAuth42ProviderOptions {\n clientId: string;\n clientSecret: string;\n issuer?: string;\n authorizationUrl?: string;\n tokenUrl?: string;\n userinfoUrl?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n}\n\nexport function OAuth42Provider<P extends OAuth42Profile>(\n options: OAuthUserConfig<P> & Partial<OAuth42ProviderOptions>\n): OAuthConfig<P> {\n const issuer = options.issuer \|\| process.env.OAUTH42_ISSUER \|\| 'https://oauth42.com';\n const baseUrl = issuer.replace(/\\/$/, '');\n \n return {\n id: 'oauth42',\n name: 'OAuth42',\n type: 'oauth',\n version: '2.0',\n \n // Use OIDC discovery to automatically find endpoints\n wellKnown: `${baseUrl}/.well-known/openid-configuration`,\n \n // Also set individual endpoints for compatibility\n authorization: {\n url: `${baseUrl}/oauth2/authorize`,\n params: {\n scope: (options.scopes \|\| ['openid', 'profile', 'email']).join(' '),\n response_type: 'code',\n },\n },\n token: `${baseUrl}/oauth2/token`,\n userinfo: `${baseUrl}/oauth2/userinfo`,\n \n client: {\n id: options.clientId,\n secret: options.clientSecret,\n token_endpoint_auth_method: 'client_secret_post',\n id_token_signed_response_alg: 'HS256', // OAuth42 uses HS256 for ID tokens\n },\n \n issuer: baseUrl,\n \n checks: options.pkceEnabled !== false ? ['pkce', 'state'] : ['state'],\n \n profile(profile: OAuth42Profile, tokens: any) {\n return {\n id: profile.sub \|\| profile.id \|\| profile.email,\n email: profile.email,\n emailVerified: profile.email_verified ? new Date() : null,\n name: profile.name \|\| `${profile.given_name \|\| ''} ${profile.family_name \|\| ''}`.trim(),\n image: profile.picture,\n };\n },\n \n style: {\n logo: '/oauth42-logo.svg',\n bg: '#1e40af',\n text: '#ffffff',\n },\n \n options,\n };\n}","import { getServerSession as getNextAuthSession } from 'next-auth';\nimport { NextAuthOptions } from 'next-auth';\nimport { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';\n\n/\n Get the OAuth42 session server-side\n * \n * This is the primary method for retrieving sessions in OAuth42 SDK.\n * Supports both Pages Router and App Router:\n * \n * App Router:\n * ```ts\n * const session = await getOAuth42Session(authOptions);\n * ```\n * \n * Pages Router:\n * ```ts\n * const session = await getOAuth42Session(req, res, authOptions);\n * ```\n /\nexport async function getOAuth42Session(\n ...args: \n \| [GetServerSidePropsContext['req'], GetServerSidePropsContext['res'], NextAuthOptions]\n \| [NextApiRequest, NextApiResponse, NextAuthOptions]\n \| [NextAuthOptions]\n) {\n return getNextAuthSession(...args as any);\n}\n\n/\n Helper for protecting API routes\n /\nexport function withOAuth42Session(\n handler: (req: NextApiRequest, res: NextApiResponse, session: any) => Promise<void> \| void,\n authOptions: NextAuthOptions\n) {\n return async (req: NextApiRequest, res: NextApiResponse) => {\n const session = await getOAuth42Session(req, res, authOptions);\n \n if (!session) {\n return res.status(401).json({ error: 'Unauthorized' });\n }\n \n return handler(req, res, session);\n };\n}\n\n/\n Helper for protecting server-side props\n /\nexport function withOAuth42ServerSideProps(\n getServerSideProps: (\n context: GetServerSidePropsContext,\n session: any\n ) => Promise<any>,\n authOptions: NextAuthOptions\n) {\n return async (context: GetServerSidePropsContext) => {\n const session = await getOAuth42Session(\n context.req,\n context.res,\n authOptions\n );\n \n if (!session) {\n return {\n redirect: {\n destination: '/auth/signin',\n permanent: false,\n },\n };\n }\n \n return getServerSideProps(context, session);\n };\n}","import { NextRequest, NextResponse } from 'next/server';\nimport { getToken } from 'next-auth/jwt';\n\nexport interface OAuth42AuthOptions {\n pages?: {\n signIn?: string;\n error?: string;\n };\n callbacks?: {\n authorized?: (params: { token: any; req: NextRequest }) => boolean \| Promise<boolean>;\n };\n protectedPaths?: string[];\n publicPaths?: string[];\n}\n\n/\n Middleware helper for protecting routes with OAuth42\n /\nexport function withOAuth42Auth(options: OAuth42AuthOptions = {}) {\n return async function middleware(req: NextRequest) {\n const token = await getToken({ \n req: req as any, \n secret: process.env.NEXTAUTH_SECRET \n });\n \n const pathname = req.nextUrl.pathname;\n \n // Check if path is explicitly public\n if (options.publicPaths?.some(path => pathname.startsWith(path))) {\n return NextResponse.next();\n }\n \n // Check if path needs protection\n const needsProtection = options.protectedPaths\n ? options.protectedPaths.some(path => pathname.startsWith(path))\n : true; // Default to protecting all paths\n \n if (!needsProtection) {\n return NextResponse.next();\n }\n \n // Check authorization\n let isAuthorized = !!token;\n \n if (options.callbacks?.authorized) {\n isAuthorized = await options.callbacks.authorized({ token, req });\n }\n \n if (!isAuthorized) {\n const signInUrl = options.pages?.signIn \|\| '/auth/signin';\n const url = new URL(signInUrl, req.url);\n url.searchParams.set('callbackUrl', pathname);\n return NextResponse.redirect(url);\n }\n \n return NextResponse.next();\n };\n}\n\n/\n Helper to create middleware configuration\n /\nexport function createMiddlewareConfig(\n protectedPaths: string[] = ['/protected'],\n publicPaths: string[] = ['/auth', '/api/auth']\n) {\n return {\n matcher: [\n /\n * Match all request paths except for the ones starting with:\n * - _next/static (static files)\n * - _next/image (image optimization files)\n * - favicon.ico (favicon file)\n * - public folder\n /\n '/((?!_next/static\|_next/image\|favicon.ico\|public).)',\n ],\n protectedPaths,\n publicPaths,\n };\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAAA,oBAA4B;;;ACyBrB,SAAS,gBACd,SACgB;AAChB,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,kBAAkB;AAC/D,QAAM,UAAU,OAAO,QAAQ,OAAO,EAAE;AAExC,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA;AAAA,IAGT,WAAW,GAAG,OAAO;AAAA;AAAA,IAGrB,eAAe;AAAA,MACb,KAAK,GAAG,OAAO;AAAA,MACf,QAAQ;AAAA,QACN,QAAQ,QAAQ,UAAU,CAAC,UAAU,WAAW,OAAO,GAAG,KAAK,GAAG;AAAA,QAClE,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,IACA,OAAO,GAAG,OAAO;AAAA,IACjB,UAAU,GAAG,OAAO;AAAA,IAEpB,QAAQ;AAAA,MACN,IAAI,QAAQ;AAAA,MACZ,QAAQ,QAAQ;AAAA,MAChB,4BAA4B;AAAA,MAC5B,8BAA8B;AAAA;AAAA,IAChC;AAAA,IAEA,QAAQ;AAAA,IAER,QAAQ,QAAQ,gBAAgB,QAAQ,CAAC,QAAQ,OAAO,IAAI,CAAC,OAAO;AAAA,IAEpE,QAAQ,SAAyB,QAAa;AAC5C,aAAO;AAAA,QACL,IAAI,QAAQ,OAAO,QAAQ,MAAM,QAAQ;AAAA,QACzC,OAAO,QAAQ;AAAA,QACf,eAAe,QAAQ,iBAAiB,oBAAI,KAAK,IAAI;AAAA,QACrD,MAAM,QAAQ,QAAQ,GAAG,QAAQ,cAAc,EAAE,IAAI,QAAQ,eAAe,EAAE,GAAG,KAAK;AAAA,QACtF,OAAO,QAAQ;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,IAAI;AAAA,MACJ,MAAM;AAAA,IACR;AAAA,IAEA;AAAA,EACF;AACF;;;AChFA,uBAAuD;AAoBvD,eAAsB,qBACjB,MAIH;AACA,aAAO,iBAAAC,kBAAmB,GAAG,IAAW;AAC1C;AAKO,SAAS,mBACd,SACA,aACA;AACA,SAAO,OAAO,KAAqB,QAAyB;AAC1D,UAAM,UAAU,MAAM,kBAAkB,KAAK,KAAK,WAAW;AAE7D,QAAI,CAAC,SAAS;AACZ,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,IACvD;AAEA,WAAO,QAAQ,KAAK,KAAK,OAAO;AAAA,EAClC;AACF;AAKO,SAAS,2BACd,oBAIA,aACA;AACA,SAAO,OAAO,YAAuC;AACnD,UAAM,UAAU,MAAM;AAAA,MACpB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF;AAEA,WAAO,mBAAmB,SAAS,OAAO;AAAA,EAC5C;AACF;;;AFrEA,IAAM,WAAY,kBAAAC,QAAwB,WAAW,kBAAAA;AAoB9C,SAAS,WAAW,UAA6B,CAAC,GAAG;AAC1D,QAAM,WAAW,QAAQ,YAAY,QAAQ,IAAI;AACjD,QAAM,eAAe,QAAQ,gBAAgB,QAAQ,IAAI;AAEzD,MAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,UAAM,IAAI;AAAA,MACR;AAAA,IAGF;AAAA,EACF;AAEA,QAAM,cAA+B;AAAA,IACnC,WAAW;AAAA,MACT,gBAAgB;AAAA,QACd;AAAA,QACA;AAAA,QACA,QAAQ,QAAQ;AAAA,QAChB,QAAQ,QAAQ;AAAA,QAChB,aAAa,QAAQ;AAAA,MACvB,CAAC;AAAA,IACH;AAAA,IAEA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,SAAS,QAAQ,GAAG;AAErC,YAAI,SAAS;AACX,gBAAM,cAAc,QAAQ;AAC5B,gBAAM,eAAe,QAAQ;AAC7B,gBAAM,YAAY,QAAQ;AAC1B,gBAAM,UAAU,QAAQ;AAAA,QAC1B;AAGA,YAAI,SAAS;AACX,gBAAM,iBAAiB;AACvB,gBAAM,QAAQ,eAAe;AAC7B,gBAAM,WAAW,eAAe;AAChC,gBAAM,gBAAgB,eAAe;AAAA,QACvC;AAGA,YAAI,QAAQ,WAAW,KAAK;AAC1B,iBAAO,QAAQ,UAAU,IAAI,EAAE,OAAO,SAAS,QAAQ,CAAQ;AAAA,QACjE;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAEhC,gBAAQ,cAAc,MAAM;AAC5B,gBAAQ,UAAU,MAAM;AAExB,YAAI,QAAQ,MAAM;AAChB,kBAAQ,KAAK,QAAQ,MAAM;AAC3B,kBAAQ,KAAK,WAAW,MAAM;AAC9B,kBAAQ,KAAK,gBAAgB,MAAM;AAAA,QACrC;AAGA,YAAI,QAAQ,WAAW,SAAS;AAC9B,iBAAO,QAAQ,UAAU,QAAQ,EAAE,SAAS,MAAM,CAAQ;AAAA,QAC5D;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAO;AAAA,MACP,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,SAAS;AAAA,MACP,UAAU;AAAA,MACV,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAAA,IAEjD,QAAQ,QAAQ,IAAI;AAAA,EACtB;AAGA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,SAAS,WAAW;AAAA,EAChC;AACF;AAKO,SAAS,eAAe,aAA8B;AAC3D,QAAM,UAAU,SAAS,WAAW;AACpC,SAAO,EAAE,KAAK,SAAS,MAAM,QAAQ;AACvC;AASO,IAAM,mBAAmB;AAKhC,eAAsB,mBAAmB,OAAY,UAAkB,cAAsB,QAAiB;AAC5G,MAAI;AACF,UAAM,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AACxD,UAAM,WAAW,GAAG,OAAO;AAG3B,UAAM,eAAoB;AAAA,MACxB,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,IAAI,gBAAgB;AAAA,QACxB,YAAY;AAAA,QACZ,eAAe,MAAM;AAAA,QACrB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAAA,IACH;AAGA,QAAI,QAAQ,IAAI,aAAa,gBAAgB,SAAS,WAAW,UAAU,GAAG;AAC5E,YAAM,QAAQ,MAAM,OAAO,OAAO;AAClC,mBAAa,QAAQ,IAAI,MAAM,MAAM;AAAA,QACnC,oBAAoB;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,UAAM,WAAW,MAAM,MAAM,UAAU,YAAY;AACnD,UAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,MACL,GAAG;AAAA,MACH,aAAa,gBAAgB;AAAA,MAC7B,cAAc,gBAAgB,iBAAiB,MAAM;AAAA;AAAA,MAErD,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,gBAAgB,cAAc;AAAA;AAAA,MAE1E,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,mCAAmC,KAAK;AACtD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AD1LA,IAAAC,oBAAoC;;;AILpC,oBAA0C;AAC1C,iBAAyB;AAiBlB,SAAS,gBAAgB,UAA8B,CAAC,GAAG;AAChE,SAAO,eAAe,WAAW,KAAkB;AACjD,UAAM,QAAQ,UAAM,qBAAS;AAAA,MAC3B;AAAA,MACA,QAAQ,QAAQ,IAAI;AAAA,IACtB,CAAC;AAED,UAAM,WAAW,IAAI,QAAQ;AAG7B,QAAI,QAAQ,aAAa,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,GAAG;AAChE,aAAO,2BAAa,KAAK;AAAA,IAC3B;AAGA,UAAM,kBAAkB,QAAQ,iBAC5B,QAAQ,eAAe,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,IAC7D;AAEJ,QAAI,CAAC,iBAAiB;AACpB,aAAO,2BAAa,KAAK;AAAA,IAC3B;AAGA,QAAI,eAAe,CAAC,CAAC;AAErB,QAAI,QAAQ,WAAW,YAAY;AACjC,qBAAe,MAAM,QAAQ,UAAU,WAAW,EAAE,OAAO,IAAI,CAAC;AAAA,IAClE;AAEA,QAAI,CAAC,cAAc;AACjB,YAAM,YAAY,QAAQ,OAAO,UAAU;AAC3C,YAAM,MAAM,IAAI,IAAI,WAAW,IAAI,GAAG;AACtC,UAAI,aAAa,IAAI,eAAe,QAAQ;AAC5C,aAAO,2BAAa,SAAS,GAAG;AAAA,IAClC;AAEA,WAAO,2BAAa,KAAK;AAAA,EAC3B;AACF;AAKO,SAAS,uBACd,iBAA2B,CAAC,YAAY,GACxC,cAAwB,CAAC,SAAS,WAAW,GAC7C;AACA,SAAO;AAAA,IACL,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAQP;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["import_next_auth","getNextAuthSession","NextAuthDefault","import_next_auth"]}
1	+ {"version":3,"sources":["../../src/server/index.ts","../../src/server/auth.ts","../../src/provider.ts","../../src/server/session.ts","../../src/server/middleware.ts","../../src/server/hosted-auth-callback.ts"],"sourcesContent":["// Server-side exports\nexport { createAuth, createHandlers, getServerSession, refreshAccessToken } from './auth';\nexport type { CreateAuthOptions, NextAuthOptions } from './auth';\n\n// Re-export NextAuth from next-auth\nexport { default as NextAuth } from 'next-auth';\n\n// Re-export OAuth42Provider\nexport { OAuth42Provider } from '../provider';\n\nexport { withOAuth42Auth, createMiddlewareConfig } from './middleware';\nexport type { OAuth42AuthOptions } from './middleware';\n\nexport { getOAuth42Session, withOAuth42Session, withOAuth42ServerSideProps } from './session';\n\n// Hosted auth callback handler\nexport { createHostedAuthCallback } from './hosted-auth-callback';\nexport type { HostedAuthCallbackOptions } from './hosted-auth-callback';","import NextAuthDefault from 'next-auth';\nimport type { NextAuthOptions } from 'next-auth';\nimport { OAuth42Provider, OAuth42Profile } from '../provider';\nimport { getOAuth42Session } from './session';\n\n// Handle both CommonJS and ESM exports\nconst NextAuth = (NextAuthDefault as any).default \|\| NextAuthDefault;\n\nexport { type NextAuthOptions };\n\nexport interface CreateAuthOptions {\n clientId?: string;\n clientSecret?: string;\n issuer?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n debug?: boolean;\n callbacks?: NextAuthOptions['callbacks'];\n pages?: NextAuthOptions['pages'];\n session?: NextAuthOptions['session'];\n}\n\n/*\n Create a pre-configured NextAuth instance for OAuth42\n * This provides a simplified setup with sensible defaults\n /\nexport function createAuth(options: CreateAuthOptions = {}) {\n const clientId = options.clientId \|\| process.env.OAUTH42_CLIENT_ID;\n const clientSecret = options.clientSecret \|\| process.env.OAUTH42_CLIENT_SECRET;\n \n if (!clientId \|\| !clientSecret) {\n throw new Error(\n 'OAuth42 client credentials are required. ' +\n 'Set OAUTH42_CLIENT_ID and OAUTH42_CLIENT_SECRET environment variables ' +\n 'or pass them in the options.'\n );\n }\n \n const authOptions: NextAuthOptions = {\n providers: [\n OAuth42Provider({\n clientId,\n clientSecret,\n issuer: options.issuer,\n scopes: options.scopes,\n pkceEnabled: options.pkceEnabled,\n }),\n ],\n \n callbacks: {\n async jwt({ token, account, profile }) {\n // Store OAuth tokens in the JWT\n if (account) {\n token.accessToken = account.access_token;\n token.refreshToken = account.refresh_token;\n token.expiresAt = account.expires_at;\n token.idToken = account.id_token;\n }\n \n // Add user profile data\n if (profile) {\n const oauth42Profile = profile as OAuth42Profile;\n token.email = oauth42Profile.email;\n token.username = oauth42Profile.username;\n token.emailVerified = oauth42Profile.email_verified;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.jwt) {\n return options.callbacks.jwt({ token, account, profile } as any);\n }\n \n return token;\n },\n \n async session({ session, token }) {\n // Add OAuth42-specific data to session\n session.accessToken = token.accessToken as string;\n session.idToken = token.idToken as string;\n \n if (session.user) {\n session.user.email = token.email as string;\n session.user.username = token.username as string;\n session.user.emailVerified = token.emailVerified as boolean;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.session) {\n return options.callbacks.session({ session, token } as any);\n }\n \n return session;\n },\n \n ...options.callbacks,\n },\n \n pages: {\n signIn: '/auth/signin',\n signOut: '/auth/signout',\n error: '/auth/error',\n ...options.pages,\n },\n \n session: {\n strategy: 'jwt',\n ...options.session,\n },\n \n debug: options.debug \|\| process.env.NODE_ENV === 'development',\n \n secret: process.env.NEXTAUTH_SECRET,\n };\n \n // Return the configuration and a function to create handlers\n return {\n auth: authOptions,\n handlers: NextAuth(authOptions),\n };\n}\n\n/\n Create NextAuth handlers for API routes\n /\nexport function createHandlers(authOptions: NextAuthOptions) {\n const handler = NextAuth(authOptions);\n return { GET: handler, POST: handler };\n}\n\n/\n Helper to get the current session server-side\n * @deprecated Use getOAuth42Session instead - this is now just an alias for backward compatibility\n * \n * This function is maintained for backward compatibility but internally\n * calls getOAuth42Session which properly handles both App Router and Pages Router\n /\nexport const getServerSession = getOAuth42Session;\n\n/\n Token refresh helper\n /\nexport async function refreshAccessToken(token: any, clientId: string, clientSecret: string, issuer?: string) {\n try {\n const baseUrl = issuer \|\| process.env.OAUTH42_ISSUER \|\| 'https://oauth42.com';\n const tokenUrl = `${baseUrl}/oauth2/token`;\n \n // In development, we need to handle self-signed certificates\n const fetchOptions: any = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: token.refreshToken,\n client_id: clientId,\n client_secret: clientSecret,\n }),\n };\n \n // Add agent for self-signed certificates in development\n if (process.env.NODE_ENV !== 'production' && tokenUrl.startsWith('https://')) {\n const https = await import('https');\n fetchOptions.agent = new https.Agent({\n rejectUnauthorized: false\n });\n }\n \n const response = await fetch(tokenUrl, fetchOptions);\n const refreshedTokens = await response.json();\n \n if (!response.ok) {\n throw refreshedTokens;\n }\n \n return {\n ...token,\n accessToken: refreshedTokens.access_token,\n refreshToken: refreshedTokens.refresh_token ?? token.refreshToken,\n // Store expiration time in seconds (Unix timestamp)\n expiresAt: Math.floor(Date.now() / 1000) + (refreshedTokens.expires_in \|\| 3600),\n // Explicitly remove any error property on successful refresh\n error: undefined,\n };\n } catch (error) {\n console.error('Failed to refresh access token:', error);\n return {\n ...token,\n error: 'RefreshAccessTokenError',\n };\n }\n}","import type { OAuthConfig, OAuthUserConfig } from 'next-auth/providers/oauth';\n\nexport interface OAuth42Profile {\n sub: string;\n email: string;\n email_verified?: boolean;\n name?: string;\n given_name?: string;\n family_name?: string;\n picture?: string;\n username?: string;\n id?: string;\n}\n\nexport interface OAuth42ProviderOptions {\n clientId: string;\n clientSecret: string;\n issuer?: string;\n authorizationUrl?: string;\n tokenUrl?: string;\n userinfoUrl?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n}\n\nexport function OAuth42Provider<P extends OAuth42Profile>(\n options: OAuthUserConfig<P> & Partial<OAuth42ProviderOptions>\n): OAuthConfig<P> {\n const issuer = options.issuer \|\| process.env.OAUTH42_ISSUER \|\| 'https://oauth42.com';\n const baseUrl = issuer.replace(/\\/$/, '');\n \n return {\n id: 'oauth42',\n name: 'OAuth42',\n type: 'oauth',\n version: '2.0',\n \n // Use OIDC discovery to automatically find endpoints\n wellKnown: `${baseUrl}/.well-known/openid-configuration`,\n \n // Also set individual endpoints for compatibility\n authorization: {\n url: `${baseUrl}/oauth2/authorize`,\n params: {\n scope: (options.scopes \|\| ['openid', 'profile', 'email']).join(' '),\n response_type: 'code',\n },\n },\n token: `${baseUrl}/oauth2/token`,\n userinfo: `${baseUrl}/oauth2/userinfo`,\n \n client: {\n id: options.clientId,\n secret: options.clientSecret,\n token_endpoint_auth_method: 'client_secret_post',\n id_token_signed_response_alg: 'HS256', // OAuth42 uses HS256 for ID tokens\n },\n \n issuer: baseUrl,\n \n checks: options.pkceEnabled !== false ? ['pkce', 'state'] : ['state'],\n \n profile(profile: OAuth42Profile, tokens: any) {\n return {\n id: profile.sub \|\| profile.id \|\| profile.email,\n email: profile.email,\n emailVerified: profile.email_verified ? new Date() : null,\n name: profile.name \|\| `${profile.given_name \|\| ''} ${profile.family_name \|\| ''}`.trim(),\n image: profile.picture,\n };\n },\n \n style: {\n logo: '/oauth42-logo.svg',\n bg: '#1e40af',\n text: '#ffffff',\n },\n \n options,\n };\n}","import { getServerSession as getNextAuthSession } from 'next-auth';\nimport { NextAuthOptions } from 'next-auth';\nimport { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';\n\n/\n Get the OAuth42 session server-side\n * \n * This is the primary method for retrieving sessions in OAuth42 SDK.\n * Supports both Pages Router and App Router:\n * \n * App Router:\n * ```ts\n * const session = await getOAuth42Session(authOptions);\n * ```\n * \n * Pages Router:\n * ```ts\n * const session = await getOAuth42Session(req, res, authOptions);\n * ```\n /\nexport async function getOAuth42Session(\n ...args: \n \| [GetServerSidePropsContext['req'], GetServerSidePropsContext['res'], NextAuthOptions]\n \| [NextApiRequest, NextApiResponse, NextAuthOptions]\n \| [NextAuthOptions]\n) {\n return getNextAuthSession(...args as any);\n}\n\n/\n Helper for protecting API routes\n /\nexport function withOAuth42Session(\n handler: (req: NextApiRequest, res: NextApiResponse, session: any) => Promise<void> \| void,\n authOptions: NextAuthOptions\n) {\n return async (req: NextApiRequest, res: NextApiResponse) => {\n const session = await getOAuth42Session(req, res, authOptions);\n \n if (!session) {\n return res.status(401).json({ error: 'Unauthorized' });\n }\n \n return handler(req, res, session);\n };\n}\n\n/\n Helper for protecting server-side props\n /\nexport function withOAuth42ServerSideProps(\n getServerSideProps: (\n context: GetServerSidePropsContext,\n session: any\n ) => Promise<any>,\n authOptions: NextAuthOptions\n) {\n return async (context: GetServerSidePropsContext) => {\n const session = await getOAuth42Session(\n context.req,\n context.res,\n authOptions\n );\n \n if (!session) {\n return {\n redirect: {\n destination: '/auth/signin',\n permanent: false,\n },\n };\n }\n \n return getServerSideProps(context, session);\n };\n}","import { NextRequest, NextResponse } from 'next/server';\nimport { getToken } from 'next-auth/jwt';\n\nexport interface OAuth42AuthOptions {\n pages?: {\n signIn?: string;\n error?: string;\n };\n callbacks?: {\n authorized?: (params: { token: any; req: NextRequest }) => boolean \| Promise<boolean>;\n };\n protectedPaths?: string[];\n publicPaths?: string[];\n}\n\n/\n Middleware helper for protecting routes with OAuth42\n /\nexport function withOAuth42Auth(options: OAuth42AuthOptions = {}) {\n return async function middleware(req: NextRequest) {\n const token = await getToken({ \n req: req as any, \n secret: process.env.NEXTAUTH_SECRET \n });\n \n const pathname = req.nextUrl.pathname;\n \n // Check if path is explicitly public\n if (options.publicPaths?.some(path => pathname.startsWith(path))) {\n return NextResponse.next();\n }\n \n // Check if path needs protection\n const needsProtection = options.protectedPaths\n ? options.protectedPaths.some(path => pathname.startsWith(path))\n : true; // Default to protecting all paths\n \n if (!needsProtection) {\n return NextResponse.next();\n }\n \n // Check authorization\n let isAuthorized = !!token;\n \n if (options.callbacks?.authorized) {\n isAuthorized = await options.callbacks.authorized({ token, req });\n }\n \n if (!isAuthorized) {\n const signInUrl = options.pages?.signIn \|\| '/auth/signin';\n const url = new URL(signInUrl, req.url);\n url.searchParams.set('callbackUrl', pathname);\n return NextResponse.redirect(url);\n }\n \n return NextResponse.next();\n };\n}\n\n/\n Helper to create middleware configuration\n /\nexport function createMiddlewareConfig(\n protectedPaths: string[] = ['/protected'],\n publicPaths: string[] = ['/auth', '/api/auth']\n) {\n return {\n matcher: [\n /\n * Match all request paths except for the ones starting with:\n * - _next/static (static files)\n * - _next/image (image optimization files)\n * - favicon.ico (favicon file)\n * - public folder\n /\n '/((?!_next/static\|_next/image\|favicon.ico\|public).)',\n ],\n protectedPaths,\n publicPaths,\n };\n}","import { NextRequest, NextResponse } from 'next/server';\nimport https from 'https';\nimport { encode } from 'next-auth/jwt';\n\nexport interface HostedAuthCallbackOptions {\n /*\n OAuth42 issuer URL (e.g., 'https://api.oauth42.com' or 'https://localhost:8443')\n /\n issuer?: string;\n\n /\n OAuth2 client ID\n /\n clientId?: string;\n\n /\n OAuth2 client secret\n /\n clientSecret?: string;\n\n /\n Application base URL (e.g., 'http://localhost:3000')\n /\n baseUrl?: string;\n\n /\n NextAuth secret for JWT encoding\n /\n nextAuthSecret?: string;\n\n /\n URL to redirect to after successful authentication\n * @default '/dashboard'\n /\n redirectUrl?: string;\n\n /\n URL to redirect to on error\n * @default '/'\n /\n errorUrl?: string;\n}\n\n/\n Creates a handler for OAuth42 hosted auth callback that integrates with NextAuth.\n \n This function handles the OAuth callback, exchanges the authorization code for tokens,\n * fetches user info, and creates a NextAuth-compatible session cookie.\n \n @example\n * ```typescript\n * // app/api/oauth/callback/route.ts\n * import { createHostedAuthCallback } from '@oauth42/next/server';\n \n export const GET = createHostedAuthCallback({\n * redirectUrl: '/dashboard',\n * });\n * ```\n /\nexport function createHostedAuthCallback(options: HostedAuthCallbackOptions = {}) {\n return async function GET(request: NextRequest) {\n const {\n issuer = process.env.OAUTH42_ISSUER \|\| 'https://api.oauth42.com',\n clientId = process.env.OAUTH42_CLIENT_ID,\n clientSecret = process.env.OAUTH42_CLIENT_SECRET,\n baseUrl = process.env.NEXTAUTH_URL,\n nextAuthSecret = process.env.NEXTAUTH_SECRET,\n redirectUrl = '/dashboard',\n errorUrl = '/',\n } = options;\n\n if (!clientId \|\| !clientSecret) {\n console.error('OAuth42 client credentials are required');\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_credentials`, request.url));\n }\n\n if (!nextAuthSecret) {\n console.error('NEXTAUTH_SECRET is required');\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_secret`, request.url));\n }\n\n const searchParams = request.nextUrl.searchParams;\n const code = searchParams.get('code');\n\n if (!code) {\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_code`, request.url));\n }\n\n try {\n // Exchange authorization code for tokens\n const tokenEndpoint = `${issuer}/oauth2/token`;\n\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n redirect_uri: `${baseUrl}/api/oauth/callback`,\n client_id: clientId,\n client_secret: clientSecret,\n });\n\n // For development, use custom agent to disable SSL verification\n const fetchOptions: RequestInit = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: body.toString(),\n };\n\n if (process.env.NODE_ENV !== 'production') {\n const agent = new https.Agent({\n rejectUnauthorized: false,\n });\n (fetchOptions as any).agent = agent;\n }\n\n const tokenResponse = await fetch(tokenEndpoint, fetchOptions);\n const tokens = await tokenResponse.json();\n\n if (!tokenResponse.ok) {\n console.error('Token exchange failed:', tokens);\n return NextResponse.redirect(new URL(`${errorUrl}?error=token_exchange_failed`, request.url));\n }\n\n // Fetch user info\n const userInfoEndpoint = `${issuer}/oauth2/userinfo`;\n const userInfoResponse = await fetch(userInfoEndpoint, {\n headers: {\n 'Authorization': `Bearer ${tokens.access_token}`,\n },\n ...(process.env.NODE_ENV !== 'production' ? {\n agent: new https.Agent({ rejectUnauthorized: false })\n } as any : {})\n });\n\n const userInfo = await userInfoResponse.json();\n\n // Create NextAuth-compatible session token\n const sessionToken = await encode({\n token: {\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token,\n expiresAt: Math.floor(Date.now() / 1000) + (tokens.expires_in \|\| 3600),\n idToken: tokens.id_token,\n email: userInfo.email,\n username: userInfo.username,\n name: userInfo.name,\n sub: userInfo.sub,\n },\n secret: nextAuthSecret,\n });\n\n const redirectResponse = NextResponse.redirect(new URL(redirectUrl, request.url));\n\n // Set NextAuth session cookie\n const cookieName = process.env.NODE_ENV === 'production'\n ? '__Secure-next-auth.session-token'\n : 'next-auth.session-token';\n\n redirectResponse.cookies.set(cookieName, sessionToken, {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'lax',\n maxAge: 60 60 * 24 * 30, // 30 days\n path: '/',\n });\n\n return redirectResponse;\n } catch (error) {\n console.error('OAuth callback error:', error);\n return NextResponse.redirect(new URL(`${errorUrl}?error=callback_failed`, request.url));\n }\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,IAAAA,oBAA4B;;;ACyBrB,SAAS,gBACd,SACgB;AAChB,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,kBAAkB;AAC/D,QAAM,UAAU,OAAO,QAAQ,OAAO,EAAE;AAExC,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA;AAAA,IAGT,WAAW,GAAG,OAAO;AAAA;AAAA,IAGrB,eAAe;AAAA,MACb,KAAK,GAAG,OAAO;AAAA,MACf,QAAQ;AAAA,QACN,QAAQ,QAAQ,UAAU,CAAC,UAAU,WAAW,OAAO,GAAG,KAAK,GAAG;AAAA,QAClE,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,IACA,OAAO,GAAG,OAAO;AAAA,IACjB,UAAU,GAAG,OAAO;AAAA,IAEpB,QAAQ;AAAA,MACN,IAAI,QAAQ;AAAA,MACZ,QAAQ,QAAQ;AAAA,MAChB,4BAA4B;AAAA,MAC5B,8BAA8B;AAAA;AAAA,IAChC;AAAA,IAEA,QAAQ;AAAA,IAER,QAAQ,QAAQ,gBAAgB,QAAQ,CAAC,QAAQ,OAAO,IAAI,CAAC,OAAO;AAAA,IAEpE,QAAQ,SAAyB,QAAa;AAC5C,aAAO;AAAA,QACL,IAAI,QAAQ,OAAO,QAAQ,MAAM,QAAQ;AAAA,QACzC,OAAO,QAAQ;AAAA,QACf,eAAe,QAAQ,iBAAiB,oBAAI,KAAK,IAAI;AAAA,QACrD,MAAM,QAAQ,QAAQ,GAAG,QAAQ,cAAc,EAAE,IAAI,QAAQ,eAAe,EAAE,GAAG,KAAK;AAAA,QACtF,OAAO,QAAQ;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,IAAI;AAAA,MACJ,MAAM;AAAA,IACR;AAAA,IAEA;AAAA,EACF;AACF;;;AChFA,uBAAuD;AAoBvD,eAAsB,qBACjB,MAIH;AACA,aAAO,iBAAAC,kBAAmB,GAAG,IAAW;AAC1C;AAKO,SAAS,mBACd,SACA,aACA;AACA,SAAO,OAAO,KAAqB,QAAyB;AAC1D,UAAM,UAAU,MAAM,kBAAkB,KAAK,KAAK,WAAW;AAE7D,QAAI,CAAC,SAAS;AACZ,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,IACvD;AAEA,WAAO,QAAQ,KAAK,KAAK,OAAO;AAAA,EAClC;AACF;AAKO,SAAS,2BACd,oBAIA,aACA;AACA,SAAO,OAAO,YAAuC;AACnD,UAAM,UAAU,MAAM;AAAA,MACpB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF;AAEA,WAAO,mBAAmB,SAAS,OAAO;AAAA,EAC5C;AACF;;;AFrEA,IAAM,WAAY,kBAAAC,QAAwB,WAAW,kBAAAA;AAoB9C,SAAS,WAAW,UAA6B,CAAC,GAAG;AAC1D,QAAM,WAAW,QAAQ,YAAY,QAAQ,IAAI;AACjD,QAAM,eAAe,QAAQ,gBAAgB,QAAQ,IAAI;AAEzD,MAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,UAAM,IAAI;AAAA,MACR;AAAA,IAGF;AAAA,EACF;AAEA,QAAM,cAA+B;AAAA,IACnC,WAAW;AAAA,MACT,gBAAgB;AAAA,QACd;AAAA,QACA;AAAA,QACA,QAAQ,QAAQ;AAAA,QAChB,QAAQ,QAAQ;AAAA,QAChB,aAAa,QAAQ;AAAA,MACvB,CAAC;AAAA,IACH;AAAA,IAEA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,SAAS,QAAQ,GAAG;AAErC,YAAI,SAAS;AACX,gBAAM,cAAc,QAAQ;AAC5B,gBAAM,eAAe,QAAQ;AAC7B,gBAAM,YAAY,QAAQ;AAC1B,gBAAM,UAAU,QAAQ;AAAA,QAC1B;AAGA,YAAI,SAAS;AACX,gBAAM,iBAAiB;AACvB,gBAAM,QAAQ,eAAe;AAC7B,gBAAM,WAAW,eAAe;AAChC,gBAAM,gBAAgB,eAAe;AAAA,QACvC;AAGA,YAAI,QAAQ,WAAW,KAAK;AAC1B,iBAAO,QAAQ,UAAU,IAAI,EAAE,OAAO,SAAS,QAAQ,CAAQ;AAAA,QACjE;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAEhC,gBAAQ,cAAc,MAAM;AAC5B,gBAAQ,UAAU,MAAM;AAExB,YAAI,QAAQ,MAAM;AAChB,kBAAQ,KAAK,QAAQ,MAAM;AAC3B,kBAAQ,KAAK,WAAW,MAAM;AAC9B,kBAAQ,KAAK,gBAAgB,MAAM;AAAA,QACrC;AAGA,YAAI,QAAQ,WAAW,SAAS;AAC9B,iBAAO,QAAQ,UAAU,QAAQ,EAAE,SAAS,MAAM,CAAQ;AAAA,QAC5D;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAO;AAAA,MACP,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,SAAS;AAAA,MACP,UAAU;AAAA,MACV,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAAA,IAEjD,QAAQ,QAAQ,IAAI;AAAA,EACtB;AAGA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,SAAS,WAAW;AAAA,EAChC;AACF;AAKO,SAAS,eAAe,aAA8B;AAC3D,QAAM,UAAU,SAAS,WAAW;AACpC,SAAO,EAAE,KAAK,SAAS,MAAM,QAAQ;AACvC;AASO,IAAM,mBAAmB;AAKhC,eAAsB,mBAAmB,OAAY,UAAkB,cAAsB,QAAiB;AAC5G,MAAI;AACF,UAAM,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AACxD,UAAM,WAAW,GAAG,OAAO;AAG3B,UAAM,eAAoB;AAAA,MACxB,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,IAAI,gBAAgB;AAAA,QACxB,YAAY;AAAA,QACZ,eAAe,MAAM;AAAA,QACrB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAAA,IACH;AAGA,QAAI,QAAQ,IAAI,aAAa,gBAAgB,SAAS,WAAW,UAAU,GAAG;AAC5E,YAAMC,SAAQ,MAAM,OAAO,OAAO;AAClC,mBAAa,QAAQ,IAAIA,OAAM,MAAM;AAAA,QACnC,oBAAoB;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,UAAM,WAAW,MAAM,MAAM,UAAU,YAAY;AACnD,UAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,MACL,GAAG;AAAA,MACH,aAAa,gBAAgB;AAAA,MAC7B,cAAc,gBAAgB,iBAAiB,MAAM;AAAA;AAAA,MAErD,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,gBAAgB,cAAc;AAAA;AAAA,MAE1E,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,mCAAmC,KAAK;AACtD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AD1LA,IAAAC,oBAAoC;;;AILpC,oBAA0C;AAC1C,iBAAyB;AAiBlB,SAAS,gBAAgB,UAA8B,CAAC,GAAG;AAChE,SAAO,eAAe,WAAW,KAAkB;AACjD,UAAM,QAAQ,UAAM,qBAAS;AAAA,MAC3B;AAAA,MACA,QAAQ,QAAQ,IAAI;AAAA,IACtB,CAAC;AAED,UAAM,WAAW,IAAI,QAAQ;AAG7B,QAAI,QAAQ,aAAa,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,GAAG;AAChE,aAAO,2BAAa,KAAK;AAAA,IAC3B;AAGA,UAAM,kBAAkB,QAAQ,iBAC5B,QAAQ,eAAe,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,IAC7D;AAEJ,QAAI,CAAC,iBAAiB;AACpB,aAAO,2BAAa,KAAK;AAAA,IAC3B;AAGA,QAAI,eAAe,CAAC,CAAC;AAErB,QAAI,QAAQ,WAAW,YAAY;AACjC,qBAAe,MAAM,QAAQ,UAAU,WAAW,EAAE,OAAO,IAAI,CAAC;AAAA,IAClE;AAEA,QAAI,CAAC,cAAc;AACjB,YAAM,YAAY,QAAQ,OAAO,UAAU;AAC3C,YAAM,MAAM,IAAI,IAAI,WAAW,IAAI,GAAG;AACtC,UAAI,aAAa,IAAI,eAAe,QAAQ;AAC5C,aAAO,2BAAa,SAAS,GAAG;AAAA,IAClC;AAEA,WAAO,2BAAa,KAAK;AAAA,EAC3B;AACF;AAKO,SAAS,uBACd,iBAA2B,CAAC,YAAY,GACxC,cAAwB,CAAC,SAAS,WAAW,GAC7C;AACA,SAAO;AAAA,IACL,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAQP;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AChFA,IAAAC,iBAA0C;AAC1C,mBAAkB;AAClB,IAAAC,cAAuB;AAyDhB,SAAS,yBAAyB,UAAqC,CAAC,GAAG;AAChF,SAAO,eAAe,IAAI,SAAsB;AAC9C,UAAM;AAAA,MACJ,SAAS,QAAQ,IAAI,kBAAkB;AAAA,MACvC,WAAW,QAAQ,IAAI;AAAA,MACvB,eAAe,QAAQ,IAAI;AAAA,MAC3B,UAAU,QAAQ,IAAI;AAAA,MACtB,iBAAiB,QAAQ,IAAI;AAAA,MAC7B,cAAc;AAAA,MACd,WAAW;AAAA,IACb,IAAI;AAEJ,QAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,cAAQ,MAAM,yCAAyC;AACvD,aAAO,4BAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,8BAA8B,QAAQ,GAAG,CAAC;AAAA,IAC5F;AAEA,QAAI,CAAC,gBAAgB;AACnB,cAAQ,MAAM,6BAA6B;AAC3C,aAAO,4BAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,yBAAyB,QAAQ,GAAG,CAAC;AAAA,IACvF;AAEA,UAAM,eAAe,QAAQ,QAAQ;AACrC,UAAM,OAAO,aAAa,IAAI,MAAM;AAEpC,QAAI,CAAC,MAAM;AACT,aAAO,4BAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,uBAAuB,QAAQ,GAAG,CAAC;AAAA,IACrF;AAEA,QAAI;AAEF,YAAM,gBAAgB,GAAG,MAAM;AAE/B,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,YAAY;AAAA,QACZ;AAAA,QACA,cAAc,GAAG,OAAO;AAAA,QACxB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAGD,YAAM,eAA4B;AAAA,QAChC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA,MAAM,KAAK,SAAS;AAAA,MACtB;AAEA,UAAI,QAAQ,IAAI,aAAa,cAAc;AACzC,cAAM,QAAQ,IAAI,aAAAC,QAAM,MAAM;AAAA,UAC5B,oBAAoB;AAAA,QACtB,CAAC;AACD,QAAC,aAAqB,QAAQ;AAAA,MAChC;AAEA,YAAM,gBAAgB,MAAM,MAAM,eAAe,YAAY;AAC7D,YAAM,SAAS,MAAM,cAAc,KAAK;AAExC,UAAI,CAAC,cAAc,IAAI;AACrB,gBAAQ,MAAM,0BAA0B,MAAM;AAC9C,eAAO,4BAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,gCAAgC,QAAQ,GAAG,CAAC;AAAA,MAC9F;AAGA,YAAM,mBAAmB,GAAG,MAAM;AAClC,YAAM,mBAAmB,MAAM,MAAM,kBAAkB;AAAA,QACrD,SAAS;AAAA,UACP,iBAAiB,UAAU,OAAO,YAAY;AAAA,QAChD;AAAA,QACA,GAAI,QAAQ,IAAI,aAAa,eAAe;AAAA,UAC1C,OAAO,IAAI,aAAAA,QAAM,MAAM,EAAE,oBAAoB,MAAM,CAAC;AAAA,QACtD,IAAW,CAAC;AAAA,MACd,CAAC;AAED,YAAM,WAAW,MAAM,iBAAiB,KAAK;AAG7C,YAAM,eAAe,UAAM,oBAAO;AAAA,QAChC,OAAO;AAAA,UACL,aAAa,OAAO;AAAA,UACpB,cAAc,OAAO;AAAA,UACrB,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,cAAc;AAAA,UACjE,SAAS,OAAO;AAAA,UAChB,OAAO,SAAS;AAAA,UAChB,UAAU,SAAS;AAAA,UACnB,MAAM,SAAS;AAAA,UACf,KAAK,SAAS;AAAA,QAChB;AAAA,QACA,QAAQ;AAAA,MACV,CAAC;AAED,YAAM,mBAAmB,4BAAa,SAAS,IAAI,IAAI,aAAa,QAAQ,GAAG,CAAC;AAGhF,YAAM,aAAa,QAAQ,IAAI,aAAa,eACxC,qCACA;AAEJ,uBAAiB,QAAQ,IAAI,YAAY,cAAc;AAAA,QACrD,UAAU;AAAA,QACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,QACjC,UAAU;AAAA,QACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,QACvB,MAAM;AAAA,MACR,CAAC;AAED,aAAO;AAAA,IACT,SAAS,OAAO;AACd,cAAQ,MAAM,yBAAyB,KAAK;AAC5C,aAAO,4BAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,0BAA0B,QAAQ,GAAG,CAAC;AAAA,IACxF;AAAA,EACF;AACF;","names":["import_next_auth","getNextAuthSession","NextAuthDefault","https","import_next_auth","import_server","import_jwt","https"]}

package/dist/server/index.mjs CHANGED Viewed

@@ -176,8 +176,8 @@ async function refreshAccessToken(token, clientId, clientSecret, issuer) {
       })
     };
     if (process.env.NODE_ENV !== "production" && tokenUrl.startsWith("https://")) {
-      const https = await import("https");
-      fetchOptions.agent = new https.Agent({
+      const https2 = await import("https");
+      fetchOptions.agent = new https2.Agent({
         rejectUnauthorized: false
       });
     }
@@ -253,11 +253,109 @@ function createMiddlewareConfig(protectedPaths = ["/protected"], publicPaths = [
     publicPaths
   };
 }
+// src/server/hosted-auth-callback.ts
+import { NextResponse as NextResponse2 } from "next/server";
+import https from "https";
+import { encode } from "next-auth/jwt";
+function createHostedAuthCallback(options = {}) {
+  return async function GET(request) {
+    const {
+      issuer = process.env.OAUTH42_ISSUER || "https://api.oauth42.com",
+      clientId = process.env.OAUTH42_CLIENT_ID,
+      clientSecret = process.env.OAUTH42_CLIENT_SECRET,
+      baseUrl = process.env.NEXTAUTH_URL,
+      nextAuthSecret = process.env.NEXTAUTH_SECRET,
+      redirectUrl = "/dashboard",
+      errorUrl = "/"
+    } = options;
+    if (!clientId || !clientSecret) {
+      console.error("OAuth42 client credentials are required");
+      return NextResponse2.redirect(new URL(`${errorUrl}?error=missing_credentials`, request.url));
+    }
+    if (!nextAuthSecret) {
+      console.error("NEXTAUTH_SECRET is required");
+      return NextResponse2.redirect(new URL(`${errorUrl}?error=missing_secret`, request.url));
+    }
+    const searchParams = request.nextUrl.searchParams;
+    const code = searchParams.get("code");
+    if (!code) {
+      return NextResponse2.redirect(new URL(`${errorUrl}?error=missing_code`, request.url));
+    }
+    try {
+      const tokenEndpoint = `${issuer}/oauth2/token`;
+      const body = new URLSearchParams({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: `${baseUrl}/api/oauth/callback`,
+        client_id: clientId,
+        client_secret: clientSecret
+      });
+      const fetchOptions = {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: body.toString()
+      };
+      if (process.env.NODE_ENV !== "production") {
+        const agent = new https.Agent({
+          rejectUnauthorized: false
+        });
+        fetchOptions.agent = agent;
+      }
+      const tokenResponse = await fetch(tokenEndpoint, fetchOptions);
+      const tokens = await tokenResponse.json();
+      if (!tokenResponse.ok) {
+        console.error("Token exchange failed:", tokens);
+        return NextResponse2.redirect(new URL(`${errorUrl}?error=token_exchange_failed`, request.url));
+      }
+      const userInfoEndpoint = `${issuer}/oauth2/userinfo`;
+      const userInfoResponse = await fetch(userInfoEndpoint, {
+        headers: {
+          "Authorization": `Bearer ${tokens.access_token}`
+        },
+        ...process.env.NODE_ENV !== "production" ? {
+          agent: new https.Agent({ rejectUnauthorized: false })
+        } : {}
+      });
+      const userInfo = await userInfoResponse.json();
+      const sessionToken = await encode({
+        token: {
+          accessToken: tokens.access_token,
+          refreshToken: tokens.refresh_token,
+          expiresAt: Math.floor(Date.now() / 1e3) + (tokens.expires_in || 3600),
+          idToken: tokens.id_token,
+          email: userInfo.email,
+          username: userInfo.username,
+          name: userInfo.name,
+          sub: userInfo.sub
+        },
+        secret: nextAuthSecret
+      });
+      const redirectResponse = NextResponse2.redirect(new URL(redirectUrl, request.url));
+      const cookieName = process.env.NODE_ENV === "production" ? "__Secure-next-auth.session-token" : "next-auth.session-token";
+      redirectResponse.cookies.set(cookieName, sessionToken, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        maxAge: 60 * 60 * 24 * 30,
+        // 30 days
+        path: "/"
+      });
+      return redirectResponse;
+    } catch (error) {
+      console.error("OAuth callback error:", error);
+      return NextResponse2.redirect(new URL(`${errorUrl}?error=callback_failed`, request.url));
+    }
+  };
+}
 export {
   default2 as NextAuth,
   OAuth42Provider,
   createAuth,
   createHandlers,
+  createHostedAuthCallback,
   createMiddlewareConfig,
   getOAuth42Session,
   getServerSession,

package/dist/server/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/server/auth.ts","../../src/provider.ts","../../src/server/session.ts","../../src/server/index.ts","../../src/server/middleware.ts"],"sourcesContent":["import NextAuthDefault from 'next-auth';\nimport type { NextAuthOptions } from 'next-auth';\nimport { OAuth42Provider, OAuth42Profile } from '../provider';\nimport { getOAuth42Session } from './session';\n\n// Handle both CommonJS and ESM exports\nconst NextAuth = (NextAuthDefault as any).default \|\| NextAuthDefault;\n\nexport { type NextAuthOptions };\n\nexport interface CreateAuthOptions {\n clientId?: string;\n clientSecret?: string;\n issuer?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n debug?: boolean;\n callbacks?: NextAuthOptions['callbacks'];\n pages?: NextAuthOptions['pages'];\n session?: NextAuthOptions['session'];\n}\n\n/*\n Create a pre-configured NextAuth instance for OAuth42\n * This provides a simplified setup with sensible defaults\n /\nexport function createAuth(options: CreateAuthOptions = {}) {\n const clientId = options.clientId \|\| process.env.OAUTH42_CLIENT_ID;\n const clientSecret = options.clientSecret \|\| process.env.OAUTH42_CLIENT_SECRET;\n \n if (!clientId \|\| !clientSecret) {\n throw new Error(\n 'OAuth42 client credentials are required. ' +\n 'Set OAUTH42_CLIENT_ID and OAUTH42_CLIENT_SECRET environment variables ' +\n 'or pass them in the options.'\n );\n }\n \n const authOptions: NextAuthOptions = {\n providers: [\n OAuth42Provider({\n clientId,\n clientSecret,\n issuer: options.issuer,\n scopes: options.scopes,\n pkceEnabled: options.pkceEnabled,\n }),\n ],\n \n callbacks: {\n async jwt({ token, account, profile }) {\n // Store OAuth tokens in the JWT\n if (account) {\n token.accessToken = account.access_token;\n token.refreshToken = account.refresh_token;\n token.expiresAt = account.expires_at;\n token.idToken = account.id_token;\n }\n \n // Add user profile data\n if (profile) {\n const oauth42Profile = profile as OAuth42Profile;\n token.email = oauth42Profile.email;\n token.username = oauth42Profile.username;\n token.emailVerified = oauth42Profile.email_verified;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.jwt) {\n return options.callbacks.jwt({ token, account, profile } as any);\n }\n \n return token;\n },\n \n async session({ session, token }) {\n // Add OAuth42-specific data to session\n session.accessToken = token.accessToken as string;\n session.idToken = token.idToken as string;\n \n if (session.user) {\n session.user.email = token.email as string;\n session.user.username = token.username as string;\n session.user.emailVerified = token.emailVerified as boolean;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.session) {\n return options.callbacks.session({ session, token } as any);\n }\n \n return session;\n },\n \n ...options.callbacks,\n },\n \n pages: {\n signIn: '/auth/signin',\n signOut: '/auth/signout',\n error: '/auth/error',\n ...options.pages,\n },\n \n session: {\n strategy: 'jwt',\n ...options.session,\n },\n \n debug: options.debug \|\| process.env.NODE_ENV === 'development',\n \n secret: process.env.NEXTAUTH_SECRET,\n };\n \n // Return the configuration and a function to create handlers\n return {\n auth: authOptions,\n handlers: NextAuth(authOptions),\n };\n}\n\n/\n Create NextAuth handlers for API routes\n /\nexport function createHandlers(authOptions: NextAuthOptions) {\n const handler = NextAuth(authOptions);\n return { GET: handler, POST: handler };\n}\n\n/\n Helper to get the current session server-side\n * @deprecated Use getOAuth42Session instead - this is now just an alias for backward compatibility\n * \n * This function is maintained for backward compatibility but internally\n * calls getOAuth42Session which properly handles both App Router and Pages Router\n /\nexport const getServerSession = getOAuth42Session;\n\n/\n Token refresh helper\n /\nexport async function refreshAccessToken(token: any, clientId: string, clientSecret: string, issuer?: string) {\n try {\n const baseUrl = issuer \|\| process.env.OAUTH42_ISSUER \|\| 'https://oauth42.com';\n const tokenUrl = `${baseUrl}/oauth2/token`;\n \n // In development, we need to handle self-signed certificates\n const fetchOptions: any = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: token.refreshToken,\n client_id: clientId,\n client_secret: clientSecret,\n }),\n };\n \n // Add agent for self-signed certificates in development\n if (process.env.NODE_ENV !== 'production' && tokenUrl.startsWith('https://')) {\n const https = await import('https');\n fetchOptions.agent = new https.Agent({\n rejectUnauthorized: false\n });\n }\n \n const response = await fetch(tokenUrl, fetchOptions);\n const refreshedTokens = await response.json();\n \n if (!response.ok) {\n throw refreshedTokens;\n }\n \n return {\n ...token,\n accessToken: refreshedTokens.access_token,\n refreshToken: refreshedTokens.refresh_token ?? token.refreshToken,\n // Store expiration time in seconds (Unix timestamp)\n expiresAt: Math.floor(Date.now() / 1000) + (refreshedTokens.expires_in \|\| 3600),\n // Explicitly remove any error property on successful refresh\n error: undefined,\n };\n } catch (error) {\n console.error('Failed to refresh access token:', error);\n return {\n ...token,\n error: 'RefreshAccessTokenError',\n };\n }\n}","import type { OAuthConfig, OAuthUserConfig } from 'next-auth/providers/oauth';\n\nexport interface OAuth42Profile {\n sub: string;\n email: string;\n email_verified?: boolean;\n name?: string;\n given_name?: string;\n family_name?: string;\n picture?: string;\n username?: string;\n id?: string;\n}\n\nexport interface OAuth42ProviderOptions {\n clientId: string;\n clientSecret: string;\n issuer?: string;\n authorizationUrl?: string;\n tokenUrl?: string;\n userinfoUrl?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n}\n\nexport function OAuth42Provider<P extends OAuth42Profile>(\n options: OAuthUserConfig<P> & Partial<OAuth42ProviderOptions>\n): OAuthConfig<P> {\n const issuer = options.issuer \|\| process.env.OAUTH42_ISSUER \|\| 'https://oauth42.com';\n const baseUrl = issuer.replace(/\\/$/, '');\n \n return {\n id: 'oauth42',\n name: 'OAuth42',\n type: 'oauth',\n version: '2.0',\n \n // Use OIDC discovery to automatically find endpoints\n wellKnown: `${baseUrl}/.well-known/openid-configuration`,\n \n // Also set individual endpoints for compatibility\n authorization: {\n url: `${baseUrl}/oauth2/authorize`,\n params: {\n scope: (options.scopes \|\| ['openid', 'profile', 'email']).join(' '),\n response_type: 'code',\n },\n },\n token: `${baseUrl}/oauth2/token`,\n userinfo: `${baseUrl}/oauth2/userinfo`,\n \n client: {\n id: options.clientId,\n secret: options.clientSecret,\n token_endpoint_auth_method: 'client_secret_post',\n id_token_signed_response_alg: 'HS256', // OAuth42 uses HS256 for ID tokens\n },\n \n issuer: baseUrl,\n \n checks: options.pkceEnabled !== false ? ['pkce', 'state'] : ['state'],\n \n profile(profile: OAuth42Profile, tokens: any) {\n return {\n id: profile.sub \|\| profile.id \|\| profile.email,\n email: profile.email,\n emailVerified: profile.email_verified ? new Date() : null,\n name: profile.name \|\| `${profile.given_name \|\| ''} ${profile.family_name \|\| ''}`.trim(),\n image: profile.picture,\n };\n },\n \n style: {\n logo: '/oauth42-logo.svg',\n bg: '#1e40af',\n text: '#ffffff',\n },\n \n options,\n };\n}","import { getServerSession as getNextAuthSession } from 'next-auth';\nimport { NextAuthOptions } from 'next-auth';\nimport { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';\n\n/\n Get the OAuth42 session server-side\n * \n * This is the primary method for retrieving sessions in OAuth42 SDK.\n * Supports both Pages Router and App Router:\n * \n * App Router:\n * ```ts\n * const session = await getOAuth42Session(authOptions);\n * ```\n * \n * Pages Router:\n * ```ts\n * const session = await getOAuth42Session(req, res, authOptions);\n * ```\n /\nexport async function getOAuth42Session(\n ...args: \n \| [GetServerSidePropsContext['req'], GetServerSidePropsContext['res'], NextAuthOptions]\n \| [NextApiRequest, NextApiResponse, NextAuthOptions]\n \| [NextAuthOptions]\n) {\n return getNextAuthSession(...args as any);\n}\n\n/\n Helper for protecting API routes\n /\nexport function withOAuth42Session(\n handler: (req: NextApiRequest, res: NextApiResponse, session: any) => Promise<void> \| void,\n authOptions: NextAuthOptions\n) {\n return async (req: NextApiRequest, res: NextApiResponse) => {\n const session = await getOAuth42Session(req, res, authOptions);\n \n if (!session) {\n return res.status(401).json({ error: 'Unauthorized' });\n }\n \n return handler(req, res, session);\n };\n}\n\n/\n Helper for protecting server-side props\n /\nexport function withOAuth42ServerSideProps(\n getServerSideProps: (\n context: GetServerSidePropsContext,\n session: any\n ) => Promise<any>,\n authOptions: NextAuthOptions\n) {\n return async (context: GetServerSidePropsContext) => {\n const session = await getOAuth42Session(\n context.req,\n context.res,\n authOptions\n );\n \n if (!session) {\n return {\n redirect: {\n destination: '/auth/signin',\n permanent: false,\n },\n };\n }\n \n return getServerSideProps(context, session);\n };\n}","// Server-side exports\nexport { createAuth, createHandlers, getServerSession, refreshAccessToken } from './auth';\nexport type { CreateAuthOptions, NextAuthOptions } from './auth';\n\n// Re-export NextAuth from next-auth\nexport { default as NextAuth } from 'next-auth';\n\n// Re-export OAuth42Provider\nexport { OAuth42Provider } from '../provider';\n\nexport { withOAuth42Auth, createMiddlewareConfig } from './middleware';\nexport type { OAuth42AuthOptions } from './middleware';\n\nexport { getOAuth42Session, withOAuth42Session, withOAuth42ServerSideProps } from './session';","import { NextRequest, NextResponse } from 'next/server';\nimport { getToken } from 'next-auth/jwt';\n\nexport interface OAuth42AuthOptions {\n pages?: {\n signIn?: string;\n error?: string;\n };\n callbacks?: {\n authorized?: (params: { token: any; req: NextRequest }) => boolean \| Promise<boolean>;\n };\n protectedPaths?: string[];\n publicPaths?: string[];\n}\n\n/\n Middleware helper for protecting routes with OAuth42\n /\nexport function withOAuth42Auth(options: OAuth42AuthOptions = {}) {\n return async function middleware(req: NextRequest) {\n const token = await getToken({ \n req: req as any, \n secret: process.env.NEXTAUTH_SECRET \n });\n \n const pathname = req.nextUrl.pathname;\n \n // Check if path is explicitly public\n if (options.publicPaths?.some(path => pathname.startsWith(path))) {\n return NextResponse.next();\n }\n \n // Check if path needs protection\n const needsProtection = options.protectedPaths\n ? options.protectedPaths.some(path => pathname.startsWith(path))\n : true; // Default to protecting all paths\n \n if (!needsProtection) {\n return NextResponse.next();\n }\n \n // Check authorization\n let isAuthorized = !!token;\n \n if (options.callbacks?.authorized) {\n isAuthorized = await options.callbacks.authorized({ token, req });\n }\n \n if (!isAuthorized) {\n const signInUrl = options.pages?.signIn \|\| '/auth/signin';\n const url = new URL(signInUrl, req.url);\n url.searchParams.set('callbackUrl', pathname);\n return NextResponse.redirect(url);\n }\n \n return NextResponse.next();\n };\n}\n\n/\n Helper to create middleware configuration\n /\nexport function createMiddlewareConfig(\n protectedPaths: string[] = ['/protected'],\n publicPaths: string[] = ['/auth', '/api/auth']\n) {\n return {\n matcher: [\n /\n * Match all request paths except for the ones starting with:\n * - _next/static (static files)\n * - _next/image (image optimization files)\n * - favicon.ico (favicon file)\n * - public folder\n /\n '/((?!_next/static\|_next/image\|favicon.ico\|public).)',\n ],\n protectedPaths,\n publicPaths,\n };\n}"],"mappings":";AAAA,OAAO,qBAAqB;;;ACyBrB,SAAS,gBACd,SACgB;AAChB,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,kBAAkB;AAC/D,QAAM,UAAU,OAAO,QAAQ,OAAO,EAAE;AAExC,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA;AAAA,IAGT,WAAW,GAAG,OAAO;AAAA;AAAA,IAGrB,eAAe;AAAA,MACb,KAAK,GAAG,OAAO;AAAA,MACf,QAAQ;AAAA,QACN,QAAQ,QAAQ,UAAU,CAAC,UAAU,WAAW,OAAO,GAAG,KAAK,GAAG;AAAA,QAClE,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,IACA,OAAO,GAAG,OAAO;AAAA,IACjB,UAAU,GAAG,OAAO;AAAA,IAEpB,QAAQ;AAAA,MACN,IAAI,QAAQ;AAAA,MACZ,QAAQ,QAAQ;AAAA,MAChB,4BAA4B;AAAA,MAC5B,8BAA8B;AAAA;AAAA,IAChC;AAAA,IAEA,QAAQ;AAAA,IAER,QAAQ,QAAQ,gBAAgB,QAAQ,CAAC,QAAQ,OAAO,IAAI,CAAC,OAAO;AAAA,IAEpE,QAAQ,SAAyB,QAAa;AAC5C,aAAO;AAAA,QACL,IAAI,QAAQ,OAAO,QAAQ,MAAM,QAAQ;AAAA,QACzC,OAAO,QAAQ;AAAA,QACf,eAAe,QAAQ,iBAAiB,oBAAI,KAAK,IAAI;AAAA,QACrD,MAAM,QAAQ,QAAQ,GAAG,QAAQ,cAAc,EAAE,IAAI,QAAQ,eAAe,EAAE,GAAG,KAAK;AAAA,QACtF,OAAO,QAAQ;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,IAAI;AAAA,MACJ,MAAM;AAAA,IACR;AAAA,IAEA;AAAA,EACF;AACF;;;AChFA,SAAS,oBAAoB,0BAA0B;AAoBvD,eAAsB,qBACjB,MAIH;AACA,SAAO,mBAAmB,GAAG,IAAW;AAC1C;AAKO,SAAS,mBACd,SACA,aACA;AACA,SAAO,OAAO,KAAqB,QAAyB;AAC1D,UAAM,UAAU,MAAM,kBAAkB,KAAK,KAAK,WAAW;AAE7D,QAAI,CAAC,SAAS;AACZ,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,IACvD;AAEA,WAAO,QAAQ,KAAK,KAAK,OAAO;AAAA,EAClC;AACF;AAKO,SAAS,2BACd,oBAIA,aACA;AACA,SAAO,OAAO,YAAuC;AACnD,UAAM,UAAU,MAAM;AAAA,MACpB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF;AAEA,WAAO,mBAAmB,SAAS,OAAO;AAAA,EAC5C;AACF;;;AFrEA,IAAM,WAAY,gBAAwB,WAAW;AAoB9C,SAAS,WAAW,UAA6B,CAAC,GAAG;AAC1D,QAAM,WAAW,QAAQ,YAAY,QAAQ,IAAI;AACjD,QAAM,eAAe,QAAQ,gBAAgB,QAAQ,IAAI;AAEzD,MAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,UAAM,IAAI;AAAA,MACR;AAAA,IAGF;AAAA,EACF;AAEA,QAAM,cAA+B;AAAA,IACnC,WAAW;AAAA,MACT,gBAAgB;AAAA,QACd;AAAA,QACA;AAAA,QACA,QAAQ,QAAQ;AAAA,QAChB,QAAQ,QAAQ;AAAA,QAChB,aAAa,QAAQ;AAAA,MACvB,CAAC;AAAA,IACH;AAAA,IAEA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,SAAS,QAAQ,GAAG;AAErC,YAAI,SAAS;AACX,gBAAM,cAAc,QAAQ;AAC5B,gBAAM,eAAe,QAAQ;AAC7B,gBAAM,YAAY,QAAQ;AAC1B,gBAAM,UAAU,QAAQ;AAAA,QAC1B;AAGA,YAAI,SAAS;AACX,gBAAM,iBAAiB;AACvB,gBAAM,QAAQ,eAAe;AAC7B,gBAAM,WAAW,eAAe;AAChC,gBAAM,gBAAgB,eAAe;AAAA,QACvC;AAGA,YAAI,QAAQ,WAAW,KAAK;AAC1B,iBAAO,QAAQ,UAAU,IAAI,EAAE,OAAO,SAAS,QAAQ,CAAQ;AAAA,QACjE;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAEhC,gBAAQ,cAAc,MAAM;AAC5B,gBAAQ,UAAU,MAAM;AAExB,YAAI,QAAQ,MAAM;AAChB,kBAAQ,KAAK,QAAQ,MAAM;AAC3B,kBAAQ,KAAK,WAAW,MAAM;AAC9B,kBAAQ,KAAK,gBAAgB,MAAM;AAAA,QACrC;AAGA,YAAI,QAAQ,WAAW,SAAS;AAC9B,iBAAO,QAAQ,UAAU,QAAQ,EAAE,SAAS,MAAM,CAAQ;AAAA,QAC5D;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAO;AAAA,MACP,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,SAAS;AAAA,MACP,UAAU;AAAA,MACV,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAAA,IAEjD,QAAQ,QAAQ,IAAI;AAAA,EACtB;AAGA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,SAAS,WAAW;AAAA,EAChC;AACF;AAKO,SAAS,eAAe,aAA8B;AAC3D,QAAM,UAAU,SAAS,WAAW;AACpC,SAAO,EAAE,KAAK,SAAS,MAAM,QAAQ;AACvC;AASO,IAAM,mBAAmB;AAKhC,eAAsB,mBAAmB,OAAY,UAAkB,cAAsB,QAAiB;AAC5G,MAAI;AACF,UAAM,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AACxD,UAAM,WAAW,GAAG,OAAO;AAG3B,UAAM,eAAoB;AAAA,MACxB,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,IAAI,gBAAgB;AAAA,QACxB,YAAY;AAAA,QACZ,eAAe,MAAM;AAAA,QACrB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAAA,IACH;AAGA,QAAI,QAAQ,IAAI,aAAa,gBAAgB,SAAS,WAAW,UAAU,GAAG;AAC5E,YAAM,QAAQ,MAAM,OAAO,OAAO;AAClC,mBAAa,QAAQ,IAAI,MAAM,MAAM;AAAA,QACnC,oBAAoB;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,UAAM,WAAW,MAAM,MAAM,UAAU,YAAY;AACnD,UAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,MACL,GAAG;AAAA,MACH,aAAa,gBAAgB;AAAA,MAC7B,cAAc,gBAAgB,iBAAiB,MAAM;AAAA;AAAA,MAErD,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,gBAAgB,cAAc;AAAA;AAAA,MAE1E,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,mCAAmC,KAAK;AACtD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AG1LA,SAAoB,WAAXA,gBAA2B;;;ACLpC,SAAsB,oBAAoB;AAC1C,SAAS,gBAAgB;AAiBlB,SAAS,gBAAgB,UAA8B,CAAC,GAAG;AAChE,SAAO,eAAe,WAAW,KAAkB;AACjD,UAAM,QAAQ,MAAM,SAAS;AAAA,MAC3B;AAAA,MACA,QAAQ,QAAQ,IAAI;AAAA,IACtB,CAAC;AAED,UAAM,WAAW,IAAI,QAAQ;AAG7B,QAAI,QAAQ,aAAa,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,GAAG;AAChE,aAAO,aAAa,KAAK;AAAA,IAC3B;AAGA,UAAM,kBAAkB,QAAQ,iBAC5B,QAAQ,eAAe,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,IAC7D;AAEJ,QAAI,CAAC,iBAAiB;AACpB,aAAO,aAAa,KAAK;AAAA,IAC3B;AAGA,QAAI,eAAe,CAAC,CAAC;AAErB,QAAI,QAAQ,WAAW,YAAY;AACjC,qBAAe,MAAM,QAAQ,UAAU,WAAW,EAAE,OAAO,IAAI,CAAC;AAAA,IAClE;AAEA,QAAI,CAAC,cAAc;AACjB,YAAM,YAAY,QAAQ,OAAO,UAAU;AAC3C,YAAM,MAAM,IAAI,IAAI,WAAW,IAAI,GAAG;AACtC,UAAI,aAAa,IAAI,eAAe,QAAQ;AAC5C,aAAO,aAAa,SAAS,GAAG;AAAA,IAClC;AAEA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAKO,SAAS,uBACd,iBAA2B,CAAC,YAAY,GACxC,cAAwB,CAAC,SAAS,WAAW,GAC7C;AACA,SAAO;AAAA,IACL,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAQP;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["default"]}
1	+ {"version":3,"sources":["../../src/server/auth.ts","../../src/provider.ts","../../src/server/session.ts","../../src/server/index.ts","../../src/server/middleware.ts","../../src/server/hosted-auth-callback.ts"],"sourcesContent":["import NextAuthDefault from 'next-auth';\nimport type { NextAuthOptions } from 'next-auth';\nimport { OAuth42Provider, OAuth42Profile } from '../provider';\nimport { getOAuth42Session } from './session';\n\n// Handle both CommonJS and ESM exports\nconst NextAuth = (NextAuthDefault as any).default \|\| NextAuthDefault;\n\nexport { type NextAuthOptions };\n\nexport interface CreateAuthOptions {\n clientId?: string;\n clientSecret?: string;\n issuer?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n debug?: boolean;\n callbacks?: NextAuthOptions['callbacks'];\n pages?: NextAuthOptions['pages'];\n session?: NextAuthOptions['session'];\n}\n\n/*\n Create a pre-configured NextAuth instance for OAuth42\n * This provides a simplified setup with sensible defaults\n /\nexport function createAuth(options: CreateAuthOptions = {}) {\n const clientId = options.clientId \|\| process.env.OAUTH42_CLIENT_ID;\n const clientSecret = options.clientSecret \|\| process.env.OAUTH42_CLIENT_SECRET;\n \n if (!clientId \|\| !clientSecret) {\n throw new Error(\n 'OAuth42 client credentials are required. ' +\n 'Set OAUTH42_CLIENT_ID and OAUTH42_CLIENT_SECRET environment variables ' +\n 'or pass them in the options.'\n );\n }\n \n const authOptions: NextAuthOptions = {\n providers: [\n OAuth42Provider({\n clientId,\n clientSecret,\n issuer: options.issuer,\n scopes: options.scopes,\n pkceEnabled: options.pkceEnabled,\n }),\n ],\n \n callbacks: {\n async jwt({ token, account, profile }) {\n // Store OAuth tokens in the JWT\n if (account) {\n token.accessToken = account.access_token;\n token.refreshToken = account.refresh_token;\n token.expiresAt = account.expires_at;\n token.idToken = account.id_token;\n }\n \n // Add user profile data\n if (profile) {\n const oauth42Profile = profile as OAuth42Profile;\n token.email = oauth42Profile.email;\n token.username = oauth42Profile.username;\n token.emailVerified = oauth42Profile.email_verified;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.jwt) {\n return options.callbacks.jwt({ token, account, profile } as any);\n }\n \n return token;\n },\n \n async session({ session, token }) {\n // Add OAuth42-specific data to session\n session.accessToken = token.accessToken as string;\n session.idToken = token.idToken as string;\n \n if (session.user) {\n session.user.email = token.email as string;\n session.user.username = token.username as string;\n session.user.emailVerified = token.emailVerified as boolean;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.session) {\n return options.callbacks.session({ session, token } as any);\n }\n \n return session;\n },\n \n ...options.callbacks,\n },\n \n pages: {\n signIn: '/auth/signin',\n signOut: '/auth/signout',\n error: '/auth/error',\n ...options.pages,\n },\n \n session: {\n strategy: 'jwt',\n ...options.session,\n },\n \n debug: options.debug \|\| process.env.NODE_ENV === 'development',\n \n secret: process.env.NEXTAUTH_SECRET,\n };\n \n // Return the configuration and a function to create handlers\n return {\n auth: authOptions,\n handlers: NextAuth(authOptions),\n };\n}\n\n/\n Create NextAuth handlers for API routes\n /\nexport function createHandlers(authOptions: NextAuthOptions) {\n const handler = NextAuth(authOptions);\n return { GET: handler, POST: handler };\n}\n\n/\n Helper to get the current session server-side\n * @deprecated Use getOAuth42Session instead - this is now just an alias for backward compatibility\n * \n * This function is maintained for backward compatibility but internally\n * calls getOAuth42Session which properly handles both App Router and Pages Router\n /\nexport const getServerSession = getOAuth42Session;\n\n/\n Token refresh helper\n /\nexport async function refreshAccessToken(token: any, clientId: string, clientSecret: string, issuer?: string) {\n try {\n const baseUrl = issuer \|\| process.env.OAUTH42_ISSUER \|\| 'https://oauth42.com';\n const tokenUrl = `${baseUrl}/oauth2/token`;\n \n // In development, we need to handle self-signed certificates\n const fetchOptions: any = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: token.refreshToken,\n client_id: clientId,\n client_secret: clientSecret,\n }),\n };\n \n // Add agent for self-signed certificates in development\n if (process.env.NODE_ENV !== 'production' && tokenUrl.startsWith('https://')) {\n const https = await import('https');\n fetchOptions.agent = new https.Agent({\n rejectUnauthorized: false\n });\n }\n \n const response = await fetch(tokenUrl, fetchOptions);\n const refreshedTokens = await response.json();\n \n if (!response.ok) {\n throw refreshedTokens;\n }\n \n return {\n ...token,\n accessToken: refreshedTokens.access_token,\n refreshToken: refreshedTokens.refresh_token ?? token.refreshToken,\n // Store expiration time in seconds (Unix timestamp)\n expiresAt: Math.floor(Date.now() / 1000) + (refreshedTokens.expires_in \|\| 3600),\n // Explicitly remove any error property on successful refresh\n error: undefined,\n };\n } catch (error) {\n console.error('Failed to refresh access token:', error);\n return {\n ...token,\n error: 'RefreshAccessTokenError',\n };\n }\n}","import type { OAuthConfig, OAuthUserConfig } from 'next-auth/providers/oauth';\n\nexport interface OAuth42Profile {\n sub: string;\n email: string;\n email_verified?: boolean;\n name?: string;\n given_name?: string;\n family_name?: string;\n picture?: string;\n username?: string;\n id?: string;\n}\n\nexport interface OAuth42ProviderOptions {\n clientId: string;\n clientSecret: string;\n issuer?: string;\n authorizationUrl?: string;\n tokenUrl?: string;\n userinfoUrl?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n}\n\nexport function OAuth42Provider<P extends OAuth42Profile>(\n options: OAuthUserConfig<P> & Partial<OAuth42ProviderOptions>\n): OAuthConfig<P> {\n const issuer = options.issuer \|\| process.env.OAUTH42_ISSUER \|\| 'https://oauth42.com';\n const baseUrl = issuer.replace(/\\/$/, '');\n \n return {\n id: 'oauth42',\n name: 'OAuth42',\n type: 'oauth',\n version: '2.0',\n \n // Use OIDC discovery to automatically find endpoints\n wellKnown: `${baseUrl}/.well-known/openid-configuration`,\n \n // Also set individual endpoints for compatibility\n authorization: {\n url: `${baseUrl}/oauth2/authorize`,\n params: {\n scope: (options.scopes \|\| ['openid', 'profile', 'email']).join(' '),\n response_type: 'code',\n },\n },\n token: `${baseUrl}/oauth2/token`,\n userinfo: `${baseUrl}/oauth2/userinfo`,\n \n client: {\n id: options.clientId,\n secret: options.clientSecret,\n token_endpoint_auth_method: 'client_secret_post',\n id_token_signed_response_alg: 'HS256', // OAuth42 uses HS256 for ID tokens\n },\n \n issuer: baseUrl,\n \n checks: options.pkceEnabled !== false ? ['pkce', 'state'] : ['state'],\n \n profile(profile: OAuth42Profile, tokens: any) {\n return {\n id: profile.sub \|\| profile.id \|\| profile.email,\n email: profile.email,\n emailVerified: profile.email_verified ? new Date() : null,\n name: profile.name \|\| `${profile.given_name \|\| ''} ${profile.family_name \|\| ''}`.trim(),\n image: profile.picture,\n };\n },\n \n style: {\n logo: '/oauth42-logo.svg',\n bg: '#1e40af',\n text: '#ffffff',\n },\n \n options,\n };\n}","import { getServerSession as getNextAuthSession } from 'next-auth';\nimport { NextAuthOptions } from 'next-auth';\nimport { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';\n\n/\n Get the OAuth42 session server-side\n * \n * This is the primary method for retrieving sessions in OAuth42 SDK.\n * Supports both Pages Router and App Router:\n * \n * App Router:\n * ```ts\n * const session = await getOAuth42Session(authOptions);\n * ```\n * \n * Pages Router:\n * ```ts\n * const session = await getOAuth42Session(req, res, authOptions);\n * ```\n /\nexport async function getOAuth42Session(\n ...args: \n \| [GetServerSidePropsContext['req'], GetServerSidePropsContext['res'], NextAuthOptions]\n \| [NextApiRequest, NextApiResponse, NextAuthOptions]\n \| [NextAuthOptions]\n) {\n return getNextAuthSession(...args as any);\n}\n\n/\n Helper for protecting API routes\n /\nexport function withOAuth42Session(\n handler: (req: NextApiRequest, res: NextApiResponse, session: any) => Promise<void> \| void,\n authOptions: NextAuthOptions\n) {\n return async (req: NextApiRequest, res: NextApiResponse) => {\n const session = await getOAuth42Session(req, res, authOptions);\n \n if (!session) {\n return res.status(401).json({ error: 'Unauthorized' });\n }\n \n return handler(req, res, session);\n };\n}\n\n/\n Helper for protecting server-side props\n /\nexport function withOAuth42ServerSideProps(\n getServerSideProps: (\n context: GetServerSidePropsContext,\n session: any\n ) => Promise<any>,\n authOptions: NextAuthOptions\n) {\n return async (context: GetServerSidePropsContext) => {\n const session = await getOAuth42Session(\n context.req,\n context.res,\n authOptions\n );\n \n if (!session) {\n return {\n redirect: {\n destination: '/auth/signin',\n permanent: false,\n },\n };\n }\n \n return getServerSideProps(context, session);\n };\n}","// Server-side exports\nexport { createAuth, createHandlers, getServerSession, refreshAccessToken } from './auth';\nexport type { CreateAuthOptions, NextAuthOptions } from './auth';\n\n// Re-export NextAuth from next-auth\nexport { default as NextAuth } from 'next-auth';\n\n// Re-export OAuth42Provider\nexport { OAuth42Provider } from '../provider';\n\nexport { withOAuth42Auth, createMiddlewareConfig } from './middleware';\nexport type { OAuth42AuthOptions } from './middleware';\n\nexport { getOAuth42Session, withOAuth42Session, withOAuth42ServerSideProps } from './session';\n\n// Hosted auth callback handler\nexport { createHostedAuthCallback } from './hosted-auth-callback';\nexport type { HostedAuthCallbackOptions } from './hosted-auth-callback';","import { NextRequest, NextResponse } from 'next/server';\nimport { getToken } from 'next-auth/jwt';\n\nexport interface OAuth42AuthOptions {\n pages?: {\n signIn?: string;\n error?: string;\n };\n callbacks?: {\n authorized?: (params: { token: any; req: NextRequest }) => boolean \| Promise<boolean>;\n };\n protectedPaths?: string[];\n publicPaths?: string[];\n}\n\n/\n Middleware helper for protecting routes with OAuth42\n /\nexport function withOAuth42Auth(options: OAuth42AuthOptions = {}) {\n return async function middleware(req: NextRequest) {\n const token = await getToken({ \n req: req as any, \n secret: process.env.NEXTAUTH_SECRET \n });\n \n const pathname = req.nextUrl.pathname;\n \n // Check if path is explicitly public\n if (options.publicPaths?.some(path => pathname.startsWith(path))) {\n return NextResponse.next();\n }\n \n // Check if path needs protection\n const needsProtection = options.protectedPaths\n ? options.protectedPaths.some(path => pathname.startsWith(path))\n : true; // Default to protecting all paths\n \n if (!needsProtection) {\n return NextResponse.next();\n }\n \n // Check authorization\n let isAuthorized = !!token;\n \n if (options.callbacks?.authorized) {\n isAuthorized = await options.callbacks.authorized({ token, req });\n }\n \n if (!isAuthorized) {\n const signInUrl = options.pages?.signIn \|\| '/auth/signin';\n const url = new URL(signInUrl, req.url);\n url.searchParams.set('callbackUrl', pathname);\n return NextResponse.redirect(url);\n }\n \n return NextResponse.next();\n };\n}\n\n/\n Helper to create middleware configuration\n /\nexport function createMiddlewareConfig(\n protectedPaths: string[] = ['/protected'],\n publicPaths: string[] = ['/auth', '/api/auth']\n) {\n return {\n matcher: [\n /\n * Match all request paths except for the ones starting with:\n * - _next/static (static files)\n * - _next/image (image optimization files)\n * - favicon.ico (favicon file)\n * - public folder\n /\n '/((?!_next/static\|_next/image\|favicon.ico\|public).)',\n ],\n protectedPaths,\n publicPaths,\n };\n}","import { NextRequest, NextResponse } from 'next/server';\nimport https from 'https';\nimport { encode } from 'next-auth/jwt';\n\nexport interface HostedAuthCallbackOptions {\n /*\n OAuth42 issuer URL (e.g., 'https://api.oauth42.com' or 'https://localhost:8443')\n /\n issuer?: string;\n\n /\n OAuth2 client ID\n /\n clientId?: string;\n\n /\n OAuth2 client secret\n /\n clientSecret?: string;\n\n /\n Application base URL (e.g., 'http://localhost:3000')\n /\n baseUrl?: string;\n\n /\n NextAuth secret for JWT encoding\n /\n nextAuthSecret?: string;\n\n /\n URL to redirect to after successful authentication\n * @default '/dashboard'\n /\n redirectUrl?: string;\n\n /\n URL to redirect to on error\n * @default '/'\n /\n errorUrl?: string;\n}\n\n/\n Creates a handler for OAuth42 hosted auth callback that integrates with NextAuth.\n \n This function handles the OAuth callback, exchanges the authorization code for tokens,\n * fetches user info, and creates a NextAuth-compatible session cookie.\n \n @example\n * ```typescript\n * // app/api/oauth/callback/route.ts\n * import { createHostedAuthCallback } from '@oauth42/next/server';\n \n export const GET = createHostedAuthCallback({\n * redirectUrl: '/dashboard',\n * });\n * ```\n /\nexport function createHostedAuthCallback(options: HostedAuthCallbackOptions = {}) {\n return async function GET(request: NextRequest) {\n const {\n issuer = process.env.OAUTH42_ISSUER \|\| 'https://api.oauth42.com',\n clientId = process.env.OAUTH42_CLIENT_ID,\n clientSecret = process.env.OAUTH42_CLIENT_SECRET,\n baseUrl = process.env.NEXTAUTH_URL,\n nextAuthSecret = process.env.NEXTAUTH_SECRET,\n redirectUrl = '/dashboard',\n errorUrl = '/',\n } = options;\n\n if (!clientId \|\| !clientSecret) {\n console.error('OAuth42 client credentials are required');\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_credentials`, request.url));\n }\n\n if (!nextAuthSecret) {\n console.error('NEXTAUTH_SECRET is required');\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_secret`, request.url));\n }\n\n const searchParams = request.nextUrl.searchParams;\n const code = searchParams.get('code');\n\n if (!code) {\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_code`, request.url));\n }\n\n try {\n // Exchange authorization code for tokens\n const tokenEndpoint = `${issuer}/oauth2/token`;\n\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n redirect_uri: `${baseUrl}/api/oauth/callback`,\n client_id: clientId,\n client_secret: clientSecret,\n });\n\n // For development, use custom agent to disable SSL verification\n const fetchOptions: RequestInit = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: body.toString(),\n };\n\n if (process.env.NODE_ENV !== 'production') {\n const agent = new https.Agent({\n rejectUnauthorized: false,\n });\n (fetchOptions as any).agent = agent;\n }\n\n const tokenResponse = await fetch(tokenEndpoint, fetchOptions);\n const tokens = await tokenResponse.json();\n\n if (!tokenResponse.ok) {\n console.error('Token exchange failed:', tokens);\n return NextResponse.redirect(new URL(`${errorUrl}?error=token_exchange_failed`, request.url));\n }\n\n // Fetch user info\n const userInfoEndpoint = `${issuer}/oauth2/userinfo`;\n const userInfoResponse = await fetch(userInfoEndpoint, {\n headers: {\n 'Authorization': `Bearer ${tokens.access_token}`,\n },\n ...(process.env.NODE_ENV !== 'production' ? {\n agent: new https.Agent({ rejectUnauthorized: false })\n } as any : {})\n });\n\n const userInfo = await userInfoResponse.json();\n\n // Create NextAuth-compatible session token\n const sessionToken = await encode({\n token: {\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token,\n expiresAt: Math.floor(Date.now() / 1000) + (tokens.expires_in \|\| 3600),\n idToken: tokens.id_token,\n email: userInfo.email,\n username: userInfo.username,\n name: userInfo.name,\n sub: userInfo.sub,\n },\n secret: nextAuthSecret,\n });\n\n const redirectResponse = NextResponse.redirect(new URL(redirectUrl, request.url));\n\n // Set NextAuth session cookie\n const cookieName = process.env.NODE_ENV === 'production'\n ? '__Secure-next-auth.session-token'\n : 'next-auth.session-token';\n\n redirectResponse.cookies.set(cookieName, sessionToken, {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'lax',\n maxAge: 60 60 * 24 * 30, // 30 days\n path: '/',\n });\n\n return redirectResponse;\n } catch (error) {\n console.error('OAuth callback error:', error);\n return NextResponse.redirect(new URL(`${errorUrl}?error=callback_failed`, request.url));\n }\n };\n}\n"],"mappings":";AAAA,OAAO,qBAAqB;;;ACyBrB,SAAS,gBACd,SACgB;AAChB,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,kBAAkB;AAC/D,QAAM,UAAU,OAAO,QAAQ,OAAO,EAAE;AAExC,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA;AAAA,IAGT,WAAW,GAAG,OAAO;AAAA;AAAA,IAGrB,eAAe;AAAA,MACb,KAAK,GAAG,OAAO;AAAA,MACf,QAAQ;AAAA,QACN,QAAQ,QAAQ,UAAU,CAAC,UAAU,WAAW,OAAO,GAAG,KAAK,GAAG;AAAA,QAClE,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,IACA,OAAO,GAAG,OAAO;AAAA,IACjB,UAAU,GAAG,OAAO;AAAA,IAEpB,QAAQ;AAAA,MACN,IAAI,QAAQ;AAAA,MACZ,QAAQ,QAAQ;AAAA,MAChB,4BAA4B;AAAA,MAC5B,8BAA8B;AAAA;AAAA,IAChC;AAAA,IAEA,QAAQ;AAAA,IAER,QAAQ,QAAQ,gBAAgB,QAAQ,CAAC,QAAQ,OAAO,IAAI,CAAC,OAAO;AAAA,IAEpE,QAAQ,SAAyB,QAAa;AAC5C,aAAO;AAAA,QACL,IAAI,QAAQ,OAAO,QAAQ,MAAM,QAAQ;AAAA,QACzC,OAAO,QAAQ;AAAA,QACf,eAAe,QAAQ,iBAAiB,oBAAI,KAAK,IAAI;AAAA,QACrD,MAAM,QAAQ,QAAQ,GAAG,QAAQ,cAAc,EAAE,IAAI,QAAQ,eAAe,EAAE,GAAG,KAAK;AAAA,QACtF,OAAO,QAAQ;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,IAAI;AAAA,MACJ,MAAM;AAAA,IACR;AAAA,IAEA;AAAA,EACF;AACF;;;AChFA,SAAS,oBAAoB,0BAA0B;AAoBvD,eAAsB,qBACjB,MAIH;AACA,SAAO,mBAAmB,GAAG,IAAW;AAC1C;AAKO,SAAS,mBACd,SACA,aACA;AACA,SAAO,OAAO,KAAqB,QAAyB;AAC1D,UAAM,UAAU,MAAM,kBAAkB,KAAK,KAAK,WAAW;AAE7D,QAAI,CAAC,SAAS;AACZ,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,IACvD;AAEA,WAAO,QAAQ,KAAK,KAAK,OAAO;AAAA,EAClC;AACF;AAKO,SAAS,2BACd,oBAIA,aACA;AACA,SAAO,OAAO,YAAuC;AACnD,UAAM,UAAU,MAAM;AAAA,MACpB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF;AAEA,WAAO,mBAAmB,SAAS,OAAO;AAAA,EAC5C;AACF;;;AFrEA,IAAM,WAAY,gBAAwB,WAAW;AAoB9C,SAAS,WAAW,UAA6B,CAAC,GAAG;AAC1D,QAAM,WAAW,QAAQ,YAAY,QAAQ,IAAI;AACjD,QAAM,eAAe,QAAQ,gBAAgB,QAAQ,IAAI;AAEzD,MAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,UAAM,IAAI;AAAA,MACR;AAAA,IAGF;AAAA,EACF;AAEA,QAAM,cAA+B;AAAA,IACnC,WAAW;AAAA,MACT,gBAAgB;AAAA,QACd;AAAA,QACA;AAAA,QACA,QAAQ,QAAQ;AAAA,QAChB,QAAQ,QAAQ;AAAA,QAChB,aAAa,QAAQ;AAAA,MACvB,CAAC;AAAA,IACH;AAAA,IAEA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,SAAS,QAAQ,GAAG;AAErC,YAAI,SAAS;AACX,gBAAM,cAAc,QAAQ;AAC5B,gBAAM,eAAe,QAAQ;AAC7B,gBAAM,YAAY,QAAQ;AAC1B,gBAAM,UAAU,QAAQ;AAAA,QAC1B;AAGA,YAAI,SAAS;AACX,gBAAM,iBAAiB;AACvB,gBAAM,QAAQ,eAAe;AAC7B,gBAAM,WAAW,eAAe;AAChC,gBAAM,gBAAgB,eAAe;AAAA,QACvC;AAGA,YAAI,QAAQ,WAAW,KAAK;AAC1B,iBAAO,QAAQ,UAAU,IAAI,EAAE,OAAO,SAAS,QAAQ,CAAQ;AAAA,QACjE;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAEhC,gBAAQ,cAAc,MAAM;AAC5B,gBAAQ,UAAU,MAAM;AAExB,YAAI,QAAQ,MAAM;AAChB,kBAAQ,KAAK,QAAQ,MAAM;AAC3B,kBAAQ,KAAK,WAAW,MAAM;AAC9B,kBAAQ,KAAK,gBAAgB,MAAM;AAAA,QACrC;AAGA,YAAI,QAAQ,WAAW,SAAS;AAC9B,iBAAO,QAAQ,UAAU,QAAQ,EAAE,SAAS,MAAM,CAAQ;AAAA,QAC5D;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAO;AAAA,MACP,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,SAAS;AAAA,MACP,UAAU;AAAA,MACV,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAAA,IAEjD,QAAQ,QAAQ,IAAI;AAAA,EACtB;AAGA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,SAAS,WAAW;AAAA,EAChC;AACF;AAKO,SAAS,eAAe,aAA8B;AAC3D,QAAM,UAAU,SAAS,WAAW;AACpC,SAAO,EAAE,KAAK,SAAS,MAAM,QAAQ;AACvC;AASO,IAAM,mBAAmB;AAKhC,eAAsB,mBAAmB,OAAY,UAAkB,cAAsB,QAAiB;AAC5G,MAAI;AACF,UAAM,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AACxD,UAAM,WAAW,GAAG,OAAO;AAG3B,UAAM,eAAoB;AAAA,MACxB,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,IAAI,gBAAgB;AAAA,QACxB,YAAY;AAAA,QACZ,eAAe,MAAM;AAAA,QACrB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAAA,IACH;AAGA,QAAI,QAAQ,IAAI,aAAa,gBAAgB,SAAS,WAAW,UAAU,GAAG;AAC5E,YAAMA,SAAQ,MAAM,OAAO,OAAO;AAClC,mBAAa,QAAQ,IAAIA,OAAM,MAAM;AAAA,QACnC,oBAAoB;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,UAAM,WAAW,MAAM,MAAM,UAAU,YAAY;AACnD,UAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,MACL,GAAG;AAAA,MACH,aAAa,gBAAgB;AAAA,MAC7B,cAAc,gBAAgB,iBAAiB,MAAM;AAAA;AAAA,MAErD,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,gBAAgB,cAAc;AAAA;AAAA,MAE1E,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,mCAAmC,KAAK;AACtD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AG1LA,SAAoB,WAAXC,gBAA2B;;;ACLpC,SAAsB,oBAAoB;AAC1C,SAAS,gBAAgB;AAiBlB,SAAS,gBAAgB,UAA8B,CAAC,GAAG;AAChE,SAAO,eAAe,WAAW,KAAkB;AACjD,UAAM,QAAQ,MAAM,SAAS;AAAA,MAC3B;AAAA,MACA,QAAQ,QAAQ,IAAI;AAAA,IACtB,CAAC;AAED,UAAM,WAAW,IAAI,QAAQ;AAG7B,QAAI,QAAQ,aAAa,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,GAAG;AAChE,aAAO,aAAa,KAAK;AAAA,IAC3B;AAGA,UAAM,kBAAkB,QAAQ,iBAC5B,QAAQ,eAAe,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,IAC7D;AAEJ,QAAI,CAAC,iBAAiB;AACpB,aAAO,aAAa,KAAK;AAAA,IAC3B;AAGA,QAAI,eAAe,CAAC,CAAC;AAErB,QAAI,QAAQ,WAAW,YAAY;AACjC,qBAAe,MAAM,QAAQ,UAAU,WAAW,EAAE,OAAO,IAAI,CAAC;AAAA,IAClE;AAEA,QAAI,CAAC,cAAc;AACjB,YAAM,YAAY,QAAQ,OAAO,UAAU;AAC3C,YAAM,MAAM,IAAI,IAAI,WAAW,IAAI,GAAG;AACtC,UAAI,aAAa,IAAI,eAAe,QAAQ;AAC5C,aAAO,aAAa,SAAS,GAAG;AAAA,IAClC;AAEA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAKO,SAAS,uBACd,iBAA2B,CAAC,YAAY,GACxC,cAAwB,CAAC,SAAS,WAAW,GAC7C;AACA,SAAO;AAAA,IACL,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAQP;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AChFA,SAAsB,gBAAAC,qBAAoB;AAC1C,OAAO,WAAW;AAClB,SAAS,cAAc;AAyDhB,SAAS,yBAAyB,UAAqC,CAAC,GAAG;AAChF,SAAO,eAAe,IAAI,SAAsB;AAC9C,UAAM;AAAA,MACJ,SAAS,QAAQ,IAAI,kBAAkB;AAAA,MACvC,WAAW,QAAQ,IAAI;AAAA,MACvB,eAAe,QAAQ,IAAI;AAAA,MAC3B,UAAU,QAAQ,IAAI;AAAA,MACtB,iBAAiB,QAAQ,IAAI;AAAA,MAC7B,cAAc;AAAA,MACd,WAAW;AAAA,IACb,IAAI;AAEJ,QAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,cAAQ,MAAM,yCAAyC;AACvD,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,8BAA8B,QAAQ,GAAG,CAAC;AAAA,IAC5F;AAEA,QAAI,CAAC,gBAAgB;AACnB,cAAQ,MAAM,6BAA6B;AAC3C,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,yBAAyB,QAAQ,GAAG,CAAC;AAAA,IACvF;AAEA,UAAM,eAAe,QAAQ,QAAQ;AACrC,UAAM,OAAO,aAAa,IAAI,MAAM;AAEpC,QAAI,CAAC,MAAM;AACT,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,uBAAuB,QAAQ,GAAG,CAAC;AAAA,IACrF;AAEA,QAAI;AAEF,YAAM,gBAAgB,GAAG,MAAM;AAE/B,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,YAAY;AAAA,QACZ;AAAA,QACA,cAAc,GAAG,OAAO;AAAA,QACxB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAGD,YAAM,eAA4B;AAAA,QAChC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA,MAAM,KAAK,SAAS;AAAA,MACtB;AAEA,UAAI,QAAQ,IAAI,aAAa,cAAc;AACzC,cAAM,QAAQ,IAAI,MAAM,MAAM;AAAA,UAC5B,oBAAoB;AAAA,QACtB,CAAC;AACD,QAAC,aAAqB,QAAQ;AAAA,MAChC;AAEA,YAAM,gBAAgB,MAAM,MAAM,eAAe,YAAY;AAC7D,YAAM,SAAS,MAAM,cAAc,KAAK;AAExC,UAAI,CAAC,cAAc,IAAI;AACrB,gBAAQ,MAAM,0BAA0B,MAAM;AAC9C,eAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,gCAAgC,QAAQ,GAAG,CAAC;AAAA,MAC9F;AAGA,YAAM,mBAAmB,GAAG,MAAM;AAClC,YAAM,mBAAmB,MAAM,MAAM,kBAAkB;AAAA,QACrD,SAAS;AAAA,UACP,iBAAiB,UAAU,OAAO,YAAY;AAAA,QAChD;AAAA,QACA,GAAI,QAAQ,IAAI,aAAa,eAAe;AAAA,UAC1C,OAAO,IAAI,MAAM,MAAM,EAAE,oBAAoB,MAAM,CAAC;AAAA,QACtD,IAAW,CAAC;AAAA,MACd,CAAC;AAED,YAAM,WAAW,MAAM,iBAAiB,KAAK;AAG7C,YAAM,eAAe,MAAM,OAAO;AAAA,QAChC,OAAO;AAAA,UACL,aAAa,OAAO;AAAA,UACpB,cAAc,OAAO;AAAA,UACrB,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,cAAc;AAAA,UACjE,SAAS,OAAO;AAAA,UAChB,OAAO,SAAS;AAAA,UAChB,UAAU,SAAS;AAAA,UACnB,MAAM,SAAS;AAAA,UACf,KAAK,SAAS;AAAA,QAChB;AAAA,QACA,QAAQ;AAAA,MACV,CAAC;AAED,YAAM,mBAAmBA,cAAa,SAAS,IAAI,IAAI,aAAa,QAAQ,GAAG,CAAC;AAGhF,YAAM,aAAa,QAAQ,IAAI,aAAa,eACxC,qCACA;AAEJ,uBAAiB,QAAQ,IAAI,YAAY,cAAc;AAAA,QACrD,UAAU;AAAA,QACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,QACjC,UAAU;AAAA,QACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,QACvB,MAAM;AAAA,MACR,CAAC;AAED,aAAO;AAAA,IACT,SAAS,OAAO;AACd,cAAQ,MAAM,yBAAyB,KAAK;AAC5C,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,0BAA0B,QAAQ,GAAG,CAAC;AAAA,IACxF;AAAA,EACF;AACF;","names":["https","default","NextResponse"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@oauth42/next",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "description": "Official OAuth42 SDK for Next.js applications",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",

package/dist/{index-xJCMwWtK.d.mts → middleware-B8dYrjZ1.d.mts} RENAMED Viewed

@@ -1,7 +1,7 @@
+import { OAuthUserConfig, OAuthConfig } from 'next-auth/providers/oauth';
 import * as next_auth from 'next-auth';
 import { NextAuthOptions } from 'next-auth';
 import { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';
-import { OAuthUserConfig, OAuthConfig } from 'next-auth/providers/oauth';
 import { NextRequest, NextResponse } from 'next/server';
 interface OAuth42Profile {

package/dist/{index-xJCMwWtK.d.ts → middleware-B8dYrjZ1.d.ts} RENAMED Viewed

@@ -1,7 +1,7 @@
+import { OAuthUserConfig, OAuthConfig } from 'next-auth/providers/oauth';
 import * as next_auth from 'next-auth';
 import { NextAuthOptions } from 'next-auth';
 import { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';
-import { OAuthUserConfig, OAuthConfig } from 'next-auth/providers/oauth';
 import { NextRequest, NextResponse } from 'next/server';
 interface OAuth42Profile {