npm - @oauth42/next - Versions diffs - 0.2.3 → 0.2.4 - Mend

@oauth42/next 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/client/index.d.mts CHANGED Viewed

@@ -187,4 +187,127 @@ interface HostedAuthConfig {
  */
 declare const DEFAULT_HOSTED_AUTH_CONFIG: HostedAuthConfig;
-export { AuthStatus, type AuthStatusProps, DEFAULT_HOSTED_AUTH_CONFIG, type HostedAuthConfig, type HostedAuthOptions, type OAuth42Session, ProtectedComponent, type ProtectedComponentProps, SignInButton, type SignInButtonProps, SignOutButton, type SignOutButtonProps, type UseOAuth42SessionReturn, UserProfile, type UserProfileProps, redirectToHostedAuth, useOAuth42Session, useOAuth42Tokens, useOAuth42User, useRequireAuth, verifyState };
+/**
+ * OAuth42 Custom Authentication Utilities
+ *
+ * Provides functions for implementing custom login UIs in customer apps
+ * while properly handling OAuth2 PKCE flows and next-auth integration.
+ */
+interface LoginWithPasswordOptions {
+    email: string;
+    password: string;
+    mfaCode?: string;
+    /**
+     * URL to redirect to after successful authentication.
+     * If not provided, will redirect to '/'
+     */
+    callbackUrl?: string;
+}
+interface LoginWithAuthenticatorOptions {
+    email: string;
+    sessionId: string;
+    /**
+     * URL to redirect to after successful authentication.
+     * If not provided, will redirect to '/'
+     */
+    callbackUrl?: string;
+}
+interface AuthError {
+    error: string;
+    error_description?: string;
+    requires_enrollment?: boolean;
+    enrollment_token?: string;
+    requires_mfa?: boolean;
+}
+/**
+ * Authenticate with email/password and complete OAuth PKCE flow
+ *
+ * This function handles the full authentication flow:
+ * 1. Authenticates with the backend using credentials
+ * 2. Uses the access token to authorize the OAuth client
+ * 3. Exchanges authorization code for tokens via next-auth
+ *
+ * @example
+ * ```tsx
+ * const result = await loginWithPassword({
+ *   email: 'user@example.com',
+ *   password: 'password123',
+ *   callbackUrl: '/dashboard'
+ * });
+ *
+ * if (result.success) {
+ *   // User is authenticated, next-auth session is set
+ * } else if (result.requires_mfa) {
+ *   // Prompt for MFA code and call again with mfaCode
+ * }
+ * ```
+ */
+declare function loginWithPassword(options: LoginWithPasswordOptions): Promise<{
+    success: boolean;
+    access_token?: string;
+} & Partial<AuthError>>;
+/**
+ * Initiate authenticator (passwordless) login and return challenge code
+ *
+ * @example
+ * ```tsx
+ * const result = await initiateAuthenticatorLogin({
+ *   email: 'user@example.com',
+ *   sessionId: crypto.randomUUID()
+ * });
+ *
+ * if (result.success) {
+ *   // Display result.challengeCode to user
+ *   // Wait for WebSocket approval or poll for completion
+ * }
+ * ```
+ */
+declare function initiateAuthenticatorLogin(options: LoginWithAuthenticatorOptions): Promise<{
+    success: boolean;
+    challengeCode?: string;
+    challengeId?: string;
+} & Partial<AuthError>>;
+/**
+ * Complete authenticator login after approval
+ *
+ * Call this after receiving approval notification via WebSocket
+ * or after the user has approved on their mobile device.
+ * Returns the access token for the application to use in OAuth authorize flow.
+ *
+ * @param accessToken - Access token received from approval payload
+ */
+declare function completeAuthenticatorLogin(accessToken: string): Promise<{
+    success: boolean;
+    access_token: string;
+}>;
+/**
+ * Simulate approval for testing (development only)
+ *
+ * @param challengeId - The challenge ID to approve
+ * @param selectedCode - The code that was displayed to the user
+ */
+declare function simulateApproval(challengeId: string, selectedCode: string): Promise<{
+    success: boolean;
+}>;
+/**
+ * Logout the current user
+ *
+ * Calls the logout API route to clear backend session and oauth42_session cookie,
+ * then calls next-auth signOut to clear the next-auth session and redirect.
+ *
+ * @param callbackUrl - URL to redirect to after logout (default: '/')
+ *
+ * @example
+ * ```tsx
+ * import { logout } from '@oauth42/next/client';
+ *
+ * const handleLogout = async () => {
+ *   await logout({ callbackUrl: '/login' });
+ * };
+ * ```
+ */
+declare function logout(options?: {
+    callbackUrl?: string;
+}): Promise<void>;
+export { type AuthError, AuthStatus, type AuthStatusProps, DEFAULT_HOSTED_AUTH_CONFIG, type HostedAuthConfig, type HostedAuthOptions, type LoginWithAuthenticatorOptions, type LoginWithPasswordOptions, type OAuth42Session, ProtectedComponent, type ProtectedComponentProps, SignInButton, type SignInButtonProps, SignOutButton, type SignOutButtonProps, type UseOAuth42SessionReturn, UserProfile, type UserProfileProps, completeAuthenticatorLogin, initiateAuthenticatorLogin, loginWithPassword, logout, redirectToHostedAuth, simulateApproval, useOAuth42Session, useOAuth42Tokens, useOAuth42User, useRequireAuth, verifyState };

package/dist/client/index.d.ts CHANGED Viewed

@@ -187,4 +187,127 @@ interface HostedAuthConfig {
  */
 declare const DEFAULT_HOSTED_AUTH_CONFIG: HostedAuthConfig;
-export { AuthStatus, type AuthStatusProps, DEFAULT_HOSTED_AUTH_CONFIG, type HostedAuthConfig, type HostedAuthOptions, type OAuth42Session, ProtectedComponent, type ProtectedComponentProps, SignInButton, type SignInButtonProps, SignOutButton, type SignOutButtonProps, type UseOAuth42SessionReturn, UserProfile, type UserProfileProps, redirectToHostedAuth, useOAuth42Session, useOAuth42Tokens, useOAuth42User, useRequireAuth, verifyState };
+/**
+ * OAuth42 Custom Authentication Utilities
+ *
+ * Provides functions for implementing custom login UIs in customer apps
+ * while properly handling OAuth2 PKCE flows and next-auth integration.
+ */
+interface LoginWithPasswordOptions {
+    email: string;
+    password: string;
+    mfaCode?: string;
+    /**
+     * URL to redirect to after successful authentication.
+     * If not provided, will redirect to '/'
+     */
+    callbackUrl?: string;
+}
+interface LoginWithAuthenticatorOptions {
+    email: string;
+    sessionId: string;
+    /**
+     * URL to redirect to after successful authentication.
+     * If not provided, will redirect to '/'
+     */
+    callbackUrl?: string;
+}
+interface AuthError {
+    error: string;
+    error_description?: string;
+    requires_enrollment?: boolean;
+    enrollment_token?: string;
+    requires_mfa?: boolean;
+}
+/**
+ * Authenticate with email/password and complete OAuth PKCE flow
+ *
+ * This function handles the full authentication flow:
+ * 1. Authenticates with the backend using credentials
+ * 2. Uses the access token to authorize the OAuth client
+ * 3. Exchanges authorization code for tokens via next-auth
+ *
+ * @example
+ * ```tsx
+ * const result = await loginWithPassword({
+ *   email: 'user@example.com',
+ *   password: 'password123',
+ *   callbackUrl: '/dashboard'
+ * });
+ *
+ * if (result.success) {
+ *   // User is authenticated, next-auth session is set
+ * } else if (result.requires_mfa) {
+ *   // Prompt for MFA code and call again with mfaCode
+ * }
+ * ```
+ */
+declare function loginWithPassword(options: LoginWithPasswordOptions): Promise<{
+    success: boolean;
+    access_token?: string;
+} & Partial<AuthError>>;
+/**
+ * Initiate authenticator (passwordless) login and return challenge code
+ *
+ * @example
+ * ```tsx
+ * const result = await initiateAuthenticatorLogin({
+ *   email: 'user@example.com',
+ *   sessionId: crypto.randomUUID()
+ * });
+ *
+ * if (result.success) {
+ *   // Display result.challengeCode to user
+ *   // Wait for WebSocket approval or poll for completion
+ * }
+ * ```
+ */
+declare function initiateAuthenticatorLogin(options: LoginWithAuthenticatorOptions): Promise<{
+    success: boolean;
+    challengeCode?: string;
+    challengeId?: string;
+} & Partial<AuthError>>;
+/**
+ * Complete authenticator login after approval
+ *
+ * Call this after receiving approval notification via WebSocket
+ * or after the user has approved on their mobile device.
+ * Returns the access token for the application to use in OAuth authorize flow.
+ *
+ * @param accessToken - Access token received from approval payload
+ */
+declare function completeAuthenticatorLogin(accessToken: string): Promise<{
+    success: boolean;
+    access_token: string;
+}>;
+/**
+ * Simulate approval for testing (development only)
+ *
+ * @param challengeId - The challenge ID to approve
+ * @param selectedCode - The code that was displayed to the user
+ */
+declare function simulateApproval(challengeId: string, selectedCode: string): Promise<{
+    success: boolean;
+}>;
+/**
+ * Logout the current user
+ *
+ * Calls the logout API route to clear backend session and oauth42_session cookie,
+ * then calls next-auth signOut to clear the next-auth session and redirect.
+ *
+ * @param callbackUrl - URL to redirect to after logout (default: '/')
+ *
+ * @example
+ * ```tsx
+ * import { logout } from '@oauth42/next/client';
+ *
+ * const handleLogout = async () => {
+ *   await logout({ callbackUrl: '/login' });
+ * };
+ * ```
+ */
+declare function logout(options?: {
+    callbackUrl?: string;
+}): Promise<void>;
+export { type AuthError, AuthStatus, type AuthStatusProps, DEFAULT_HOSTED_AUTH_CONFIG, type HostedAuthConfig, type HostedAuthOptions, type LoginWithAuthenticatorOptions, type LoginWithPasswordOptions, type OAuth42Session, ProtectedComponent, type ProtectedComponentProps, SignInButton, type SignInButtonProps, SignOutButton, type SignOutButtonProps, type UseOAuth42SessionReturn, UserProfile, type UserProfileProps, completeAuthenticatorLogin, initiateAuthenticatorLogin, loginWithPassword, logout, redirectToHostedAuth, simulateApproval, useOAuth42Session, useOAuth42Tokens, useOAuth42User, useRequireAuth, verifyState };

package/dist/client/index.js CHANGED Viewed

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,6 +17,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 // src/client/index.ts
@@ -27,9 +37,14 @@ __export(client_exports, {
   SignInButton: () => SignInButton,
   SignOutButton: () => SignOutButton,
   UserProfile: () => UserProfile,
+  completeAuthenticatorLogin: () => completeAuthenticatorLogin,
+  initiateAuthenticatorLogin: () => initiateAuthenticatorLogin,
+  loginWithPassword: () => loginWithPassword,
+  logout: () => logout,
   redirectToHostedAuth: () => redirectToHostedAuth,
   signIn: () => import_react4.signIn,
   signOut: () => import_react4.signOut,
+  simulateApproval: () => simulateApproval,
   useOAuth42Session: () => useOAuth42Session,
   useOAuth42Tokens: () => useOAuth42Tokens,
   useOAuth42User: () => useOAuth42User,
@@ -231,7 +246,7 @@ function redirectToHostedAuth(options) {
     redirectUri,
     scope = "openid profile email",
     state = generateState(),
-    baseUrl = "https://hosted-auth.oauth42.com"
+    baseUrl = "https://auth.oauth42.com"
   } = options;
   const params = new URLSearchParams({
     client_id: clientId,
@@ -255,13 +270,144 @@ function verifyState(state) {
 }
 var DEFAULT_HOSTED_AUTH_CONFIG = {
   enabled: true,
-  baseUrl: "https://hosted-auth.oauth42.com",
+  baseUrl: "https://auth.oauth42.com",
   features: {
     signup: true,
     socialLogin: false,
     passwordReset: true
   }
 };
+// src/client/auth.ts
+async function loginWithPassword(options) {
+  try {
+    const loginResponse = await fetch("/api/auth/login", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        email: options.email,
+        password: options.password,
+        ...options.mfaCode ? { mfa_code: options.mfaCode } : {}
+      })
+    });
+    if (!loginResponse.ok) {
+      const errorData = await loginResponse.json().catch(() => ({}));
+      const desc = errorData?.error_description || errorData?.message || "";
+      if (loginResponse.status === 403 && errorData?.requires_enrollment) {
+        return {
+          success: false,
+          error: "enrollment_required",
+          error_description: "MFA enrollment required",
+          requires_enrollment: true,
+          enrollment_token: errorData.enrollment_token
+        };
+      }
+      if (loginResponse.status === 403 && /mfa required/i.test(desc)) {
+        return {
+          success: false,
+          error: "mfa_required",
+          error_description: "MFA code required",
+          requires_mfa: true
+        };
+      }
+      if (loginResponse.status === 401 && /invalid mfa code/i.test(desc)) {
+        return {
+          success: false,
+          error: "invalid_mfa_code",
+          error_description: "Invalid MFA code",
+          requires_mfa: true
+        };
+      }
+      return {
+        success: false,
+        error: "authentication_failed",
+        error_description: desc || "Invalid credentials"
+      };
+    }
+    const { access_token } = await loginResponse.json();
+    return { success: true, access_token };
+  } catch (error) {
+    console.error("Login error:", error);
+    return {
+      success: false,
+      error: "network_error",
+      error_description: "Failed to connect to authentication server"
+    };
+  }
+}
+async function initiateAuthenticatorLogin(options) {
+  try {
+    const response = await fetch("/api/auth/passwordless/initiate", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        email: options.email,
+        session_id: options.sessionId
+      })
+    });
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      return {
+        success: false,
+        error: "initiation_failed",
+        error_description: errorData.error_description || "Failed to create challenge"
+      };
+    }
+    const data = await response.json();
+    return {
+      success: true,
+      challengeCode: data.challenge_code,
+      challengeId: data.challenge_id
+    };
+  } catch (error) {
+    console.error("Authenticator login error:", error);
+    return {
+      success: false,
+      error: "network_error",
+      error_description: "Failed to connect to authentication server"
+    };
+  }
+}
+async function completeAuthenticatorLogin(accessToken) {
+  return { success: true, access_token: accessToken };
+}
+async function simulateApproval(challengeId, selectedCode) {
+  try {
+    await fetch("/api/auth/challenge/approve", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        challenge_id: challengeId,
+        selected_code: selectedCode
+      })
+    });
+    return { success: true };
+  } catch (error) {
+    console.error("Simulated approval failed:", error);
+    return { success: false };
+  }
+}
+async function logout(options) {
+  try {
+    const { getSession } = await import("next-auth/react");
+    const session = await getSession();
+    if (session?.accessToken) {
+      await fetch("/api/auth/logout", {
+        method: "POST",
+        headers: {
+          "Authorization": `Bearer ${session.accessToken}`
+        }
+      });
+    }
+  } catch (error) {
+    console.error("[Logout] Failed to call logout API:", error);
+  }
+  const { signOut: signOut4 } = await import("next-auth/react");
+  await signOut4({
+    callbackUrl: options?.callbackUrl || "/",
+    redirect: true
+  });
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AuthStatus,
@@ -271,9 +417,14 @@ var DEFAULT_HOSTED_AUTH_CONFIG = {
   SignInButton,
   SignOutButton,
   UserProfile,
+  completeAuthenticatorLogin,
+  initiateAuthenticatorLogin,
+  loginWithPassword,
+  logout,
   redirectToHostedAuth,
   signIn,
   signOut,
+  simulateApproval,
   useOAuth42Session,
   useOAuth42Tokens,
   useOAuth42User,

package/dist/client/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/client/index.ts","../../src/client/hooks.ts","../../src/client/components.tsx","../../src/utils/hosted-auth.ts"],"sourcesContent":["// Client-side exports\n\n// Re-export commonly used next-auth/react functions\nexport { signIn, signOut, useSession, SessionProvider } from 'next-auth/react';\nexport type { Session } from 'next-auth';\nexport {\n useOAuth42Session,\n useOAuth42User,\n useOAuth42Tokens,\n useRequireAuth,\n} from './hooks';\n\nexport type {\n OAuth42Session,\n UseOAuth42SessionReturn,\n} from './hooks';\n\nexport {\n SignInButton,\n SignOutButton,\n UserProfile,\n AuthStatus,\n ProtectedComponent,\n} from './components';\n\nexport type {\n SignInButtonProps,\n SignOutButtonProps,\n UserProfileProps,\n AuthStatusProps,\n ProtectedComponentProps,\n} from './components';\n\n// Hosted auth utilities\nexport {\n redirectToHostedAuth,\n verifyState,\n DEFAULT_HOSTED_AUTH_CONFIG,\n} from '../utils/hosted-auth';\n\nexport type {\n HostedAuthOptions,\n HostedAuthConfig,\n} from '../utils/hosted-auth';","import { useSession, signIn, signOut } from 'next-auth/react';\nimport { useCallback, useEffect, useState } from 'react';\n\nexport type OAuth42Session<E = {}> = ({\n user?: {\n email?: string \| null;\n name?: string \| null;\n image?: string \| null;\n username?: string;\n emailVerified?: boolean;\n };\n accessToken?: string;\n idToken?: string;\n expires?: string;\n}) & E;\n\nexport interface UseOAuth42SessionReturn<E = {}> {\n session: OAuth42Session<E> \| null;\n loading: boolean;\n error: Error \| null;\n isAuthenticated: boolean;\n signIn: () => Promise<void>;\n signOut: () => Promise<void>;\n}\n\n/*\n Hook to manage OAuth42 session with optional extra fields\n /\nexport function useOAuth42Session<E = {}>(): UseOAuth42SessionReturn<E> {\n const { data: session, status } = useSession();\n const [error, setError] = useState<Error \| null>(null);\n \n const handleSignIn = useCallback(async () => {\n try {\n setError(null);\n await signIn('oauth42');\n } catch (err) {\n setError(err as Error);\n }\n }, []);\n \n const handleSignOut = useCallback(async () => {\n try {\n setError(null);\n await signOut();\n } catch (err) {\n setError(err as Error);\n }\n }, []);\n \n return {\n session: session as unknown as OAuth42Session<E> \| null,\n loading: status === 'loading',\n error,\n isAuthenticated: status === 'authenticated',\n signIn: handleSignIn,\n signOut: handleSignOut,\n };\n}\n\n/\n Hook to get the current OAuth42 user\n /\nexport function useOAuth42User<E = {}>() {\n const { session, isAuthenticated } = useOAuth42Session<E>();\n \n return {\n user: isAuthenticated ? session?.user : null,\n isAuthenticated,\n };\n}\n\n/\n Hook to manage OAuth42 tokens\n /\nexport function useOAuth42Tokens<E = {}>() {\n const { session } = useOAuth42Session<E>();\n const [isExpired, setIsExpired] = useState(false);\n \n useEffect(() => {\n if (session?.expires) {\n const expiryTime = new Date(session.expires).getTime();\n const now = Date.now();\n setIsExpired(now >= expiryTime);\n \n // Set a timer to update expiry status\n const timeUntilExpiry = expiryTime - now;\n if (timeUntilExpiry > 0) {\n const timer = setTimeout(() => {\n setIsExpired(true);\n }, timeUntilExpiry);\n \n return () => clearTimeout(timer);\n }\n }\n }, [session?.expires]);\n \n return {\n accessToken: session?.accessToken,\n idToken: session?.idToken,\n isExpired,\n refreshToken: async () => {\n // Trigger a session refresh\n await signIn('oauth42');\n },\n };\n}\n\n/\n Hook for protected routes\n /\nexport function useRequireAuth(redirectTo: string = '/auth/signin') {\n const { isAuthenticated, loading } = useOAuth42Session();\n const [isRedirecting, setIsRedirecting] = useState(false);\n \n useEffect(() => {\n if (!loading && !isAuthenticated && !isRedirecting) {\n setIsRedirecting(true);\n if (typeof window !== 'undefined') {\n window.location.href = redirectTo;\n }\n }\n }, [isAuthenticated, loading, redirectTo, isRedirecting]);\n \n return {\n isAuthenticated,\n loading: loading \|\| isRedirecting,\n };\n}\n","import React from 'react';\nimport { signIn, signOut } from 'next-auth/react';\nimport { useOAuth42Session, useOAuth42User } from './hooks';\n\nexport interface SignInButtonProps {\n children?: React.ReactNode;\n className?: string;\n callbackUrl?: string;\n onClick?: () => void;\n}\n\n/\n Sign in button component\n /\nexport function SignInButton({ \n children = 'Sign in with OAuth42', \n className = '',\n callbackUrl = '/',\n onClick\n}: SignInButtonProps) {\n const handleClick = async () => {\n if (onClick) onClick();\n await signIn('oauth42', { callbackUrl });\n };\n \n return (\n <button\n onClick={handleClick}\n className={className}\n type=\"button\"\n >\n {children}\n </button>\n );\n}\n\nexport interface SignOutButtonProps {\n children?: React.ReactNode;\n className?: string;\n callbackUrl?: string;\n onClick?: () => void;\n}\n\n/\n Sign out button component\n /\nexport function SignOutButton({ \n children = 'Sign out', \n className = '',\n callbackUrl = '/',\n onClick\n}: SignOutButtonProps) {\n const handleClick = async () => {\n if (onClick) onClick();\n await signOut({ callbackUrl });\n };\n \n return (\n <button\n onClick={handleClick}\n className={className}\n type=\"button\"\n >\n {children}\n </button>\n );\n}\n\nexport interface UserProfileProps {\n className?: string;\n showEmail?: boolean;\n showName?: boolean;\n showImage?: boolean;\n loadingComponent?: React.ReactNode;\n notAuthenticatedComponent?: React.ReactNode;\n}\n\n/\n User profile display component\n /\nexport function UserProfile({\n className = '',\n showEmail = true,\n showName = true,\n showImage = true,\n loadingComponent = <div>Loading...</div>,\n notAuthenticatedComponent = <div>Not authenticated</div>,\n}: UserProfileProps) {\n const { session, loading, isAuthenticated } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n if (!isAuthenticated \|\| !session?.user) {\n return <>{notAuthenticatedComponent}</>;\n }\n \n const { user } = session;\n \n return (\n <div className={className}>\n {showImage && user.image && (\n <img \n src={user.image} \n alt={user.name \|\| 'User'} \n style={{ width: 50, height: 50, borderRadius: '50%' }}\n />\n )}\n {showName && user.name && <div>{user.name}</div>}\n {showEmail && user.email && <div>{user.email}</div>}\n </div>\n );\n}\n\nexport interface AuthStatusProps {\n authenticatedComponent?: React.ReactNode;\n unauthenticatedComponent?: React.ReactNode;\n loadingComponent?: React.ReactNode;\n}\n\n/\n Conditional rendering based on auth status\n /\nexport function AuthStatus({\n authenticatedComponent,\n unauthenticatedComponent,\n loadingComponent = <div>Loading...</div>,\n}: AuthStatusProps) {\n const { isAuthenticated, loading } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n return <>{isAuthenticated ? authenticatedComponent : unauthenticatedComponent}</>;\n}\n\nexport interface ProtectedComponentProps {\n children: React.ReactNode;\n fallback?: React.ReactNode;\n loadingComponent?: React.ReactNode;\n}\n\n/\n Wrapper component for protected content\n /\nexport function ProtectedComponent({\n children,\n fallback = <SignInButton />,\n loadingComponent = <div>Loading...</div>,\n}: ProtectedComponentProps) {\n const { isAuthenticated, loading } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n if (!isAuthenticated) {\n return <>{fallback}</>;\n }\n \n return <>{children}</>;\n}","/\n Utilities for OAuth42 Hosted Authentication\n /\n\nexport interface HostedAuthOptions {\n /* OAuth2 client ID /\n clientId: string;\n /* Redirect URI after authentication /\n redirectUri: string;\n /* OAuth2 scopes (space-separated) /\n scope?: string;\n /* OAuth2 state parameter for CSRF protection /\n state?: string;\n /* Base URL for hosted auth (defaults to production) /\n baseUrl?: string;\n}\n\n/\n Generate a random state parameter for CSRF protection\n /\nfunction generateState(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');\n}\n\n/\n Redirect to OAuth42 hosted authentication pages\n \n @example\n * ```ts\n * import { redirectToHostedAuth } from '@oauth42/next/client';\n \n function LoginButton() {\n * return (\n * <button onClick={() => redirectToHostedAuth({\n * clientId: process.env.NEXT_PUBLIC_OAUTH42_CLIENT_ID!,\n * redirectUri: `${window.location.origin}/api/auth/callback`,\n * })}>\n * Sign in with OAuth42\n * </button>\n * );\n * }\n * ```\n /\nexport function redirectToHostedAuth(options: HostedAuthOptions): void {\n const {\n clientId,\n redirectUri,\n scope = 'openid profile email',\n state = generateState(),\n baseUrl = 'https://hosted-auth.oauth42.com',\n } = options;\n\n const params = new URLSearchParams({\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n scope,\n state,\n });\n\n const authUrl = `${baseUrl}/login?${params.toString()}`;\n\n // Store state in sessionStorage for verification on callback\n if (typeof window !== 'undefined') {\n sessionStorage.setItem('oauth42_state', state);\n window.location.href = authUrl;\n }\n}\n\n/\n Verify state parameter on OAuth2 callback\n * Call this in your callback page to verify the state matches\n \n @example\n * ```ts\n * import { verifyState } from '@oauth42/next/client';\n \n export default function CallbackPage() {\n * const searchParams = useSearchParams();\n * const state = searchParams.get('state');\n \n if (!verifyState(state)) {\n * return <div>Invalid state parameter</div>;\n * }\n \n // Continue with token exchange...\n * }\n * ```\n /\nexport function verifyState(state: string \| null): boolean {\n if (typeof window === 'undefined') return false;\n if (!state) return false;\n\n const storedState = sessionStorage.getItem('oauth42_state');\n sessionStorage.removeItem('oauth42_state');\n\n return storedState === state;\n}\n\n/\n Configuration for hosted authentication\n /\nexport interface HostedAuthConfig {\n /* Enable hosted authentication /\n enabled: boolean;\n /* Base URL for hosted auth pages (optional, defaults to production) /\n baseUrl?: string;\n /* Feature flags for hosted auth /\n features?: {\n /* Allow user signup /\n signup?: boolean;\n /* Allow social login /\n socialLogin?: boolean;\n /* Allow password reset /\n passwordReset?: boolean;\n };\n}\n\n/\n Default hosted auth configuration\n */\nexport const DEFAULT_HOSTED_AUTH_CONFIG: HostedAuthConfig = {\n enabled: true,\n baseUrl: 'https://hosted-auth.oauth42.com',\n features: {\n signup: true,\n socialLogin: false,\n passwordReset: true,\n },\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,IAAAA,gBAA6D;;;ACH7D,mBAA4C;AAC5C,IAAAC,gBAAiD;AA2B1C,SAAS,oBAAwD;AACtE,QAAM,EAAE,MAAM,SAAS,OAAO,QAAI,yBAAW;AAC7C,QAAM,CAAC,OAAO,QAAQ,QAAI,wBAAuB,IAAI;AAErD,QAAM,mBAAe,2BAAY,YAAY;AAC3C,QAAI;AACF,eAAS,IAAI;AACb,gBAAM,qBAAO,SAAS;AAAA,IACxB,SAAS,KAAK;AACZ,eAAS,GAAY;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,oBAAgB,2BAAY,YAAY;AAC5C,QAAI;AACF,eAAS,IAAI;AACb,gBAAM,sBAAQ;AAAA,IAChB,SAAS,KAAK;AACZ,eAAS,GAAY;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,SAAO;AAAA,IACL;AAAA,IACA,SAAS,WAAW;AAAA,IACpB;AAAA,IACA,iBAAiB,WAAW;AAAA,IAC5B,QAAQ;AAAA,IACR,SAAS;AAAA,EACX;AACF;AAKO,SAAS,iBAAyB;AACvC,QAAM,EAAE,SAAS,gBAAgB,IAAI,kBAAqB;AAE1D,SAAO;AAAA,IACL,MAAM,kBAAkB,SAAS,OAAO;AAAA,IACxC;AAAA,EACF;AACF;AAKO,SAAS,mBAA2B;AACzC,QAAM,EAAE,QAAQ,IAAI,kBAAqB;AACzC,QAAM,CAAC,WAAW,YAAY,QAAI,wBAAS,KAAK;AAEhD,+BAAU,MAAM;AACd,QAAI,SAAS,SAAS;AACpB,YAAM,aAAa,IAAI,KAAK,QAAQ,OAAO,EAAE,QAAQ;AACrD,YAAM,MAAM,KAAK,IAAI;AACrB,mBAAa,OAAO,UAAU;AAG9B,YAAM,kBAAkB,aAAa;AACrC,UAAI,kBAAkB,GAAG;AACvB,cAAM,QAAQ,WAAW,MAAM;AAC7B,uBAAa,IAAI;AAAA,QACnB,GAAG,eAAe;AAElB,eAAO,MAAM,aAAa,KAAK;AAAA,MACjC;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,OAAO,CAAC;AAErB,SAAO;AAAA,IACL,aAAa,SAAS;AAAA,IACtB,SAAS,SAAS;AAAA,IAClB;AAAA,IACA,cAAc,YAAY;AAExB,gBAAM,qBAAO,SAAS;AAAA,IACxB;AAAA,EACF;AACF;AAKO,SAAS,eAAe,aAAqB,gBAAgB;AAClE,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AACvD,QAAM,CAAC,eAAe,gBAAgB,QAAI,wBAAS,KAAK;AAExD,+BAAU,MAAM;AACd,QAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,eAAe;AAClD,uBAAiB,IAAI;AACrB,UAAI,OAAO,WAAW,aAAa;AACjC,eAAO,SAAS,OAAO;AAAA,MACzB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,iBAAiB,SAAS,YAAY,aAAa,CAAC;AAExD,SAAO;AAAA,IACL;AAAA,IACA,SAAS,WAAW;AAAA,EACtB;AACF;;;AC/HA,IAAAC,gBAAgC;AAyB5B;AAZG,SAAS,aAAa;AAAA,EAC3B,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,cAAc;AAAA,EACd;AACF,GAAsB;AACpB,QAAM,cAAc,YAAY;AAC9B,QAAI,QAAS,SAAQ;AACrB,cAAM,sBAAO,WAAW,EAAE,YAAY,CAAC;AAAA,EACzC;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,SAAS;AAAA,MACT;AAAA,MACA,MAAK;AAAA,MAEJ;AAAA;AAAA,EACH;AAEJ;AAYO,SAAS,cAAc;AAAA,EAC5B,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,cAAc;AAAA,EACd;AACF,GAAuB;AACrB,QAAM,cAAc,YAAY;AAC9B,QAAI,QAAS,SAAQ;AACrB,cAAM,uBAAQ,EAAE,YAAY,CAAC;AAAA,EAC/B;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,SAAS;AAAA,MACT;AAAA,MACA,MAAK;AAAA,MAEJ;AAAA;AAAA,EACH;AAEJ;AAcO,SAAS,YAAY;AAAA,EAC1B,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,mBAAmB,4CAAC,SAAI,wBAAU;AAAA,EAClC,4BAA4B,4CAAC,SAAI,+BAAiB;AACpD,GAAqB;AACnB,QAAM,EAAE,SAAS,SAAS,gBAAgB,IAAI,kBAAkB;AAEhE,MAAI,SAAS;AACX,WAAO,2EAAG,4BAAiB;AAAA,EAC7B;AAEA,MAAI,CAAC,mBAAmB,CAAC,SAAS,MAAM;AACtC,WAAO,2EAAG,qCAA0B;AAAA,EACtC;AAEA,QAAM,EAAE,KAAK,IAAI;AAEjB,SACE,6CAAC,SAAI,WACF;AAAA,iBAAa,KAAK,SACjB;AAAA,MAAC;AAAA;AAAA,QACC,KAAK,KAAK;AAAA,QACV,KAAK,KAAK,QAAQ;AAAA,QAClB,OAAO,EAAE,OAAO,IAAI,QAAQ,IAAI,cAAc,MAAM;AAAA;AAAA,IACtD;AAAA,IAED,YAAY,KAAK,QAAQ,4CAAC,SAAK,eAAK,MAAK;AAAA,IACzC,aAAa,KAAK,SAAS,4CAAC,SAAK,eAAK,OAAM;AAAA,KAC/C;AAEJ;AAWO,SAAS,WAAW;AAAA,EACzB;AAAA,EACA;AAAA,EACA,mBAAmB,4CAAC,SAAI,wBAAU;AACpC,GAAoB;AAClB,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AAEvD,MAAI,SAAS;AACX,WAAO,2EAAG,4BAAiB;AAAA,EAC7B;AAEA,SAAO,2EAAG,4BAAkB,yBAAyB,0BAAyB;AAChF;AAWO,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA,WAAW,4CAAC,gBAAa;AAAA,EACzB,mBAAmB,4CAAC,SAAI,wBAAU;AACpC,GAA4B;AAC1B,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AAEvD,MAAI,SAAS;AACX,WAAO,2EAAG,4BAAiB;AAAA,EAC7B;AAEA,MAAI,CAAC,iBAAiB;AACpB,WAAO,2EAAG,oBAAS;AAAA,EACrB;AAEA,SAAO,2EAAG,UAAS;AACrB;;;AC/IA,SAAS,gBAAwB;AAC/B,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,SAAO,MAAM,KAAK,OAAO,UAAQ,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAC9E;AAqBO,SAAS,qBAAqB,SAAkC;AACrE,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,QAAQ,cAAc;AAAA,IACtB,UAAU;AAAA,EACZ,IAAI;AAEJ,QAAM,SAAS,IAAI,gBAAgB;AAAA,IACjC,WAAW;AAAA,IACX,cAAc;AAAA,IACd,eAAe;AAAA,IACf;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,UAAU,GAAG,OAAO,UAAU,OAAO,SAAS,CAAC;AAGrD,MAAI,OAAO,WAAW,aAAa;AACjC,mBAAe,QAAQ,iBAAiB,KAAK;AAC7C,WAAO,SAAS,OAAO;AAAA,EACzB;AACF;AAsBO,SAAS,YAAY,OAA+B;AACzD,MAAI,OAAO,WAAW,YAAa,QAAO;AAC1C,MAAI,CAAC,MAAO,QAAO;AAEnB,QAAM,cAAc,eAAe,QAAQ,eAAe;AAC1D,iBAAe,WAAW,eAAe;AAEzC,SAAO,gBAAgB;AACzB;AAwBO,IAAM,6BAA+C;AAAA,EAC1D,SAAS;AAAA,EACT,SAAS;AAAA,EACT,UAAU;AAAA,IACR,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,eAAe;AAAA,EACjB;AACF;","names":["import_react","import_react","import_react"]}
1	+ {"version":3,"sources":["../../src/client/index.ts","../../src/client/hooks.ts","../../src/client/components.tsx","../../src/utils/hosted-auth.ts","../../src/client/auth.ts"],"sourcesContent":["// Client-side exports\n\n// Re-export commonly used next-auth/react functions\nexport { signIn, signOut, useSession, SessionProvider } from 'next-auth/react';\nexport type { Session } from 'next-auth';\nexport {\n useOAuth42Session,\n useOAuth42User,\n useOAuth42Tokens,\n useRequireAuth,\n} from './hooks';\n\nexport type {\n OAuth42Session,\n UseOAuth42SessionReturn,\n} from './hooks';\n\nexport {\n SignInButton,\n SignOutButton,\n UserProfile,\n AuthStatus,\n ProtectedComponent,\n} from './components';\n\nexport type {\n SignInButtonProps,\n SignOutButtonProps,\n UserProfileProps,\n AuthStatusProps,\n ProtectedComponentProps,\n} from './components';\n\n// Hosted auth utilities\nexport {\n redirectToHostedAuth,\n verifyState,\n DEFAULT_HOSTED_AUTH_CONFIG,\n} from '../utils/hosted-auth';\n\nexport type {\n HostedAuthOptions,\n HostedAuthConfig,\n} from '../utils/hosted-auth';\n\n// Custom authentication utilities\nexport {\n loginWithPassword,\n initiateAuthenticatorLogin,\n completeAuthenticatorLogin,\n simulateApproval,\n logout,\n} from './auth';\n\nexport type {\n LoginWithPasswordOptions,\n LoginWithAuthenticatorOptions,\n AuthError,\n} from './auth';","import { useSession, signIn, signOut } from 'next-auth/react';\nimport { useCallback, useEffect, useState } from 'react';\n\nexport type OAuth42Session<E = {}> = ({\n user?: {\n email?: string \| null;\n name?: string \| null;\n image?: string \| null;\n username?: string;\n emailVerified?: boolean;\n };\n accessToken?: string;\n idToken?: string;\n expires?: string;\n}) & E;\n\nexport interface UseOAuth42SessionReturn<E = {}> {\n session: OAuth42Session<E> \| null;\n loading: boolean;\n error: Error \| null;\n isAuthenticated: boolean;\n signIn: () => Promise<void>;\n signOut: () => Promise<void>;\n}\n\n/*\n Hook to manage OAuth42 session with optional extra fields\n /\nexport function useOAuth42Session<E = {}>(): UseOAuth42SessionReturn<E> {\n const { data: session, status } = useSession();\n const [error, setError] = useState<Error \| null>(null);\n \n const handleSignIn = useCallback(async () => {\n try {\n setError(null);\n await signIn('oauth42');\n } catch (err) {\n setError(err as Error);\n }\n }, []);\n \n const handleSignOut = useCallback(async () => {\n try {\n setError(null);\n await signOut();\n } catch (err) {\n setError(err as Error);\n }\n }, []);\n \n return {\n session: session as unknown as OAuth42Session<E> \| null,\n loading: status === 'loading',\n error,\n isAuthenticated: status === 'authenticated',\n signIn: handleSignIn,\n signOut: handleSignOut,\n };\n}\n\n/\n Hook to get the current OAuth42 user\n /\nexport function useOAuth42User<E = {}>() {\n const { session, isAuthenticated } = useOAuth42Session<E>();\n \n return {\n user: isAuthenticated ? session?.user : null,\n isAuthenticated,\n };\n}\n\n/\n Hook to manage OAuth42 tokens\n /\nexport function useOAuth42Tokens<E = {}>() {\n const { session } = useOAuth42Session<E>();\n const [isExpired, setIsExpired] = useState(false);\n \n useEffect(() => {\n if (session?.expires) {\n const expiryTime = new Date(session.expires).getTime();\n const now = Date.now();\n setIsExpired(now >= expiryTime);\n \n // Set a timer to update expiry status\n const timeUntilExpiry = expiryTime - now;\n if (timeUntilExpiry > 0) {\n const timer = setTimeout(() => {\n setIsExpired(true);\n }, timeUntilExpiry);\n \n return () => clearTimeout(timer);\n }\n }\n }, [session?.expires]);\n \n return {\n accessToken: session?.accessToken,\n idToken: session?.idToken,\n isExpired,\n refreshToken: async () => {\n // Trigger a session refresh\n await signIn('oauth42');\n },\n };\n}\n\n/\n Hook for protected routes\n /\nexport function useRequireAuth(redirectTo: string = '/auth/signin') {\n const { isAuthenticated, loading } = useOAuth42Session();\n const [isRedirecting, setIsRedirecting] = useState(false);\n \n useEffect(() => {\n if (!loading && !isAuthenticated && !isRedirecting) {\n setIsRedirecting(true);\n if (typeof window !== 'undefined') {\n window.location.href = redirectTo;\n }\n }\n }, [isAuthenticated, loading, redirectTo, isRedirecting]);\n \n return {\n isAuthenticated,\n loading: loading \|\| isRedirecting,\n };\n}\n","import React from 'react';\nimport { signIn, signOut } from 'next-auth/react';\nimport { useOAuth42Session, useOAuth42User } from './hooks';\n\nexport interface SignInButtonProps {\n children?: React.ReactNode;\n className?: string;\n callbackUrl?: string;\n onClick?: () => void;\n}\n\n/\n Sign in button component\n /\nexport function SignInButton({ \n children = 'Sign in with OAuth42', \n className = '',\n callbackUrl = '/',\n onClick\n}: SignInButtonProps) {\n const handleClick = async () => {\n if (onClick) onClick();\n await signIn('oauth42', { callbackUrl });\n };\n \n return (\n <button\n onClick={handleClick}\n className={className}\n type=\"button\"\n >\n {children}\n </button>\n );\n}\n\nexport interface SignOutButtonProps {\n children?: React.ReactNode;\n className?: string;\n callbackUrl?: string;\n onClick?: () => void;\n}\n\n/\n Sign out button component\n /\nexport function SignOutButton({ \n children = 'Sign out', \n className = '',\n callbackUrl = '/',\n onClick\n}: SignOutButtonProps) {\n const handleClick = async () => {\n if (onClick) onClick();\n await signOut({ callbackUrl });\n };\n \n return (\n <button\n onClick={handleClick}\n className={className}\n type=\"button\"\n >\n {children}\n </button>\n );\n}\n\nexport interface UserProfileProps {\n className?: string;\n showEmail?: boolean;\n showName?: boolean;\n showImage?: boolean;\n loadingComponent?: React.ReactNode;\n notAuthenticatedComponent?: React.ReactNode;\n}\n\n/\n User profile display component\n /\nexport function UserProfile({\n className = '',\n showEmail = true,\n showName = true,\n showImage = true,\n loadingComponent = <div>Loading...</div>,\n notAuthenticatedComponent = <div>Not authenticated</div>,\n}: UserProfileProps) {\n const { session, loading, isAuthenticated } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n if (!isAuthenticated \|\| !session?.user) {\n return <>{notAuthenticatedComponent}</>;\n }\n \n const { user } = session;\n \n return (\n <div className={className}>\n {showImage && user.image && (\n <img \n src={user.image} \n alt={user.name \|\| 'User'} \n style={{ width: 50, height: 50, borderRadius: '50%' }}\n />\n )}\n {showName && user.name && <div>{user.name}</div>}\n {showEmail && user.email && <div>{user.email}</div>}\n </div>\n );\n}\n\nexport interface AuthStatusProps {\n authenticatedComponent?: React.ReactNode;\n unauthenticatedComponent?: React.ReactNode;\n loadingComponent?: React.ReactNode;\n}\n\n/\n Conditional rendering based on auth status\n /\nexport function AuthStatus({\n authenticatedComponent,\n unauthenticatedComponent,\n loadingComponent = <div>Loading...</div>,\n}: AuthStatusProps) {\n const { isAuthenticated, loading } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n return <>{isAuthenticated ? authenticatedComponent : unauthenticatedComponent}</>;\n}\n\nexport interface ProtectedComponentProps {\n children: React.ReactNode;\n fallback?: React.ReactNode;\n loadingComponent?: React.ReactNode;\n}\n\n/\n Wrapper component for protected content\n /\nexport function ProtectedComponent({\n children,\n fallback = <SignInButton />,\n loadingComponent = <div>Loading...</div>,\n}: ProtectedComponentProps) {\n const { isAuthenticated, loading } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n if (!isAuthenticated) {\n return <>{fallback}</>;\n }\n \n return <>{children}</>;\n}","/\n Utilities for OAuth42 Hosted Authentication\n /\n\nexport interface HostedAuthOptions {\n /* OAuth2 client ID /\n clientId: string;\n /* Redirect URI after authentication /\n redirectUri: string;\n /* OAuth2 scopes (space-separated) /\n scope?: string;\n /* OAuth2 state parameter for CSRF protection /\n state?: string;\n /* Base URL for hosted auth (defaults to production) /\n baseUrl?: string;\n}\n\n/\n Generate a random state parameter for CSRF protection\n /\nfunction generateState(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');\n}\n\n/\n Redirect to OAuth42 hosted authentication pages\n \n @example\n * ```ts\n * import { redirectToHostedAuth } from '@oauth42/next/client';\n \n function LoginButton() {\n * return (\n * <button onClick={() => redirectToHostedAuth({\n * clientId: process.env.NEXT_PUBLIC_OAUTH42_CLIENT_ID!,\n * redirectUri: `${window.location.origin}/api/auth/callback`,\n * })}>\n * Sign in with OAuth42\n * </button>\n * );\n * }\n * ```\n /\nexport function redirectToHostedAuth(options: HostedAuthOptions): void {\n const {\n clientId,\n redirectUri,\n scope = 'openid profile email',\n state = generateState(),\n baseUrl = 'https://auth.oauth42.com',\n } = options;\n\n const params = new URLSearchParams({\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n scope,\n state,\n });\n\n const authUrl = `${baseUrl}/login?${params.toString()}`;\n\n // Store state in sessionStorage for verification on callback\n if (typeof window !== 'undefined') {\n sessionStorage.setItem('oauth42_state', state);\n window.location.href = authUrl;\n }\n}\n\n/\n Verify state parameter on OAuth2 callback\n * Call this in your callback page to verify the state matches\n \n @example\n * ```ts\n * import { verifyState } from '@oauth42/next/client';\n \n export default function CallbackPage() {\n * const searchParams = useSearchParams();\n * const state = searchParams.get('state');\n \n if (!verifyState(state)) {\n * return <div>Invalid state parameter</div>;\n * }\n \n // Continue with token exchange...\n * }\n * ```\n /\nexport function verifyState(state: string \| null): boolean {\n if (typeof window === 'undefined') return false;\n if (!state) return false;\n\n const storedState = sessionStorage.getItem('oauth42_state');\n sessionStorage.removeItem('oauth42_state');\n\n return storedState === state;\n}\n\n/\n Configuration for hosted authentication\n /\nexport interface HostedAuthConfig {\n /* Enable hosted authentication /\n enabled: boolean;\n /* Base URL for hosted auth pages (optional, defaults to production) /\n baseUrl?: string;\n /* Feature flags for hosted auth /\n features?: {\n /* Allow user signup /\n signup?: boolean;\n /* Allow social login /\n socialLogin?: boolean;\n /* Allow password reset /\n passwordReset?: boolean;\n };\n}\n\n/\n Default hosted auth configuration\n /\nexport const DEFAULT_HOSTED_AUTH_CONFIG: HostedAuthConfig = {\n enabled: true,\n baseUrl: 'https://auth.oauth42.com',\n features: {\n signup: true,\n socialLogin: false,\n passwordReset: true,\n },\n};\n","/\n OAuth42 Custom Authentication Utilities\n \n Provides functions for implementing custom login UIs in customer apps\n * while properly handling OAuth2 PKCE flows and next-auth integration.\n /\n\nimport { signIn } from 'next-auth/react';\n\n// PKCE utilities\nfunction base64URLEncode(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary)\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=/g, '');\n}\n\nasync function generateCodeVerifier(): Promise<string> {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return base64URLEncode(array.buffer);\n}\n\nasync function generateCodeChallenge(verifier: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(verifier);\n const hash = await crypto.subtle.digest('SHA-256', data);\n return base64URLEncode(hash);\n}\n\nfunction generateState(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return base64URLEncode(array.buffer);\n}\n\nexport interface LoginWithPasswordOptions {\n email: string;\n password: string;\n mfaCode?: string;\n /\n URL to redirect to after successful authentication.\n * If not provided, will redirect to '/'\n /\n callbackUrl?: string;\n}\n\nexport interface LoginWithAuthenticatorOptions {\n email: string;\n sessionId: string;\n /\n URL to redirect to after successful authentication.\n * If not provided, will redirect to '/'\n /\n callbackUrl?: string;\n}\n\nexport interface AuthError {\n error: string;\n error_description?: string;\n requires_enrollment?: boolean;\n enrollment_token?: string;\n requires_mfa?: boolean;\n}\n\n/\n Authenticate with email/password and complete OAuth PKCE flow\n \n This function handles the full authentication flow:\n * 1. Authenticates with the backend using credentials\n * 2. Uses the access token to authorize the OAuth client\n * 3. Exchanges authorization code for tokens via next-auth\n \n @example\n * ```tsx\n * const result = await loginWithPassword({\n * email: 'user@example.com',\n * password: 'password123',\n * callbackUrl: '/dashboard'\n * });\n \n if (result.success) {\n * // User is authenticated, next-auth session is set\n * } else if (result.requires_mfa) {\n * // Prompt for MFA code and call again with mfaCode\n * }\n * ```\n /\nexport async function loginWithPassword(\n options: LoginWithPasswordOptions\n): Promise<{ success: boolean; access_token?: string } & Partial<AuthError>> {\n try {\n // Step 1: Authenticate with backend to get access token\n const loginResponse = await fetch('/api/auth/login', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n email: options.email,\n password: options.password,\n ...(options.mfaCode ? { mfa_code: options.mfaCode } : {}),\n }),\n });\n\n if (!loginResponse.ok) {\n const errorData = await loginResponse.json().catch(() => ({}));\n const desc: string = errorData?.error_description \|\| errorData?.message \|\| '';\n\n // Handle special cases\n if (loginResponse.status === 403 && errorData?.requires_enrollment) {\n return {\n success: false,\n error: 'enrollment_required',\n error_description: 'MFA enrollment required',\n requires_enrollment: true,\n enrollment_token: errorData.enrollment_token,\n };\n }\n\n if (loginResponse.status === 403 && /mfa required/i.test(desc)) {\n return {\n success: false,\n error: 'mfa_required',\n error_description: 'MFA code required',\n requires_mfa: true,\n };\n }\n\n if (loginResponse.status === 401 && /invalid mfa code/i.test(desc)) {\n return {\n success: false,\n error: 'invalid_mfa_code',\n error_description: 'Invalid MFA code',\n requires_mfa: true,\n };\n }\n\n return {\n success: false,\n error: 'authentication_failed',\n error_description: desc \|\| 'Invalid credentials',\n };\n }\n\n const { access_token } = await loginResponse.json();\n\n // Return access token for the application to use in OAuth authorize flow\n return { success: true, access_token };\n } catch (error) {\n console.error('Login error:', error);\n return {\n success: false,\n error: 'network_error',\n error_description: 'Failed to connect to authentication server',\n };\n }\n}\n\n/\n Initiate authenticator (passwordless) login and return challenge code\n \n @example\n * ```tsx\n * const result = await initiateAuthenticatorLogin({\n * email: 'user@example.com',\n * sessionId: crypto.randomUUID()\n * });\n \n if (result.success) {\n * // Display result.challengeCode to user\n * // Wait for WebSocket approval or poll for completion\n * }\n * ```\n /\nexport async function initiateAuthenticatorLogin(\n options: LoginWithAuthenticatorOptions\n): Promise<{\n success: boolean;\n challengeCode?: string;\n challengeId?: string;\n} & Partial<AuthError>> {\n try {\n const response = await fetch('/api/auth/passwordless/initiate', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n email: options.email,\n session_id: options.sessionId,\n }),\n });\n\n if (!response.ok) {\n const errorData = await response.json().catch(() => ({}));\n return {\n success: false,\n error: 'initiation_failed',\n error_description: errorData.error_description \|\| 'Failed to create challenge',\n };\n }\n\n const data = await response.json();\n\n return {\n success: true,\n challengeCode: data.challenge_code,\n challengeId: data.challenge_id,\n };\n } catch (error) {\n console.error('Authenticator login error:', error);\n return {\n success: false,\n error: 'network_error',\n error_description: 'Failed to connect to authentication server',\n };\n }\n}\n\n/\n Complete authenticator login after approval\n \n Call this after receiving approval notification via WebSocket\n * or after the user has approved on their mobile device.\n * Returns the access token for the application to use in OAuth authorize flow.\n \n @param accessToken - Access token received from approval payload\n /\nexport async function completeAuthenticatorLogin(\n accessToken: string\n): Promise<{ success: boolean; access_token: string }> {\n return { success: true, access_token: accessToken };\n}\n\n/\n Simulate approval for testing (development only)\n \n @param challengeId - The challenge ID to approve\n * @param selectedCode - The code that was displayed to the user\n /\nexport async function simulateApproval(\n challengeId: string,\n selectedCode: string\n): Promise<{ success: boolean }> {\n try {\n await fetch('/api/auth/challenge/approve', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n challenge_id: challengeId,\n selected_code: selectedCode,\n }),\n });\n\n return { success: true };\n } catch (error) {\n console.error('Simulated approval failed:', error);\n return { success: false };\n }\n}\n\n/\n Logout the current user\n \n Calls the logout API route to clear backend session and oauth42_session cookie,\n * then calls next-auth signOut to clear the next-auth session and redirect.\n \n @param callbackUrl - URL to redirect to after logout (default: '/')\n \n @example\n * ```tsx\n * import { logout } from '@oauth42/next/client';\n \n const handleLogout = async () => {\n * await logout({ callbackUrl: '/login' });\n * };\n * ```\n */\nexport async function logout(options?: { callbackUrl?: string }): Promise<void> {\n try {\n // Get the current session to retrieve the access token\n const { getSession } = await import('next-auth/react');\n const session: any = await getSession();\n\n // Call logout API route to clear backend session and oauth42_session cookie\n if (session?.accessToken) {\n await fetch('/api/auth/logout', {\n method: 'POST',\n headers: {\n 'Authorization': `Bearer ${session.accessToken}`,\n },\n });\n }\n } catch (error) {\n console.error('[Logout] Failed to call logout API:', error);\n // Continue with signOut anyway\n }\n\n // Import signOut from next-auth/react\n const { signOut } = await import('next-auth/react');\n\n // Clear next-auth session\n await signOut({\n callbackUrl: options?.callbackUrl \|\| '/',\n redirect: true\n });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,IAAAA,gBAA6D;;;ACH7D,mBAA4C;AAC5C,IAAAC,gBAAiD;AA2B1C,SAAS,oBAAwD;AACtE,QAAM,EAAE,MAAM,SAAS,OAAO,QAAI,yBAAW;AAC7C,QAAM,CAAC,OAAO,QAAQ,QAAI,wBAAuB,IAAI;AAErD,QAAM,mBAAe,2BAAY,YAAY;AAC3C,QAAI;AACF,eAAS,IAAI;AACb,gBAAM,qBAAO,SAAS;AAAA,IACxB,SAAS,KAAK;AACZ,eAAS,GAAY;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,oBAAgB,2BAAY,YAAY;AAC5C,QAAI;AACF,eAAS,IAAI;AACb,gBAAM,sBAAQ;AAAA,IAChB,SAAS,KAAK;AACZ,eAAS,GAAY;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,SAAO;AAAA,IACL;AAAA,IACA,SAAS,WAAW;AAAA,IACpB;AAAA,IACA,iBAAiB,WAAW;AAAA,IAC5B,QAAQ;AAAA,IACR,SAAS;AAAA,EACX;AACF;AAKO,SAAS,iBAAyB;AACvC,QAAM,EAAE,SAAS,gBAAgB,IAAI,kBAAqB;AAE1D,SAAO;AAAA,IACL,MAAM,kBAAkB,SAAS,OAAO;AAAA,IACxC;AAAA,EACF;AACF;AAKO,SAAS,mBAA2B;AACzC,QAAM,EAAE,QAAQ,IAAI,kBAAqB;AACzC,QAAM,CAAC,WAAW,YAAY,QAAI,wBAAS,KAAK;AAEhD,+BAAU,MAAM;AACd,QAAI,SAAS,SAAS;AACpB,YAAM,aAAa,IAAI,KAAK,QAAQ,OAAO,EAAE,QAAQ;AACrD,YAAM,MAAM,KAAK,IAAI;AACrB,mBAAa,OAAO,UAAU;AAG9B,YAAM,kBAAkB,aAAa;AACrC,UAAI,kBAAkB,GAAG;AACvB,cAAM,QAAQ,WAAW,MAAM;AAC7B,uBAAa,IAAI;AAAA,QACnB,GAAG,eAAe;AAElB,eAAO,MAAM,aAAa,KAAK;AAAA,MACjC;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,OAAO,CAAC;AAErB,SAAO;AAAA,IACL,aAAa,SAAS;AAAA,IACtB,SAAS,SAAS;AAAA,IAClB;AAAA,IACA,cAAc,YAAY;AAExB,gBAAM,qBAAO,SAAS;AAAA,IACxB;AAAA,EACF;AACF;AAKO,SAAS,eAAe,aAAqB,gBAAgB;AAClE,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AACvD,QAAM,CAAC,eAAe,gBAAgB,QAAI,wBAAS,KAAK;AAExD,+BAAU,MAAM;AACd,QAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,eAAe;AAClD,uBAAiB,IAAI;AACrB,UAAI,OAAO,WAAW,aAAa;AACjC,eAAO,SAAS,OAAO;AAAA,MACzB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,iBAAiB,SAAS,YAAY,aAAa,CAAC;AAExD,SAAO;AAAA,IACL;AAAA,IACA,SAAS,WAAW;AAAA,EACtB;AACF;;;AC/HA,IAAAC,gBAAgC;AAyB5B;AAZG,SAAS,aAAa;AAAA,EAC3B,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,cAAc;AAAA,EACd;AACF,GAAsB;AACpB,QAAM,cAAc,YAAY;AAC9B,QAAI,QAAS,SAAQ;AACrB,cAAM,sBAAO,WAAW,EAAE,YAAY,CAAC;AAAA,EACzC;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,SAAS;AAAA,MACT;AAAA,MACA,MAAK;AAAA,MAEJ;AAAA;AAAA,EACH;AAEJ;AAYO,SAAS,cAAc;AAAA,EAC5B,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,cAAc;AAAA,EACd;AACF,GAAuB;AACrB,QAAM,cAAc,YAAY;AAC9B,QAAI,QAAS,SAAQ;AACrB,cAAM,uBAAQ,EAAE,YAAY,CAAC;AAAA,EAC/B;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,SAAS;AAAA,MACT;AAAA,MACA,MAAK;AAAA,MAEJ;AAAA;AAAA,EACH;AAEJ;AAcO,SAAS,YAAY;AAAA,EAC1B,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,mBAAmB,4CAAC,SAAI,wBAAU;AAAA,EAClC,4BAA4B,4CAAC,SAAI,+BAAiB;AACpD,GAAqB;AACnB,QAAM,EAAE,SAAS,SAAS,gBAAgB,IAAI,kBAAkB;AAEhE,MAAI,SAAS;AACX,WAAO,2EAAG,4BAAiB;AAAA,EAC7B;AAEA,MAAI,CAAC,mBAAmB,CAAC,SAAS,MAAM;AACtC,WAAO,2EAAG,qCAA0B;AAAA,EACtC;AAEA,QAAM,EAAE,KAAK,IAAI;AAEjB,SACE,6CAAC,SAAI,WACF;AAAA,iBAAa,KAAK,SACjB;AAAA,MAAC;AAAA;AAAA,QACC,KAAK,KAAK;AAAA,QACV,KAAK,KAAK,QAAQ;AAAA,QAClB,OAAO,EAAE,OAAO,IAAI,QAAQ,IAAI,cAAc,MAAM;AAAA;AAAA,IACtD;AAAA,IAED,YAAY,KAAK,QAAQ,4CAAC,SAAK,eAAK,MAAK;AAAA,IACzC,aAAa,KAAK,SAAS,4CAAC,SAAK,eAAK,OAAM;AAAA,KAC/C;AAEJ;AAWO,SAAS,WAAW;AAAA,EACzB;AAAA,EACA;AAAA,EACA,mBAAmB,4CAAC,SAAI,wBAAU;AACpC,GAAoB;AAClB,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AAEvD,MAAI,SAAS;AACX,WAAO,2EAAG,4BAAiB;AAAA,EAC7B;AAEA,SAAO,2EAAG,4BAAkB,yBAAyB,0BAAyB;AAChF;AAWO,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA,WAAW,4CAAC,gBAAa;AAAA,EACzB,mBAAmB,4CAAC,SAAI,wBAAU;AACpC,GAA4B;AAC1B,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AAEvD,MAAI,SAAS;AACX,WAAO,2EAAG,4BAAiB;AAAA,EAC7B;AAEA,MAAI,CAAC,iBAAiB;AACpB,WAAO,2EAAG,oBAAS;AAAA,EACrB;AAEA,SAAO,2EAAG,UAAS;AACrB;;;AC/IA,SAAS,gBAAwB;AAC/B,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,SAAO,MAAM,KAAK,OAAO,UAAQ,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAC9E;AAqBO,SAAS,qBAAqB,SAAkC;AACrE,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,QAAQ,cAAc;AAAA,IACtB,UAAU;AAAA,EACZ,IAAI;AAEJ,QAAM,SAAS,IAAI,gBAAgB;AAAA,IACjC,WAAW;AAAA,IACX,cAAc;AAAA,IACd,eAAe;AAAA,IACf;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,UAAU,GAAG,OAAO,UAAU,OAAO,SAAS,CAAC;AAGrD,MAAI,OAAO,WAAW,aAAa;AACjC,mBAAe,QAAQ,iBAAiB,KAAK;AAC7C,WAAO,SAAS,OAAO;AAAA,EACzB;AACF;AAsBO,SAAS,YAAY,OAA+B;AACzD,MAAI,OAAO,WAAW,YAAa,QAAO;AAC1C,MAAI,CAAC,MAAO,QAAO;AAEnB,QAAM,cAAc,eAAe,QAAQ,eAAe;AAC1D,iBAAe,WAAW,eAAe;AAEzC,SAAO,gBAAgB;AACzB;AAwBO,IAAM,6BAA+C;AAAA,EAC1D,SAAS;AAAA,EACT,SAAS;AAAA,EACT,UAAU;AAAA,IACR,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,eAAe;AAAA,EACjB;AACF;;;ACtCA,eAAsB,kBACpB,SAC2E;AAC3E,MAAI;AAEF,UAAM,gBAAgB,MAAM,MAAM,mBAAmB;AAAA,MACnD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO,QAAQ;AAAA,QACf,UAAU,QAAQ;AAAA,QAClB,GAAI,QAAQ,UAAU,EAAE,UAAU,QAAQ,QAAQ,IAAI,CAAC;AAAA,MACzD,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,cAAc,IAAI;AACrB,YAAM,YAAY,MAAM,cAAc,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AAC7D,YAAM,OAAe,WAAW,qBAAqB,WAAW,WAAW;AAG3E,UAAI,cAAc,WAAW,OAAO,WAAW,qBAAqB;AAClE,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,UACP,mBAAmB;AAAA,UACnB,qBAAqB;AAAA,UACrB,kBAAkB,UAAU;AAAA,QAC9B;AAAA,MACF;AAEA,UAAI,cAAc,WAAW,OAAO,gBAAgB,KAAK,IAAI,GAAG;AAC9D,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,UACP,mBAAmB;AAAA,UACnB,cAAc;AAAA,QAChB;AAAA,MACF;AAEA,UAAI,cAAc,WAAW,OAAO,oBAAoB,KAAK,IAAI,GAAG;AAClE,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,UACP,mBAAmB;AAAA,UACnB,cAAc;AAAA,QAChB;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,mBAAmB,QAAQ;AAAA,MAC7B;AAAA,IACF;AAEA,UAAM,EAAE,aAAa,IAAI,MAAM,cAAc,KAAK;AAGlD,WAAO,EAAE,SAAS,MAAM,aAAa;AAAA,EACvC,SAAS,OAAO;AACd,YAAQ,MAAM,gBAAgB,KAAK;AACnC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,MACP,mBAAmB;AAAA,IACrB;AAAA,EACF;AACF;AAkBA,eAAsB,2BACpB,SAKsB;AACtB,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,mCAAmC;AAAA,MAC9D,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO,QAAQ;AAAA,QACf,YAAY,QAAQ;AAAA,MACtB,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACxD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,mBAAmB,UAAU,qBAAqB;AAAA,MACpD;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,eAAe,KAAK;AAAA,MACpB,aAAa,KAAK;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,8BAA8B,KAAK;AACjD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,MACP,mBAAmB;AAAA,IACrB;AAAA,EACF;AACF;AAWA,eAAsB,2BACpB,aACqD;AACrD,SAAO,EAAE,SAAS,MAAM,cAAc,YAAY;AACpD;AAQA,eAAsB,iBACpB,aACA,cAC+B;AAC/B,MAAI;AACF,UAAM,MAAM,+BAA+B;AAAA,MACzC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,cAAc;AAAA,QACd,eAAe;AAAA,MACjB,CAAC;AAAA,IACH,CAAC;AAED,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB,SAAS,OAAO;AACd,YAAQ,MAAM,8BAA8B,KAAK;AACjD,WAAO,EAAE,SAAS,MAAM;AAAA,EAC1B;AACF;AAmBA,eAAsB,OAAO,SAAmD;AAC9E,MAAI;AAEF,UAAM,EAAE,WAAW,IAAI,MAAM,OAAO,iBAAiB;AACrD,UAAM,UAAe,MAAM,WAAW;AAGtC,QAAI,SAAS,aAAa;AACxB,YAAM,MAAM,oBAAoB;AAAA,QAC9B,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,iBAAiB,UAAU,QAAQ,WAAW;AAAA,QAChD;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,uCAAuC,KAAK;AAAA,EAE5D;AAGA,QAAM,EAAE,SAAAC,SAAQ,IAAI,MAAM,OAAO,iBAAiB;AAGlD,QAAMA,SAAQ;AAAA,IACZ,aAAa,SAAS,eAAe;AAAA,IACrC,UAAU;AAAA,EACZ,CAAC;AACH;","names":["import_react","import_react","import_react","signOut"]}

package/dist/client/index.mjs CHANGED Viewed

@@ -192,7 +192,7 @@ function redirectToHostedAuth(options) {
     redirectUri,
     scope = "openid profile email",
     state = generateState(),
-    baseUrl = "https://hosted-auth.oauth42.com"
+    baseUrl = "https://auth.oauth42.com"
   } = options;
   const params = new URLSearchParams({
     client_id: clientId,
@@ -216,13 +216,144 @@ function verifyState(state) {
 }
 var DEFAULT_HOSTED_AUTH_CONFIG = {
   enabled: true,
-  baseUrl: "https://hosted-auth.oauth42.com",
+  baseUrl: "https://auth.oauth42.com",
   features: {
     signup: true,
     socialLogin: false,
     passwordReset: true
   }
 };
+// src/client/auth.ts
+async function loginWithPassword(options) {
+  try {
+    const loginResponse = await fetch("/api/auth/login", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        email: options.email,
+        password: options.password,
+        ...options.mfaCode ? { mfa_code: options.mfaCode } : {}
+      })
+    });
+    if (!loginResponse.ok) {
+      const errorData = await loginResponse.json().catch(() => ({}));
+      const desc = errorData?.error_description || errorData?.message || "";
+      if (loginResponse.status === 403 && errorData?.requires_enrollment) {
+        return {
+          success: false,
+          error: "enrollment_required",
+          error_description: "MFA enrollment required",
+          requires_enrollment: true,
+          enrollment_token: errorData.enrollment_token
+        };
+      }
+      if (loginResponse.status === 403 && /mfa required/i.test(desc)) {
+        return {
+          success: false,
+          error: "mfa_required",
+          error_description: "MFA code required",
+          requires_mfa: true
+        };
+      }
+      if (loginResponse.status === 401 && /invalid mfa code/i.test(desc)) {
+        return {
+          success: false,
+          error: "invalid_mfa_code",
+          error_description: "Invalid MFA code",
+          requires_mfa: true
+        };
+      }
+      return {
+        success: false,
+        error: "authentication_failed",
+        error_description: desc || "Invalid credentials"
+      };
+    }
+    const { access_token } = await loginResponse.json();
+    return { success: true, access_token };
+  } catch (error) {
+    console.error("Login error:", error);
+    return {
+      success: false,
+      error: "network_error",
+      error_description: "Failed to connect to authentication server"
+    };
+  }
+}
+async function initiateAuthenticatorLogin(options) {
+  try {
+    const response = await fetch("/api/auth/passwordless/initiate", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        email: options.email,
+        session_id: options.sessionId
+      })
+    });
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      return {
+        success: false,
+        error: "initiation_failed",
+        error_description: errorData.error_description || "Failed to create challenge"
+      };
+    }
+    const data = await response.json();
+    return {
+      success: true,
+      challengeCode: data.challenge_code,
+      challengeId: data.challenge_id
+    };
+  } catch (error) {
+    console.error("Authenticator login error:", error);
+    return {
+      success: false,
+      error: "network_error",
+      error_description: "Failed to connect to authentication server"
+    };
+  }
+}
+async function completeAuthenticatorLogin(accessToken) {
+  return { success: true, access_token: accessToken };
+}
+async function simulateApproval(challengeId, selectedCode) {
+  try {
+    await fetch("/api/auth/challenge/approve", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        challenge_id: challengeId,
+        selected_code: selectedCode
+      })
+    });
+    return { success: true };
+  } catch (error) {
+    console.error("Simulated approval failed:", error);
+    return { success: false };
+  }
+}
+async function logout(options) {
+  try {
+    const { getSession } = await import("next-auth/react");
+    const session = await getSession();
+    if (session?.accessToken) {
+      await fetch("/api/auth/logout", {
+        method: "POST",
+        headers: {
+          "Authorization": `Bearer ${session.accessToken}`
+        }
+      });
+    }
+  } catch (error) {
+    console.error("[Logout] Failed to call logout API:", error);
+  }
+  const { signOut: signOut4 } = await import("next-auth/react");
+  await signOut4({
+    callbackUrl: options?.callbackUrl || "/",
+    redirect: true
+  });
+}
 export {
   AuthStatus,
   DEFAULT_HOSTED_AUTH_CONFIG,
@@ -231,9 +362,14 @@ export {
   SignInButton,
   SignOutButton,
   UserProfile,
+  completeAuthenticatorLogin,
+  initiateAuthenticatorLogin,
+  loginWithPassword,
+  logout,
   redirectToHostedAuth,
   signIn3 as signIn,
   signOut3 as signOut,
+  simulateApproval,
   useOAuth42Session,
   useOAuth42Tokens,
   useOAuth42User,

package/dist/client/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/client/index.ts","../../src/client/hooks.ts","../../src/client/components.tsx","../../src/utils/hosted-auth.ts"],"sourcesContent":["// Client-side exports\n\n// Re-export commonly used next-auth/react functions\nexport { signIn, signOut, useSession, SessionProvider } from 'next-auth/react';\nexport type { Session } from 'next-auth';\nexport {\n useOAuth42Session,\n useOAuth42User,\n useOAuth42Tokens,\n useRequireAuth,\n} from './hooks';\n\nexport type {\n OAuth42Session,\n UseOAuth42SessionReturn,\n} from './hooks';\n\nexport {\n SignInButton,\n SignOutButton,\n UserProfile,\n AuthStatus,\n ProtectedComponent,\n} from './components';\n\nexport type {\n SignInButtonProps,\n SignOutButtonProps,\n UserProfileProps,\n AuthStatusProps,\n ProtectedComponentProps,\n} from './components';\n\n// Hosted auth utilities\nexport {\n redirectToHostedAuth,\n verifyState,\n DEFAULT_HOSTED_AUTH_CONFIG,\n} from '../utils/hosted-auth';\n\nexport type {\n HostedAuthOptions,\n HostedAuthConfig,\n} from '../utils/hosted-auth';","import { useSession, signIn, signOut } from 'next-auth/react';\nimport { useCallback, useEffect, useState } from 'react';\n\nexport type OAuth42Session<E = {}> = ({\n user?: {\n email?: string \| null;\n name?: string \| null;\n image?: string \| null;\n username?: string;\n emailVerified?: boolean;\n };\n accessToken?: string;\n idToken?: string;\n expires?: string;\n}) & E;\n\nexport interface UseOAuth42SessionReturn<E = {}> {\n session: OAuth42Session<E> \| null;\n loading: boolean;\n error: Error \| null;\n isAuthenticated: boolean;\n signIn: () => Promise<void>;\n signOut: () => Promise<void>;\n}\n\n/*\n Hook to manage OAuth42 session with optional extra fields\n /\nexport function useOAuth42Session<E = {}>(): UseOAuth42SessionReturn<E> {\n const { data: session, status } = useSession();\n const [error, setError] = useState<Error \| null>(null);\n \n const handleSignIn = useCallback(async () => {\n try {\n setError(null);\n await signIn('oauth42');\n } catch (err) {\n setError(err as Error);\n }\n }, []);\n \n const handleSignOut = useCallback(async () => {\n try {\n setError(null);\n await signOut();\n } catch (err) {\n setError(err as Error);\n }\n }, []);\n \n return {\n session: session as unknown as OAuth42Session<E> \| null,\n loading: status === 'loading',\n error,\n isAuthenticated: status === 'authenticated',\n signIn: handleSignIn,\n signOut: handleSignOut,\n };\n}\n\n/\n Hook to get the current OAuth42 user\n /\nexport function useOAuth42User<E = {}>() {\n const { session, isAuthenticated } = useOAuth42Session<E>();\n \n return {\n user: isAuthenticated ? session?.user : null,\n isAuthenticated,\n };\n}\n\n/\n Hook to manage OAuth42 tokens\n /\nexport function useOAuth42Tokens<E = {}>() {\n const { session } = useOAuth42Session<E>();\n const [isExpired, setIsExpired] = useState(false);\n \n useEffect(() => {\n if (session?.expires) {\n const expiryTime = new Date(session.expires).getTime();\n const now = Date.now();\n setIsExpired(now >= expiryTime);\n \n // Set a timer to update expiry status\n const timeUntilExpiry = expiryTime - now;\n if (timeUntilExpiry > 0) {\n const timer = setTimeout(() => {\n setIsExpired(true);\n }, timeUntilExpiry);\n \n return () => clearTimeout(timer);\n }\n }\n }, [session?.expires]);\n \n return {\n accessToken: session?.accessToken,\n idToken: session?.idToken,\n isExpired,\n refreshToken: async () => {\n // Trigger a session refresh\n await signIn('oauth42');\n },\n };\n}\n\n/\n Hook for protected routes\n /\nexport function useRequireAuth(redirectTo: string = '/auth/signin') {\n const { isAuthenticated, loading } = useOAuth42Session();\n const [isRedirecting, setIsRedirecting] = useState(false);\n \n useEffect(() => {\n if (!loading && !isAuthenticated && !isRedirecting) {\n setIsRedirecting(true);\n if (typeof window !== 'undefined') {\n window.location.href = redirectTo;\n }\n }\n }, [isAuthenticated, loading, redirectTo, isRedirecting]);\n \n return {\n isAuthenticated,\n loading: loading \|\| isRedirecting,\n };\n}\n","import React from 'react';\nimport { signIn, signOut } from 'next-auth/react';\nimport { useOAuth42Session, useOAuth42User } from './hooks';\n\nexport interface SignInButtonProps {\n children?: React.ReactNode;\n className?: string;\n callbackUrl?: string;\n onClick?: () => void;\n}\n\n/\n Sign in button component\n /\nexport function SignInButton({ \n children = 'Sign in with OAuth42', \n className = '',\n callbackUrl = '/',\n onClick\n}: SignInButtonProps) {\n const handleClick = async () => {\n if (onClick) onClick();\n await signIn('oauth42', { callbackUrl });\n };\n \n return (\n <button\n onClick={handleClick}\n className={className}\n type=\"button\"\n >\n {children}\n </button>\n );\n}\n\nexport interface SignOutButtonProps {\n children?: React.ReactNode;\n className?: string;\n callbackUrl?: string;\n onClick?: () => void;\n}\n\n/\n Sign out button component\n /\nexport function SignOutButton({ \n children = 'Sign out', \n className = '',\n callbackUrl = '/',\n onClick\n}: SignOutButtonProps) {\n const handleClick = async () => {\n if (onClick) onClick();\n await signOut({ callbackUrl });\n };\n \n return (\n <button\n onClick={handleClick}\n className={className}\n type=\"button\"\n >\n {children}\n </button>\n );\n}\n\nexport interface UserProfileProps {\n className?: string;\n showEmail?: boolean;\n showName?: boolean;\n showImage?: boolean;\n loadingComponent?: React.ReactNode;\n notAuthenticatedComponent?: React.ReactNode;\n}\n\n/\n User profile display component\n /\nexport function UserProfile({\n className = '',\n showEmail = true,\n showName = true,\n showImage = true,\n loadingComponent = <div>Loading...</div>,\n notAuthenticatedComponent = <div>Not authenticated</div>,\n}: UserProfileProps) {\n const { session, loading, isAuthenticated } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n if (!isAuthenticated \|\| !session?.user) {\n return <>{notAuthenticatedComponent}</>;\n }\n \n const { user } = session;\n \n return (\n <div className={className}>\n {showImage && user.image && (\n <img \n src={user.image} \n alt={user.name \|\| 'User'} \n style={{ width: 50, height: 50, borderRadius: '50%' }}\n />\n )}\n {showName && user.name && <div>{user.name}</div>}\n {showEmail && user.email && <div>{user.email}</div>}\n </div>\n );\n}\n\nexport interface AuthStatusProps {\n authenticatedComponent?: React.ReactNode;\n unauthenticatedComponent?: React.ReactNode;\n loadingComponent?: React.ReactNode;\n}\n\n/\n Conditional rendering based on auth status\n /\nexport function AuthStatus({\n authenticatedComponent,\n unauthenticatedComponent,\n loadingComponent = <div>Loading...</div>,\n}: AuthStatusProps) {\n const { isAuthenticated, loading } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n return <>{isAuthenticated ? authenticatedComponent : unauthenticatedComponent}</>;\n}\n\nexport interface ProtectedComponentProps {\n children: React.ReactNode;\n fallback?: React.ReactNode;\n loadingComponent?: React.ReactNode;\n}\n\n/\n Wrapper component for protected content\n /\nexport function ProtectedComponent({\n children,\n fallback = <SignInButton />,\n loadingComponent = <div>Loading...</div>,\n}: ProtectedComponentProps) {\n const { isAuthenticated, loading } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n if (!isAuthenticated) {\n return <>{fallback}</>;\n }\n \n return <>{children}</>;\n}","/\n Utilities for OAuth42 Hosted Authentication\n /\n\nexport interface HostedAuthOptions {\n /* OAuth2 client ID /\n clientId: string;\n /* Redirect URI after authentication /\n redirectUri: string;\n /* OAuth2 scopes (space-separated) /\n scope?: string;\n /* OAuth2 state parameter for CSRF protection /\n state?: string;\n /* Base URL for hosted auth (defaults to production) /\n baseUrl?: string;\n}\n\n/\n Generate a random state parameter for CSRF protection\n /\nfunction generateState(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');\n}\n\n/\n Redirect to OAuth42 hosted authentication pages\n \n @example\n * ```ts\n * import { redirectToHostedAuth } from '@oauth42/next/client';\n \n function LoginButton() {\n * return (\n * <button onClick={() => redirectToHostedAuth({\n * clientId: process.env.NEXT_PUBLIC_OAUTH42_CLIENT_ID!,\n * redirectUri: `${window.location.origin}/api/auth/callback`,\n * })}>\n * Sign in with OAuth42\n * </button>\n * );\n * }\n * ```\n /\nexport function redirectToHostedAuth(options: HostedAuthOptions): void {\n const {\n clientId,\n redirectUri,\n scope = 'openid profile email',\n state = generateState(),\n baseUrl = 'https://hosted-auth.oauth42.com',\n } = options;\n\n const params = new URLSearchParams({\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n scope,\n state,\n });\n\n const authUrl = `${baseUrl}/login?${params.toString()}`;\n\n // Store state in sessionStorage for verification on callback\n if (typeof window !== 'undefined') {\n sessionStorage.setItem('oauth42_state', state);\n window.location.href = authUrl;\n }\n}\n\n/\n Verify state parameter on OAuth2 callback\n * Call this in your callback page to verify the state matches\n \n @example\n * ```ts\n * import { verifyState } from '@oauth42/next/client';\n \n export default function CallbackPage() {\n * const searchParams = useSearchParams();\n * const state = searchParams.get('state');\n \n if (!verifyState(state)) {\n * return <div>Invalid state parameter</div>;\n * }\n \n // Continue with token exchange...\n * }\n * ```\n /\nexport function verifyState(state: string \| null): boolean {\n if (typeof window === 'undefined') return false;\n if (!state) return false;\n\n const storedState = sessionStorage.getItem('oauth42_state');\n sessionStorage.removeItem('oauth42_state');\n\n return storedState === state;\n}\n\n/\n Configuration for hosted authentication\n /\nexport interface HostedAuthConfig {\n /* Enable hosted authentication /\n enabled: boolean;\n /* Base URL for hosted auth pages (optional, defaults to production) /\n baseUrl?: string;\n /* Feature flags for hosted auth /\n features?: {\n /* Allow user signup /\n signup?: boolean;\n /* Allow social login /\n socialLogin?: boolean;\n /* Allow password reset /\n passwordReset?: boolean;\n };\n}\n\n/\n Default hosted auth configuration\n */\nexport const DEFAULT_HOSTED_AUTH_CONFIG: HostedAuthConfig = {\n enabled: true,\n baseUrl: 'https://hosted-auth.oauth42.com',\n features: {\n signup: true,\n socialLogin: false,\n passwordReset: true,\n },\n};\n"],"mappings":";AAGA,SAAS,UAAAA,SAAQ,WAAAC,UAAS,cAAAC,aAAY,uBAAuB;;;ACH7D,SAAS,YAAY,QAAQ,eAAe;AAC5C,SAAS,aAAa,WAAW,gBAAgB;AA2B1C,SAAS,oBAAwD;AACtE,QAAM,EAAE,MAAM,SAAS,OAAO,IAAI,WAAW;AAC7C,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAuB,IAAI;AAErD,QAAM,eAAe,YAAY,YAAY;AAC3C,QAAI;AACF,eAAS,IAAI;AACb,YAAM,OAAO,SAAS;AAAA,IACxB,SAAS,KAAK;AACZ,eAAS,GAAY;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,gBAAgB,YAAY,YAAY;AAC5C,QAAI;AACF,eAAS,IAAI;AACb,YAAM,QAAQ;AAAA,IAChB,SAAS,KAAK;AACZ,eAAS,GAAY;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,SAAO;AAAA,IACL;AAAA,IACA,SAAS,WAAW;AAAA,IACpB;AAAA,IACA,iBAAiB,WAAW;AAAA,IAC5B,QAAQ;AAAA,IACR,SAAS;AAAA,EACX;AACF;AAKO,SAAS,iBAAyB;AACvC,QAAM,EAAE,SAAS,gBAAgB,IAAI,kBAAqB;AAE1D,SAAO;AAAA,IACL,MAAM,kBAAkB,SAAS,OAAO;AAAA,IACxC;AAAA,EACF;AACF;AAKO,SAAS,mBAA2B;AACzC,QAAM,EAAE,QAAQ,IAAI,kBAAqB;AACzC,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,KAAK;AAEhD,YAAU,MAAM;AACd,QAAI,SAAS,SAAS;AACpB,YAAM,aAAa,IAAI,KAAK,QAAQ,OAAO,EAAE,QAAQ;AACrD,YAAM,MAAM,KAAK,IAAI;AACrB,mBAAa,OAAO,UAAU;AAG9B,YAAM,kBAAkB,aAAa;AACrC,UAAI,kBAAkB,GAAG;AACvB,cAAM,QAAQ,WAAW,MAAM;AAC7B,uBAAa,IAAI;AAAA,QACnB,GAAG,eAAe;AAElB,eAAO,MAAM,aAAa,KAAK;AAAA,MACjC;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,OAAO,CAAC;AAErB,SAAO;AAAA,IACL,aAAa,SAAS;AAAA,IACtB,SAAS,SAAS;AAAA,IAClB;AAAA,IACA,cAAc,YAAY;AAExB,YAAM,OAAO,SAAS;AAAA,IACxB;AAAA,EACF;AACF;AAKO,SAAS,eAAe,aAAqB,gBAAgB;AAClE,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AACvD,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAS,KAAK;AAExD,YAAU,MAAM;AACd,QAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,eAAe;AAClD,uBAAiB,IAAI;AACrB,UAAI,OAAO,WAAW,aAAa;AACjC,eAAO,SAAS,OAAO;AAAA,MACzB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,iBAAiB,SAAS,YAAY,aAAa,CAAC;AAExD,SAAO;AAAA,IACL;AAAA,IACA,SAAS,WAAW;AAAA,EACtB;AACF;;;AC/HA,SAAS,UAAAC,SAAQ,WAAAC,gBAAe;AAyB5B,SAiEO,UAjEP,KA2EA,YA3EA;AAZG,SAAS,aAAa;AAAA,EAC3B,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,cAAc;AAAA,EACd;AACF,GAAsB;AACpB,QAAM,cAAc,YAAY;AAC9B,QAAI,QAAS,SAAQ;AACrB,UAAMC,QAAO,WAAW,EAAE,YAAY,CAAC;AAAA,EACzC;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,SAAS;AAAA,MACT;AAAA,MACA,MAAK;AAAA,MAEJ;AAAA;AAAA,EACH;AAEJ;AAYO,SAAS,cAAc;AAAA,EAC5B,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,cAAc;AAAA,EACd;AACF,GAAuB;AACrB,QAAM,cAAc,YAAY;AAC9B,QAAI,QAAS,SAAQ;AACrB,UAAMC,SAAQ,EAAE,YAAY,CAAC;AAAA,EAC/B;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,SAAS;AAAA,MACT;AAAA,MACA,MAAK;AAAA,MAEJ;AAAA;AAAA,EACH;AAEJ;AAcO,SAAS,YAAY;AAAA,EAC1B,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,mBAAmB,oBAAC,SAAI,wBAAU;AAAA,EAClC,4BAA4B,oBAAC,SAAI,+BAAiB;AACpD,GAAqB;AACnB,QAAM,EAAE,SAAS,SAAS,gBAAgB,IAAI,kBAAkB;AAEhE,MAAI,SAAS;AACX,WAAO,gCAAG,4BAAiB;AAAA,EAC7B;AAEA,MAAI,CAAC,mBAAmB,CAAC,SAAS,MAAM;AACtC,WAAO,gCAAG,qCAA0B;AAAA,EACtC;AAEA,QAAM,EAAE,KAAK,IAAI;AAEjB,SACE,qBAAC,SAAI,WACF;AAAA,iBAAa,KAAK,SACjB;AAAA,MAAC;AAAA;AAAA,QACC,KAAK,KAAK;AAAA,QACV,KAAK,KAAK,QAAQ;AAAA,QAClB,OAAO,EAAE,OAAO,IAAI,QAAQ,IAAI,cAAc,MAAM;AAAA;AAAA,IACtD;AAAA,IAED,YAAY,KAAK,QAAQ,oBAAC,SAAK,eAAK,MAAK;AAAA,IACzC,aAAa,KAAK,SAAS,oBAAC,SAAK,eAAK,OAAM;AAAA,KAC/C;AAEJ;AAWO,SAAS,WAAW;AAAA,EACzB;AAAA,EACA;AAAA,EACA,mBAAmB,oBAAC,SAAI,wBAAU;AACpC,GAAoB;AAClB,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AAEvD,MAAI,SAAS;AACX,WAAO,gCAAG,4BAAiB;AAAA,EAC7B;AAEA,SAAO,gCAAG,4BAAkB,yBAAyB,0BAAyB;AAChF;AAWO,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA,WAAW,oBAAC,gBAAa;AAAA,EACzB,mBAAmB,oBAAC,SAAI,wBAAU;AACpC,GAA4B;AAC1B,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AAEvD,MAAI,SAAS;AACX,WAAO,gCAAG,4BAAiB;AAAA,EAC7B;AAEA,MAAI,CAAC,iBAAiB;AACpB,WAAO,gCAAG,oBAAS;AAAA,EACrB;AAEA,SAAO,gCAAG,UAAS;AACrB;;;AC/IA,SAAS,gBAAwB;AAC/B,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,SAAO,MAAM,KAAK,OAAO,UAAQ,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAC9E;AAqBO,SAAS,qBAAqB,SAAkC;AACrE,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,QAAQ,cAAc;AAAA,IACtB,UAAU;AAAA,EACZ,IAAI;AAEJ,QAAM,SAAS,IAAI,gBAAgB;AAAA,IACjC,WAAW;AAAA,IACX,cAAc;AAAA,IACd,eAAe;AAAA,IACf;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,UAAU,GAAG,OAAO,UAAU,OAAO,SAAS,CAAC;AAGrD,MAAI,OAAO,WAAW,aAAa;AACjC,mBAAe,QAAQ,iBAAiB,KAAK;AAC7C,WAAO,SAAS,OAAO;AAAA,EACzB;AACF;AAsBO,SAAS,YAAY,OAA+B;AACzD,MAAI,OAAO,WAAW,YAAa,QAAO;AAC1C,MAAI,CAAC,MAAO,QAAO;AAEnB,QAAM,cAAc,eAAe,QAAQ,eAAe;AAC1D,iBAAe,WAAW,eAAe;AAEzC,SAAO,gBAAgB;AACzB;AAwBO,IAAM,6BAA+C;AAAA,EAC1D,SAAS;AAAA,EACT,SAAS;AAAA,EACT,UAAU;AAAA,IACR,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,eAAe;AAAA,EACjB;AACF;","names":["signIn","signOut","useSession","signIn","signOut","signIn","signOut"]}
1	+ {"version":3,"sources":["../../src/client/index.ts","../../src/client/hooks.ts","../../src/client/components.tsx","../../src/utils/hosted-auth.ts","../../src/client/auth.ts"],"sourcesContent":["// Client-side exports\n\n// Re-export commonly used next-auth/react functions\nexport { signIn, signOut, useSession, SessionProvider } from 'next-auth/react';\nexport type { Session } from 'next-auth';\nexport {\n useOAuth42Session,\n useOAuth42User,\n useOAuth42Tokens,\n useRequireAuth,\n} from './hooks';\n\nexport type {\n OAuth42Session,\n UseOAuth42SessionReturn,\n} from './hooks';\n\nexport {\n SignInButton,\n SignOutButton,\n UserProfile,\n AuthStatus,\n ProtectedComponent,\n} from './components';\n\nexport type {\n SignInButtonProps,\n SignOutButtonProps,\n UserProfileProps,\n AuthStatusProps,\n ProtectedComponentProps,\n} from './components';\n\n// Hosted auth utilities\nexport {\n redirectToHostedAuth,\n verifyState,\n DEFAULT_HOSTED_AUTH_CONFIG,\n} from '../utils/hosted-auth';\n\nexport type {\n HostedAuthOptions,\n HostedAuthConfig,\n} from '../utils/hosted-auth';\n\n// Custom authentication utilities\nexport {\n loginWithPassword,\n initiateAuthenticatorLogin,\n completeAuthenticatorLogin,\n simulateApproval,\n logout,\n} from './auth';\n\nexport type {\n LoginWithPasswordOptions,\n LoginWithAuthenticatorOptions,\n AuthError,\n} from './auth';","import { useSession, signIn, signOut } from 'next-auth/react';\nimport { useCallback, useEffect, useState } from 'react';\n\nexport type OAuth42Session<E = {}> = ({\n user?: {\n email?: string \| null;\n name?: string \| null;\n image?: string \| null;\n username?: string;\n emailVerified?: boolean;\n };\n accessToken?: string;\n idToken?: string;\n expires?: string;\n}) & E;\n\nexport interface UseOAuth42SessionReturn<E = {}> {\n session: OAuth42Session<E> \| null;\n loading: boolean;\n error: Error \| null;\n isAuthenticated: boolean;\n signIn: () => Promise<void>;\n signOut: () => Promise<void>;\n}\n\n/*\n Hook to manage OAuth42 session with optional extra fields\n /\nexport function useOAuth42Session<E = {}>(): UseOAuth42SessionReturn<E> {\n const { data: session, status } = useSession();\n const [error, setError] = useState<Error \| null>(null);\n \n const handleSignIn = useCallback(async () => {\n try {\n setError(null);\n await signIn('oauth42');\n } catch (err) {\n setError(err as Error);\n }\n }, []);\n \n const handleSignOut = useCallback(async () => {\n try {\n setError(null);\n await signOut();\n } catch (err) {\n setError(err as Error);\n }\n }, []);\n \n return {\n session: session as unknown as OAuth42Session<E> \| null,\n loading: status === 'loading',\n error,\n isAuthenticated: status === 'authenticated',\n signIn: handleSignIn,\n signOut: handleSignOut,\n };\n}\n\n/\n Hook to get the current OAuth42 user\n /\nexport function useOAuth42User<E = {}>() {\n const { session, isAuthenticated } = useOAuth42Session<E>();\n \n return {\n user: isAuthenticated ? session?.user : null,\n isAuthenticated,\n };\n}\n\n/\n Hook to manage OAuth42 tokens\n /\nexport function useOAuth42Tokens<E = {}>() {\n const { session } = useOAuth42Session<E>();\n const [isExpired, setIsExpired] = useState(false);\n \n useEffect(() => {\n if (session?.expires) {\n const expiryTime = new Date(session.expires).getTime();\n const now = Date.now();\n setIsExpired(now >= expiryTime);\n \n // Set a timer to update expiry status\n const timeUntilExpiry = expiryTime - now;\n if (timeUntilExpiry > 0) {\n const timer = setTimeout(() => {\n setIsExpired(true);\n }, timeUntilExpiry);\n \n return () => clearTimeout(timer);\n }\n }\n }, [session?.expires]);\n \n return {\n accessToken: session?.accessToken,\n idToken: session?.idToken,\n isExpired,\n refreshToken: async () => {\n // Trigger a session refresh\n await signIn('oauth42');\n },\n };\n}\n\n/\n Hook for protected routes\n /\nexport function useRequireAuth(redirectTo: string = '/auth/signin') {\n const { isAuthenticated, loading } = useOAuth42Session();\n const [isRedirecting, setIsRedirecting] = useState(false);\n \n useEffect(() => {\n if (!loading && !isAuthenticated && !isRedirecting) {\n setIsRedirecting(true);\n if (typeof window !== 'undefined') {\n window.location.href = redirectTo;\n }\n }\n }, [isAuthenticated, loading, redirectTo, isRedirecting]);\n \n return {\n isAuthenticated,\n loading: loading \|\| isRedirecting,\n };\n}\n","import React from 'react';\nimport { signIn, signOut } from 'next-auth/react';\nimport { useOAuth42Session, useOAuth42User } from './hooks';\n\nexport interface SignInButtonProps {\n children?: React.ReactNode;\n className?: string;\n callbackUrl?: string;\n onClick?: () => void;\n}\n\n/\n Sign in button component\n /\nexport function SignInButton({ \n children = 'Sign in with OAuth42', \n className = '',\n callbackUrl = '/',\n onClick\n}: SignInButtonProps) {\n const handleClick = async () => {\n if (onClick) onClick();\n await signIn('oauth42', { callbackUrl });\n };\n \n return (\n <button\n onClick={handleClick}\n className={className}\n type=\"button\"\n >\n {children}\n </button>\n );\n}\n\nexport interface SignOutButtonProps {\n children?: React.ReactNode;\n className?: string;\n callbackUrl?: string;\n onClick?: () => void;\n}\n\n/\n Sign out button component\n /\nexport function SignOutButton({ \n children = 'Sign out', \n className = '',\n callbackUrl = '/',\n onClick\n}: SignOutButtonProps) {\n const handleClick = async () => {\n if (onClick) onClick();\n await signOut({ callbackUrl });\n };\n \n return (\n <button\n onClick={handleClick}\n className={className}\n type=\"button\"\n >\n {children}\n </button>\n );\n}\n\nexport interface UserProfileProps {\n className?: string;\n showEmail?: boolean;\n showName?: boolean;\n showImage?: boolean;\n loadingComponent?: React.ReactNode;\n notAuthenticatedComponent?: React.ReactNode;\n}\n\n/\n User profile display component\n /\nexport function UserProfile({\n className = '',\n showEmail = true,\n showName = true,\n showImage = true,\n loadingComponent = <div>Loading...</div>,\n notAuthenticatedComponent = <div>Not authenticated</div>,\n}: UserProfileProps) {\n const { session, loading, isAuthenticated } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n if (!isAuthenticated \|\| !session?.user) {\n return <>{notAuthenticatedComponent}</>;\n }\n \n const { user } = session;\n \n return (\n <div className={className}>\n {showImage && user.image && (\n <img \n src={user.image} \n alt={user.name \|\| 'User'} \n style={{ width: 50, height: 50, borderRadius: '50%' }}\n />\n )}\n {showName && user.name && <div>{user.name}</div>}\n {showEmail && user.email && <div>{user.email}</div>}\n </div>\n );\n}\n\nexport interface AuthStatusProps {\n authenticatedComponent?: React.ReactNode;\n unauthenticatedComponent?: React.ReactNode;\n loadingComponent?: React.ReactNode;\n}\n\n/\n Conditional rendering based on auth status\n /\nexport function AuthStatus({\n authenticatedComponent,\n unauthenticatedComponent,\n loadingComponent = <div>Loading...</div>,\n}: AuthStatusProps) {\n const { isAuthenticated, loading } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n return <>{isAuthenticated ? authenticatedComponent : unauthenticatedComponent}</>;\n}\n\nexport interface ProtectedComponentProps {\n children: React.ReactNode;\n fallback?: React.ReactNode;\n loadingComponent?: React.ReactNode;\n}\n\n/\n Wrapper component for protected content\n /\nexport function ProtectedComponent({\n children,\n fallback = <SignInButton />,\n loadingComponent = <div>Loading...</div>,\n}: ProtectedComponentProps) {\n const { isAuthenticated, loading } = useOAuth42Session();\n \n if (loading) {\n return <>{loadingComponent}</>;\n }\n \n if (!isAuthenticated) {\n return <>{fallback}</>;\n }\n \n return <>{children}</>;\n}","/\n Utilities for OAuth42 Hosted Authentication\n /\n\nexport interface HostedAuthOptions {\n /* OAuth2 client ID /\n clientId: string;\n /* Redirect URI after authentication /\n redirectUri: string;\n /* OAuth2 scopes (space-separated) /\n scope?: string;\n /* OAuth2 state parameter for CSRF protection /\n state?: string;\n /* Base URL for hosted auth (defaults to production) /\n baseUrl?: string;\n}\n\n/\n Generate a random state parameter for CSRF protection\n /\nfunction generateState(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');\n}\n\n/\n Redirect to OAuth42 hosted authentication pages\n \n @example\n * ```ts\n * import { redirectToHostedAuth } from '@oauth42/next/client';\n \n function LoginButton() {\n * return (\n * <button onClick={() => redirectToHostedAuth({\n * clientId: process.env.NEXT_PUBLIC_OAUTH42_CLIENT_ID!,\n * redirectUri: `${window.location.origin}/api/auth/callback`,\n * })}>\n * Sign in with OAuth42\n * </button>\n * );\n * }\n * ```\n /\nexport function redirectToHostedAuth(options: HostedAuthOptions): void {\n const {\n clientId,\n redirectUri,\n scope = 'openid profile email',\n state = generateState(),\n baseUrl = 'https://auth.oauth42.com',\n } = options;\n\n const params = new URLSearchParams({\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n scope,\n state,\n });\n\n const authUrl = `${baseUrl}/login?${params.toString()}`;\n\n // Store state in sessionStorage for verification on callback\n if (typeof window !== 'undefined') {\n sessionStorage.setItem('oauth42_state', state);\n window.location.href = authUrl;\n }\n}\n\n/\n Verify state parameter on OAuth2 callback\n * Call this in your callback page to verify the state matches\n \n @example\n * ```ts\n * import { verifyState } from '@oauth42/next/client';\n \n export default function CallbackPage() {\n * const searchParams = useSearchParams();\n * const state = searchParams.get('state');\n \n if (!verifyState(state)) {\n * return <div>Invalid state parameter</div>;\n * }\n \n // Continue with token exchange...\n * }\n * ```\n /\nexport function verifyState(state: string \| null): boolean {\n if (typeof window === 'undefined') return false;\n if (!state) return false;\n\n const storedState = sessionStorage.getItem('oauth42_state');\n sessionStorage.removeItem('oauth42_state');\n\n return storedState === state;\n}\n\n/\n Configuration for hosted authentication\n /\nexport interface HostedAuthConfig {\n /* Enable hosted authentication /\n enabled: boolean;\n /* Base URL for hosted auth pages (optional, defaults to production) /\n baseUrl?: string;\n /* Feature flags for hosted auth /\n features?: {\n /* Allow user signup /\n signup?: boolean;\n /* Allow social login /\n socialLogin?: boolean;\n /* Allow password reset /\n passwordReset?: boolean;\n };\n}\n\n/\n Default hosted auth configuration\n /\nexport const DEFAULT_HOSTED_AUTH_CONFIG: HostedAuthConfig = {\n enabled: true,\n baseUrl: 'https://auth.oauth42.com',\n features: {\n signup: true,\n socialLogin: false,\n passwordReset: true,\n },\n};\n","/\n OAuth42 Custom Authentication Utilities\n \n Provides functions for implementing custom login UIs in customer apps\n * while properly handling OAuth2 PKCE flows and next-auth integration.\n /\n\nimport { signIn } from 'next-auth/react';\n\n// PKCE utilities\nfunction base64URLEncode(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary)\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=/g, '');\n}\n\nasync function generateCodeVerifier(): Promise<string> {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return base64URLEncode(array.buffer);\n}\n\nasync function generateCodeChallenge(verifier: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(verifier);\n const hash = await crypto.subtle.digest('SHA-256', data);\n return base64URLEncode(hash);\n}\n\nfunction generateState(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return base64URLEncode(array.buffer);\n}\n\nexport interface LoginWithPasswordOptions {\n email: string;\n password: string;\n mfaCode?: string;\n /\n URL to redirect to after successful authentication.\n * If not provided, will redirect to '/'\n /\n callbackUrl?: string;\n}\n\nexport interface LoginWithAuthenticatorOptions {\n email: string;\n sessionId: string;\n /\n URL to redirect to after successful authentication.\n * If not provided, will redirect to '/'\n /\n callbackUrl?: string;\n}\n\nexport interface AuthError {\n error: string;\n error_description?: string;\n requires_enrollment?: boolean;\n enrollment_token?: string;\n requires_mfa?: boolean;\n}\n\n/\n Authenticate with email/password and complete OAuth PKCE flow\n \n This function handles the full authentication flow:\n * 1. Authenticates with the backend using credentials\n * 2. Uses the access token to authorize the OAuth client\n * 3. Exchanges authorization code for tokens via next-auth\n \n @example\n * ```tsx\n * const result = await loginWithPassword({\n * email: 'user@example.com',\n * password: 'password123',\n * callbackUrl: '/dashboard'\n * });\n \n if (result.success) {\n * // User is authenticated, next-auth session is set\n * } else if (result.requires_mfa) {\n * // Prompt for MFA code and call again with mfaCode\n * }\n * ```\n /\nexport async function loginWithPassword(\n options: LoginWithPasswordOptions\n): Promise<{ success: boolean; access_token?: string } & Partial<AuthError>> {\n try {\n // Step 1: Authenticate with backend to get access token\n const loginResponse = await fetch('/api/auth/login', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n email: options.email,\n password: options.password,\n ...(options.mfaCode ? { mfa_code: options.mfaCode } : {}),\n }),\n });\n\n if (!loginResponse.ok) {\n const errorData = await loginResponse.json().catch(() => ({}));\n const desc: string = errorData?.error_description \|\| errorData?.message \|\| '';\n\n // Handle special cases\n if (loginResponse.status === 403 && errorData?.requires_enrollment) {\n return {\n success: false,\n error: 'enrollment_required',\n error_description: 'MFA enrollment required',\n requires_enrollment: true,\n enrollment_token: errorData.enrollment_token,\n };\n }\n\n if (loginResponse.status === 403 && /mfa required/i.test(desc)) {\n return {\n success: false,\n error: 'mfa_required',\n error_description: 'MFA code required',\n requires_mfa: true,\n };\n }\n\n if (loginResponse.status === 401 && /invalid mfa code/i.test(desc)) {\n return {\n success: false,\n error: 'invalid_mfa_code',\n error_description: 'Invalid MFA code',\n requires_mfa: true,\n };\n }\n\n return {\n success: false,\n error: 'authentication_failed',\n error_description: desc \|\| 'Invalid credentials',\n };\n }\n\n const { access_token } = await loginResponse.json();\n\n // Return access token for the application to use in OAuth authorize flow\n return { success: true, access_token };\n } catch (error) {\n console.error('Login error:', error);\n return {\n success: false,\n error: 'network_error',\n error_description: 'Failed to connect to authentication server',\n };\n }\n}\n\n/\n Initiate authenticator (passwordless) login and return challenge code\n \n @example\n * ```tsx\n * const result = await initiateAuthenticatorLogin({\n * email: 'user@example.com',\n * sessionId: crypto.randomUUID()\n * });\n \n if (result.success) {\n * // Display result.challengeCode to user\n * // Wait for WebSocket approval or poll for completion\n * }\n * ```\n /\nexport async function initiateAuthenticatorLogin(\n options: LoginWithAuthenticatorOptions\n): Promise<{\n success: boolean;\n challengeCode?: string;\n challengeId?: string;\n} & Partial<AuthError>> {\n try {\n const response = await fetch('/api/auth/passwordless/initiate', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n email: options.email,\n session_id: options.sessionId,\n }),\n });\n\n if (!response.ok) {\n const errorData = await response.json().catch(() => ({}));\n return {\n success: false,\n error: 'initiation_failed',\n error_description: errorData.error_description \|\| 'Failed to create challenge',\n };\n }\n\n const data = await response.json();\n\n return {\n success: true,\n challengeCode: data.challenge_code,\n challengeId: data.challenge_id,\n };\n } catch (error) {\n console.error('Authenticator login error:', error);\n return {\n success: false,\n error: 'network_error',\n error_description: 'Failed to connect to authentication server',\n };\n }\n}\n\n/\n Complete authenticator login after approval\n \n Call this after receiving approval notification via WebSocket\n * or after the user has approved on their mobile device.\n * Returns the access token for the application to use in OAuth authorize flow.\n \n @param accessToken - Access token received from approval payload\n /\nexport async function completeAuthenticatorLogin(\n accessToken: string\n): Promise<{ success: boolean; access_token: string }> {\n return { success: true, access_token: accessToken };\n}\n\n/\n Simulate approval for testing (development only)\n \n @param challengeId - The challenge ID to approve\n * @param selectedCode - The code that was displayed to the user\n /\nexport async function simulateApproval(\n challengeId: string,\n selectedCode: string\n): Promise<{ success: boolean }> {\n try {\n await fetch('/api/auth/challenge/approve', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n challenge_id: challengeId,\n selected_code: selectedCode,\n }),\n });\n\n return { success: true };\n } catch (error) {\n console.error('Simulated approval failed:', error);\n return { success: false };\n }\n}\n\n/\n Logout the current user\n \n Calls the logout API route to clear backend session and oauth42_session cookie,\n * then calls next-auth signOut to clear the next-auth session and redirect.\n \n @param callbackUrl - URL to redirect to after logout (default: '/')\n \n @example\n * ```tsx\n * import { logout } from '@oauth42/next/client';\n \n const handleLogout = async () => {\n * await logout({ callbackUrl: '/login' });\n * };\n * ```\n */\nexport async function logout(options?: { callbackUrl?: string }): Promise<void> {\n try {\n // Get the current session to retrieve the access token\n const { getSession } = await import('next-auth/react');\n const session: any = await getSession();\n\n // Call logout API route to clear backend session and oauth42_session cookie\n if (session?.accessToken) {\n await fetch('/api/auth/logout', {\n method: 'POST',\n headers: {\n 'Authorization': `Bearer ${session.accessToken}`,\n },\n });\n }\n } catch (error) {\n console.error('[Logout] Failed to call logout API:', error);\n // Continue with signOut anyway\n }\n\n // Import signOut from next-auth/react\n const { signOut } = await import('next-auth/react');\n\n // Clear next-auth session\n await signOut({\n callbackUrl: options?.callbackUrl \|\| '/',\n redirect: true\n });\n}\n"],"mappings":";AAGA,SAAS,UAAAA,SAAQ,WAAAC,UAAS,cAAAC,aAAY,uBAAuB;;;ACH7D,SAAS,YAAY,QAAQ,eAAe;AAC5C,SAAS,aAAa,WAAW,gBAAgB;AA2B1C,SAAS,oBAAwD;AACtE,QAAM,EAAE,MAAM,SAAS,OAAO,IAAI,WAAW;AAC7C,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAuB,IAAI;AAErD,QAAM,eAAe,YAAY,YAAY;AAC3C,QAAI;AACF,eAAS,IAAI;AACb,YAAM,OAAO,SAAS;AAAA,IACxB,SAAS,KAAK;AACZ,eAAS,GAAY;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,gBAAgB,YAAY,YAAY;AAC5C,QAAI;AACF,eAAS,IAAI;AACb,YAAM,QAAQ;AAAA,IAChB,SAAS,KAAK;AACZ,eAAS,GAAY;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,SAAO;AAAA,IACL;AAAA,IACA,SAAS,WAAW;AAAA,IACpB;AAAA,IACA,iBAAiB,WAAW;AAAA,IAC5B,QAAQ;AAAA,IACR,SAAS;AAAA,EACX;AACF;AAKO,SAAS,iBAAyB;AACvC,QAAM,EAAE,SAAS,gBAAgB,IAAI,kBAAqB;AAE1D,SAAO;AAAA,IACL,MAAM,kBAAkB,SAAS,OAAO;AAAA,IACxC;AAAA,EACF;AACF;AAKO,SAAS,mBAA2B;AACzC,QAAM,EAAE,QAAQ,IAAI,kBAAqB;AACzC,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,KAAK;AAEhD,YAAU,MAAM;AACd,QAAI,SAAS,SAAS;AACpB,YAAM,aAAa,IAAI,KAAK,QAAQ,OAAO,EAAE,QAAQ;AACrD,YAAM,MAAM,KAAK,IAAI;AACrB,mBAAa,OAAO,UAAU;AAG9B,YAAM,kBAAkB,aAAa;AACrC,UAAI,kBAAkB,GAAG;AACvB,cAAM,QAAQ,WAAW,MAAM;AAC7B,uBAAa,IAAI;AAAA,QACnB,GAAG,eAAe;AAElB,eAAO,MAAM,aAAa,KAAK;AAAA,MACjC;AAAA,IACF;AAAA,EACF,GAAG,CAAC,SAAS,OAAO,CAAC;AAErB,SAAO;AAAA,IACL,aAAa,SAAS;AAAA,IACtB,SAAS,SAAS;AAAA,IAClB;AAAA,IACA,cAAc,YAAY;AAExB,YAAM,OAAO,SAAS;AAAA,IACxB;AAAA,EACF;AACF;AAKO,SAAS,eAAe,aAAqB,gBAAgB;AAClE,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AACvD,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAS,KAAK;AAExD,YAAU,MAAM;AACd,QAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,eAAe;AAClD,uBAAiB,IAAI;AACrB,UAAI,OAAO,WAAW,aAAa;AACjC,eAAO,SAAS,OAAO;AAAA,MACzB;AAAA,IACF;AAAA,EACF,GAAG,CAAC,iBAAiB,SAAS,YAAY,aAAa,CAAC;AAExD,SAAO;AAAA,IACL;AAAA,IACA,SAAS,WAAW;AAAA,EACtB;AACF;;;AC/HA,SAAS,UAAAC,SAAQ,WAAAC,gBAAe;AAyB5B,SAiEO,UAjEP,KA2EA,YA3EA;AAZG,SAAS,aAAa;AAAA,EAC3B,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,cAAc;AAAA,EACd;AACF,GAAsB;AACpB,QAAM,cAAc,YAAY;AAC9B,QAAI,QAAS,SAAQ;AACrB,UAAMC,QAAO,WAAW,EAAE,YAAY,CAAC;AAAA,EACzC;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,SAAS;AAAA,MACT;AAAA,MACA,MAAK;AAAA,MAEJ;AAAA;AAAA,EACH;AAEJ;AAYO,SAAS,cAAc;AAAA,EAC5B,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,cAAc;AAAA,EACd;AACF,GAAuB;AACrB,QAAM,cAAc,YAAY;AAC9B,QAAI,QAAS,SAAQ;AACrB,UAAMC,SAAQ,EAAE,YAAY,CAAC;AAAA,EAC/B;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,SAAS;AAAA,MACT;AAAA,MACA,MAAK;AAAA,MAEJ;AAAA;AAAA,EACH;AAEJ;AAcO,SAAS,YAAY;AAAA,EAC1B,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,mBAAmB,oBAAC,SAAI,wBAAU;AAAA,EAClC,4BAA4B,oBAAC,SAAI,+BAAiB;AACpD,GAAqB;AACnB,QAAM,EAAE,SAAS,SAAS,gBAAgB,IAAI,kBAAkB;AAEhE,MAAI,SAAS;AACX,WAAO,gCAAG,4BAAiB;AAAA,EAC7B;AAEA,MAAI,CAAC,mBAAmB,CAAC,SAAS,MAAM;AACtC,WAAO,gCAAG,qCAA0B;AAAA,EACtC;AAEA,QAAM,EAAE,KAAK,IAAI;AAEjB,SACE,qBAAC,SAAI,WACF;AAAA,iBAAa,KAAK,SACjB;AAAA,MAAC;AAAA;AAAA,QACC,KAAK,KAAK;AAAA,QACV,KAAK,KAAK,QAAQ;AAAA,QAClB,OAAO,EAAE,OAAO,IAAI,QAAQ,IAAI,cAAc,MAAM;AAAA;AAAA,IACtD;AAAA,IAED,YAAY,KAAK,QAAQ,oBAAC,SAAK,eAAK,MAAK;AAAA,IACzC,aAAa,KAAK,SAAS,oBAAC,SAAK,eAAK,OAAM;AAAA,KAC/C;AAEJ;AAWO,SAAS,WAAW;AAAA,EACzB;AAAA,EACA;AAAA,EACA,mBAAmB,oBAAC,SAAI,wBAAU;AACpC,GAAoB;AAClB,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AAEvD,MAAI,SAAS;AACX,WAAO,gCAAG,4BAAiB;AAAA,EAC7B;AAEA,SAAO,gCAAG,4BAAkB,yBAAyB,0BAAyB;AAChF;AAWO,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA,WAAW,oBAAC,gBAAa;AAAA,EACzB,mBAAmB,oBAAC,SAAI,wBAAU;AACpC,GAA4B;AAC1B,QAAM,EAAE,iBAAiB,QAAQ,IAAI,kBAAkB;AAEvD,MAAI,SAAS;AACX,WAAO,gCAAG,4BAAiB;AAAA,EAC7B;AAEA,MAAI,CAAC,iBAAiB;AACpB,WAAO,gCAAG,oBAAS;AAAA,EACrB;AAEA,SAAO,gCAAG,UAAS;AACrB;;;AC/IA,SAAS,gBAAwB;AAC/B,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,SAAO,MAAM,KAAK,OAAO,UAAQ,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAC9E;AAqBO,SAAS,qBAAqB,SAAkC;AACrE,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,QAAQ,cAAc;AAAA,IACtB,UAAU;AAAA,EACZ,IAAI;AAEJ,QAAM,SAAS,IAAI,gBAAgB;AAAA,IACjC,WAAW;AAAA,IACX,cAAc;AAAA,IACd,eAAe;AAAA,IACf;AAAA,IACA;AAAA,EACF,CAAC;AAED,QAAM,UAAU,GAAG,OAAO,UAAU,OAAO,SAAS,CAAC;AAGrD,MAAI,OAAO,WAAW,aAAa;AACjC,mBAAe,QAAQ,iBAAiB,KAAK;AAC7C,WAAO,SAAS,OAAO;AAAA,EACzB;AACF;AAsBO,SAAS,YAAY,OAA+B;AACzD,MAAI,OAAO,WAAW,YAAa,QAAO;AAC1C,MAAI,CAAC,MAAO,QAAO;AAEnB,QAAM,cAAc,eAAe,QAAQ,eAAe;AAC1D,iBAAe,WAAW,eAAe;AAEzC,SAAO,gBAAgB;AACzB;AAwBO,IAAM,6BAA+C;AAAA,EAC1D,SAAS;AAAA,EACT,SAAS;AAAA,EACT,UAAU;AAAA,IACR,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,eAAe;AAAA,EACjB;AACF;;;ACtCA,eAAsB,kBACpB,SAC2E;AAC3E,MAAI;AAEF,UAAM,gBAAgB,MAAM,MAAM,mBAAmB;AAAA,MACnD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO,QAAQ;AAAA,QACf,UAAU,QAAQ;AAAA,QAClB,GAAI,QAAQ,UAAU,EAAE,UAAU,QAAQ,QAAQ,IAAI,CAAC;AAAA,MACzD,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,cAAc,IAAI;AACrB,YAAM,YAAY,MAAM,cAAc,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AAC7D,YAAM,OAAe,WAAW,qBAAqB,WAAW,WAAW;AAG3E,UAAI,cAAc,WAAW,OAAO,WAAW,qBAAqB;AAClE,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,UACP,mBAAmB;AAAA,UACnB,qBAAqB;AAAA,UACrB,kBAAkB,UAAU;AAAA,QAC9B;AAAA,MACF;AAEA,UAAI,cAAc,WAAW,OAAO,gBAAgB,KAAK,IAAI,GAAG;AAC9D,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,UACP,mBAAmB;AAAA,UACnB,cAAc;AAAA,QAChB;AAAA,MACF;AAEA,UAAI,cAAc,WAAW,OAAO,oBAAoB,KAAK,IAAI,GAAG;AAClE,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,UACP,mBAAmB;AAAA,UACnB,cAAc;AAAA,QAChB;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,mBAAmB,QAAQ;AAAA,MAC7B;AAAA,IACF;AAEA,UAAM,EAAE,aAAa,IAAI,MAAM,cAAc,KAAK;AAGlD,WAAO,EAAE,SAAS,MAAM,aAAa;AAAA,EACvC,SAAS,OAAO;AACd,YAAQ,MAAM,gBAAgB,KAAK;AACnC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,MACP,mBAAmB;AAAA,IACrB;AAAA,EACF;AACF;AAkBA,eAAsB,2BACpB,SAKsB;AACtB,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,mCAAmC;AAAA,MAC9D,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO,QAAQ;AAAA,QACf,YAAY,QAAQ;AAAA,MACtB,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,YAAY,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AACxD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO;AAAA,QACP,mBAAmB,UAAU,qBAAqB;AAAA,MACpD;AAAA,IACF;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,eAAe,KAAK;AAAA,MACpB,aAAa,KAAK;AAAA,IACpB;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,8BAA8B,KAAK;AACjD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,MACP,mBAAmB;AAAA,IACrB;AAAA,EACF;AACF;AAWA,eAAsB,2BACpB,aACqD;AACrD,SAAO,EAAE,SAAS,MAAM,cAAc,YAAY;AACpD;AAQA,eAAsB,iBACpB,aACA,cAC+B;AAC/B,MAAI;AACF,UAAM,MAAM,+BAA+B;AAAA,MACzC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU;AAAA,QACnB,cAAc;AAAA,QACd,eAAe;AAAA,MACjB,CAAC;AAAA,IACH,CAAC;AAED,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB,SAAS,OAAO;AACd,YAAQ,MAAM,8BAA8B,KAAK;AACjD,WAAO,EAAE,SAAS,MAAM;AAAA,EAC1B;AACF;AAmBA,eAAsB,OAAO,SAAmD;AAC9E,MAAI;AAEF,UAAM,EAAE,WAAW,IAAI,MAAM,OAAO,iBAAiB;AACrD,UAAM,UAAe,MAAM,WAAW;AAGtC,QAAI,SAAS,aAAa;AACxB,YAAM,MAAM,oBAAoB;AAAA,QAC9B,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,iBAAiB,UAAU,QAAQ,WAAW;AAAA,QAChD;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,uCAAuC,KAAK;AAAA,EAE5D;AAGA,QAAM,EAAE,SAAAC,SAAQ,IAAI,MAAM,OAAO,iBAAiB;AAGlD,QAAMA,SAAQ;AAAA,IACZ,aAAa,SAAS,eAAe;AAAA,IACrC,UAAU;AAAA,EACZ,CAAC;AACH;","names":["signIn","signOut","useSession","signIn","signOut","signIn","signOut","signOut"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@oauth42/next",
-  "version": "0.2.3",
+  "version": "0.2.4",
   "description": "Official OAuth42 SDK for Next.js applications",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -33,6 +33,7 @@
   },
   "files": [
     "dist",
+    "src/types",
     "README.md",
     "LICENSE"
   ],

package/src/types/index.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import { DefaultSession } from 'next-auth';
+declare module 'next-auth' {
+  interface Session extends DefaultSession {
+    accessToken?: string;
+    idToken?: string;
+    user?: {
+      id?: string;
+      email?: string | null;
+      name?: string | null;
+      image?: string | null;
+      username?: string;
+      emailVerified?: boolean;
+    };
+  }
+  interface JWT {
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    expiresAt?: number;
+    username?: string;
+    emailVerified?: boolean;
+    error?: string;
+  }
+}
+export interface OAuth42Config {
+  clientId: string;
+  clientSecret?: string;
+  issuer?: string;
+  authorizationUrl?: string;
+  tokenUrl?: string;
+  userinfoUrl?: string;
+  jwksUrl?: string;
+  scopes?: string[];
+  pkceEnabled?: boolean;
+  debug?: boolean;
+}
+export interface OAuth42TokenResponse {
+  access_token: string;
+  token_type: string;
+  expires_in: number;
+  refresh_token?: string;
+  id_token?: string;
+  scope?: string;
+}
+export interface OAuth42UserInfo {
+  sub: string;
+  email: string;
+  email_verified?: boolean;
+  name?: string;
+  given_name?: string;
+  family_name?: string;
+  picture?: string;
+  username?: string;
+  phone?: string;
+  address?: {
+    street_address?: string;
+    locality?: string;
+    region?: string;
+    postal_code?: string;
+    country?: string;
+  };
+}
+export interface OAuth42Error {
+  error: string;
+  error_description?: string;
+  error_uri?: string;
+}

package/src/types/next-auth.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import "next-auth"
+import "next-auth/jwt"
+declare module "next-auth" {
+  interface Session {
+    accessToken?: string
+    idToken?: string
+    user?: {
+      email?: string | null
+      name?: string | null
+      image?: string | null
+      username?: string
+      emailVerified?: boolean
+    }
+  }
+}
+declare module "next-auth/jwt" {
+  interface JWT {
+    accessToken?: string
+    refreshToken?: string
+    idToken?: string
+    expiresAt?: number
+    email?: string
+    username?: string
+    emailVerified?: boolean
+  }
+}