@oauth42/next 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/client/index.d.mts +150 -1
  2. package/dist/client/index.d.ts +150 -1
  3. package/dist/client/index.js +145 -2
  4. package/dist/client/index.js.map +1 -1
  5. package/dist/client/index.mjs +129 -2
  6. package/dist/client/index.mjs.map +1 -1
  7. package/dist/index.js +1 -0
  8. package/dist/index.js.map +1 -1
  9. package/dist/index.mjs +1 -0
  10. package/dist/index.mjs.map +1 -1
  11. package/dist/server/index.js +1 -0
  12. package/dist/server/index.js.map +1 -1
  13. package/dist/server/index.mjs +1 -0
  14. package/dist/server/index.mjs.map +1 -1
  15. package/package.json +2 -1
  16. package/src/types/index.ts +73 -0
  17. package/src/types/next-auth.d.ts +28 -0
package/dist/server/index.mjs CHANGED
@@ -126,6 +126,7 @@ function createAuth(options = {}) {
126
126
  session.idToken = token.idToken;
127
127
  if (session.user) {
128
128
  session.user.email = token.email;
129
+ session.user.name = token.name;
129
130
  session.user.username = token.username;
130
131
  session.user.emailVerified = token.emailVerified;
131
132
  }
package/dist/server/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/server/auth.ts","../../src/provider.ts","../../src/server/session.ts","../../src/server/index.ts","../../src/server/middleware.ts","../../src/server/hosted-auth-callback.ts"],"sourcesContent":["import NextAuthDefault from 'next-auth';\nimport type { NextAuthOptions } from 'next-auth';\nimport { OAuth42Provider, OAuth42Profile } from '../provider';\nimport { getOAuth42Session } from './session';\n\n// Handle both CommonJS and ESM exports\nconst NextAuth = (NextAuthDefault as any).default || NextAuthDefault;\n\nexport { type NextAuthOptions };\n\nexport interface CreateAuthOptions {\n clientId?: string;\n clientSecret?: string;\n issuer?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n debug?: boolean;\n callbacks?: NextAuthOptions['callbacks'];\n pages?: NextAuthOptions['pages'];\n session?: NextAuthOptions['session'];\n}\n\n/**\n * Create a pre-configured NextAuth instance for OAuth42\n * This provides a simplified setup with sensible defaults\n */\nexport function createAuth(options: CreateAuthOptions = {}) {\n const clientId = options.clientId || process.env.OAUTH42_CLIENT_ID;\n const clientSecret = options.clientSecret || process.env.OAUTH42_CLIENT_SECRET;\n \n if (!clientId || !clientSecret) {\n throw new Error(\n 'OAuth42 client credentials are required. ' +\n 'Set OAUTH42_CLIENT_ID and OAUTH42_CLIENT_SECRET environment variables ' +\n 'or pass them in the options.'\n );\n }\n \n const authOptions: NextAuthOptions = {\n providers: [\n OAuth42Provider({\n clientId,\n clientSecret,\n issuer: options.issuer,\n scopes: options.scopes,\n pkceEnabled: options.pkceEnabled,\n }),\n ],\n \n callbacks: {\n async jwt({ token, account, profile }) {\n // Store OAuth tokens in the JWT\n if (account) {\n token.accessToken = account.access_token;\n token.refreshToken = account.refresh_token;\n token.expiresAt = account.expires_at;\n token.idToken = account.id_token;\n }\n \n // Add user profile data\n if (profile) {\n const oauth42Profile = profile as OAuth42Profile;\n token.email = oauth42Profile.email;\n token.username = oauth42Profile.username;\n token.emailVerified = oauth42Profile.email_verified;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.jwt) {\n return options.callbacks.jwt({ token, account, profile } as any);\n }\n \n return token;\n },\n \n async session({ session, token }) {\n // Add OAuth42-specific data to session\n session.accessToken = token.accessToken as string;\n session.idToken = token.idToken as string;\n \n if (session.user) {\n session.user.email = token.email as string;\n session.user.username = token.username as string;\n session.user.emailVerified = token.emailVerified as boolean;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.session) {\n return options.callbacks.session({ session, token } as any);\n }\n \n return session;\n },\n \n ...options.callbacks,\n },\n \n pages: {\n signIn: '/auth/signin',\n signOut: '/auth/signout',\n error: '/auth/error',\n ...options.pages,\n },\n \n session: {\n strategy: 'jwt',\n ...options.session,\n },\n \n debug: options.debug || process.env.NODE_ENV === 'development',\n \n secret: process.env.NEXTAUTH_SECRET,\n };\n \n // Return the configuration and a function to create handlers\n return {\n auth: authOptions,\n handlers: NextAuth(authOptions),\n };\n}\n\n/**\n * Create NextAuth handlers for API routes\n */\nexport function createHandlers(authOptions: NextAuthOptions) {\n const handler = NextAuth(authOptions);\n return { GET: handler, POST: handler };\n}\n\n/**\n * Helper to get the current session server-side\n * @deprecated Use getOAuth42Session instead - this is now just an alias for backward compatibility\n * \n * This function is maintained for backward compatibility but internally\n * calls getOAuth42Session which properly handles both App Router and Pages Router\n */\nexport const getServerSession = getOAuth42Session;\n\n/**\n * Token refresh helper\n */\nexport async function refreshAccessToken(token: any, clientId: string, clientSecret: string, issuer?: string) {\n try {\n const baseUrl = issuer || process.env.OAUTH42_ISSUER || 'https://oauth42.com';\n const tokenUrl = `${baseUrl}/oauth2/token`;\n \n // In development, we need to handle self-signed certificates\n const fetchOptions: any = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: token.refreshToken,\n client_id: clientId,\n client_secret: clientSecret,\n }),\n };\n \n // Add agent for self-signed certificates in development\n if (process.env.NODE_ENV !== 'production' && tokenUrl.startsWith('https://')) {\n const https = await import('https');\n fetchOptions.agent = new https.Agent({\n rejectUnauthorized: false\n });\n }\n \n const response = await fetch(tokenUrl, fetchOptions);\n const refreshedTokens = await response.json();\n \n if (!response.ok) {\n throw refreshedTokens;\n }\n \n return {\n ...token,\n accessToken: refreshedTokens.access_token,\n refreshToken: refreshedTokens.refresh_token ?? token.refreshToken,\n // Store expiration time in seconds (Unix timestamp)\n expiresAt: Math.floor(Date.now() / 1000) + (refreshedTokens.expires_in || 3600),\n // Explicitly remove any error property on successful refresh\n error: undefined,\n };\n } catch (error) {\n console.error('Failed to refresh access token:', error);\n return {\n ...token,\n error: 'RefreshAccessTokenError',\n };\n }\n}","import type { OAuthConfig, OAuthUserConfig } from 'next-auth/providers/oauth';\n\nexport interface OAuth42Profile {\n sub: string;\n email: string;\n email_verified?: boolean;\n name?: string;\n given_name?: string;\n family_name?: string;\n picture?: string;\n username?: string;\n id?: string;\n}\n\nexport interface OAuth42ProviderOptions {\n clientId: string;\n clientSecret: string;\n issuer?: string;\n authorizationUrl?: string;\n tokenUrl?: string;\n userinfoUrl?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n}\n\nexport function OAuth42Provider<P extends OAuth42Profile>(\n options: OAuthUserConfig<P> & Partial<OAuth42ProviderOptions>\n): OAuthConfig<P> {\n const issuer = options.issuer || process.env.OAUTH42_ISSUER || 'https://oauth42.com';\n const baseUrl = issuer.replace(/\\/$/, '');\n \n return {\n id: 'oauth42',\n name: 'OAuth42',\n type: 'oauth',\n version: '2.0',\n \n // Use OIDC discovery to automatically find endpoints\n wellKnown: `${baseUrl}/.well-known/openid-configuration`,\n \n // Also set individual endpoints for compatibility\n authorization: {\n url: `${baseUrl}/oauth2/authorize`,\n params: {\n scope: (options.scopes || ['openid', 'profile', 'email']).join(' '),\n response_type: 'code',\n },\n },\n token: `${baseUrl}/oauth2/token`,\n userinfo: `${baseUrl}/oauth2/userinfo`,\n \n client: {\n id: options.clientId,\n secret: options.clientSecret,\n token_endpoint_auth_method: 'client_secret_post',\n id_token_signed_response_alg: 'HS256', // OAuth42 uses HS256 for ID tokens\n },\n \n issuer: baseUrl,\n \n checks: options.pkceEnabled !== false ? ['pkce', 'state'] : ['state'],\n \n profile(profile: OAuth42Profile, tokens: any) {\n return {\n id: profile.sub || profile.id || profile.email,\n email: profile.email,\n emailVerified: profile.email_verified ? new Date() : null,\n name: profile.name || `${profile.given_name || ''} ${profile.family_name || ''}`.trim(),\n image: profile.picture,\n };\n },\n \n style: {\n logo: '/oauth42-logo.svg',\n bg: '#1e40af',\n text: '#ffffff',\n },\n \n options,\n };\n}","import { getServerSession as getNextAuthSession } from 'next-auth';\nimport { NextAuthOptions } from 'next-auth';\nimport { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';\n\n/**\n * Get the OAuth42 session server-side\n * \n * This is the primary method for retrieving sessions in OAuth42 SDK.\n * Supports both Pages Router and App Router:\n * \n * App Router:\n * ```ts\n * const session = await getOAuth42Session(authOptions);\n * ```\n * \n * Pages Router:\n * ```ts\n * const session = await getOAuth42Session(req, res, authOptions);\n * ```\n */\nexport async function getOAuth42Session(\n ...args: \n | [GetServerSidePropsContext['req'], GetServerSidePropsContext['res'], NextAuthOptions]\n | [NextApiRequest, NextApiResponse, NextAuthOptions]\n | [NextAuthOptions]\n) {\n return getNextAuthSession(...args as any);\n}\n\n/**\n * Helper for protecting API routes\n */\nexport function withOAuth42Session(\n handler: (req: NextApiRequest, res: NextApiResponse, session: any) => Promise<void> | void,\n authOptions: NextAuthOptions\n) {\n return async (req: NextApiRequest, res: NextApiResponse) => {\n const session = await getOAuth42Session(req, res, authOptions);\n \n if (!session) {\n return res.status(401).json({ error: 'Unauthorized' });\n }\n \n return handler(req, res, session);\n };\n}\n\n/**\n * Helper for protecting server-side props\n */\nexport function withOAuth42ServerSideProps(\n getServerSideProps: (\n context: GetServerSidePropsContext,\n session: any\n ) => Promise<any>,\n authOptions: NextAuthOptions\n) {\n return async (context: GetServerSidePropsContext) => {\n const session = await getOAuth42Session(\n context.req,\n context.res,\n authOptions\n );\n \n if (!session) {\n return {\n redirect: {\n destination: '/auth/signin',\n permanent: false,\n },\n };\n }\n \n return getServerSideProps(context, session);\n };\n}","// Server-side exports\nexport { createAuth, createHandlers, getServerSession, refreshAccessToken } from './auth';\nexport type { CreateAuthOptions, NextAuthOptions } from './auth';\n\n// Re-export NextAuth from next-auth\nexport { default as NextAuth } from 'next-auth';\n\n// Re-export OAuth42Provider\nexport { OAuth42Provider } from '../provider';\n\nexport { withOAuth42Auth, createMiddlewareConfig } from './middleware';\nexport type { OAuth42AuthOptions } from './middleware';\n\nexport { getOAuth42Session, withOAuth42Session, withOAuth42ServerSideProps } from './session';\n\n// Hosted auth callback handler\nexport { createHostedAuthCallback } from './hosted-auth-callback';\nexport type { HostedAuthCallbackOptions } from './hosted-auth-callback';","import { NextRequest, NextResponse } from 'next/server';\nimport { getToken } from 'next-auth/jwt';\n\nexport interface OAuth42AuthOptions {\n pages?: {\n signIn?: string;\n error?: string;\n };\n callbacks?: {\n authorized?: (params: { token: any; req: NextRequest }) => boolean | Promise<boolean>;\n };\n protectedPaths?: string[];\n publicPaths?: string[];\n}\n\n/**\n * Middleware helper for protecting routes with OAuth42\n */\nexport function withOAuth42Auth(options: OAuth42AuthOptions = {}) {\n return async function middleware(req: NextRequest) {\n const token = await getToken({ \n req: req as any, \n secret: process.env.NEXTAUTH_SECRET \n });\n \n const pathname = req.nextUrl.pathname;\n \n // Check if path is explicitly public\n if (options.publicPaths?.some(path => pathname.startsWith(path))) {\n return NextResponse.next();\n }\n \n // Check if path needs protection\n const needsProtection = options.protectedPaths\n ? options.protectedPaths.some(path => pathname.startsWith(path))\n : true; // Default to protecting all paths\n \n if (!needsProtection) {\n return NextResponse.next();\n }\n \n // Check authorization\n let isAuthorized = !!token;\n \n if (options.callbacks?.authorized) {\n isAuthorized = await options.callbacks.authorized({ token, req });\n }\n \n if (!isAuthorized) {\n const signInUrl = options.pages?.signIn || '/auth/signin';\n const url = new URL(signInUrl, req.url);\n url.searchParams.set('callbackUrl', pathname);\n return NextResponse.redirect(url);\n }\n \n return NextResponse.next();\n };\n}\n\n/**\n * Helper to create middleware configuration\n */\nexport function createMiddlewareConfig(\n protectedPaths: string[] = ['/protected'],\n publicPaths: string[] = ['/auth', '/api/auth']\n) {\n return {\n matcher: [\n /*\n * Match all request paths except for the ones starting with:\n * - _next/static (static files)\n * - _next/image (image optimization files)\n * - favicon.ico (favicon file)\n * - public folder\n */\n '/((?!_next/static|_next/image|favicon.ico|public).*)',\n ],\n protectedPaths,\n publicPaths,\n };\n}","import { NextRequest, NextResponse } from 'next/server';\nimport https from 'https';\nimport { encode } from 'next-auth/jwt';\n\nexport interface HostedAuthCallbackOptions {\n /**\n * OAuth42 issuer URL (e.g., 'https://api.oauth42.com' or 'https://localhost:8443')\n */\n issuer?: string;\n\n /**\n * OAuth2 client ID\n */\n clientId?: string;\n\n /**\n * OAuth2 client secret\n */\n clientSecret?: string;\n\n /**\n * Application base URL (e.g., 'http://localhost:3000')\n */\n baseUrl?: string;\n\n /**\n * NextAuth secret for JWT encoding\n */\n nextAuthSecret?: string;\n\n /**\n * URL to redirect to after successful authentication\n * @default '/dashboard'\n */\n redirectUrl?: string;\n\n /**\n * URL to redirect to on error\n * @default '/'\n */\n errorUrl?: string;\n}\n\n/**\n * Creates a handler for OAuth42 hosted auth callback that integrates with NextAuth.\n *\n * This function handles the OAuth callback, exchanges the authorization code for tokens,\n * fetches user info, and creates a NextAuth-compatible session cookie.\n *\n * @example\n * ```typescript\n * // app/api/oauth/callback/route.ts\n * import { createHostedAuthCallback } from '@oauth42/next/server';\n *\n * export const GET = createHostedAuthCallback({\n * redirectUrl: '/dashboard',\n * });\n * ```\n */\nexport function createHostedAuthCallback(options: HostedAuthCallbackOptions = {}) {\n return async function GET(request: NextRequest) {\n const {\n issuer = process.env.OAUTH42_ISSUER || 'https://api.oauth42.com',\n clientId = process.env.OAUTH42_CLIENT_ID,\n clientSecret = process.env.OAUTH42_CLIENT_SECRET,\n baseUrl = process.env.NEXTAUTH_URL,\n nextAuthSecret = process.env.NEXTAUTH_SECRET,\n redirectUrl = '/dashboard',\n errorUrl = '/',\n } = options;\n\n if (!clientId || !clientSecret) {\n console.error('OAuth42 client credentials are required');\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_credentials`, request.url));\n }\n\n if (!nextAuthSecret) {\n console.error('NEXTAUTH_SECRET is required');\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_secret`, request.url));\n }\n\n const searchParams = request.nextUrl.searchParams;\n const code = searchParams.get('code');\n\n if (!code) {\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_code`, request.url));\n }\n\n try {\n // Exchange authorization code for tokens\n const tokenEndpoint = `${issuer}/oauth2/token`;\n\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n redirect_uri: `${baseUrl}/api/oauth/callback`,\n client_id: clientId,\n client_secret: clientSecret,\n });\n\n // For development, use custom agent to disable SSL verification\n const fetchOptions: RequestInit = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: body.toString(),\n };\n\n if (process.env.NODE_ENV !== 'production') {\n const agent = new https.Agent({\n rejectUnauthorized: false,\n });\n (fetchOptions as any).agent = agent;\n }\n\n const tokenResponse = await fetch(tokenEndpoint, fetchOptions);\n const tokens = await tokenResponse.json();\n\n if (!tokenResponse.ok) {\n console.error('Token exchange failed:', tokens);\n return NextResponse.redirect(new URL(`${errorUrl}?error=token_exchange_failed`, request.url));\n }\n\n // Fetch user info\n const userInfoEndpoint = `${issuer}/oauth2/userinfo`;\n const userInfoResponse = await fetch(userInfoEndpoint, {\n headers: {\n 'Authorization': `Bearer ${tokens.access_token}`,\n },\n ...(process.env.NODE_ENV !== 'production' ? {\n agent: new https.Agent({ rejectUnauthorized: false })\n } as any : {})\n });\n\n const userInfo = await userInfoResponse.json();\n\n // Create NextAuth-compatible session token\n const sessionToken = await encode({\n token: {\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token,\n expiresAt: Math.floor(Date.now() / 1000) + (tokens.expires_in || 3600),\n idToken: tokens.id_token,\n email: userInfo.email,\n username: userInfo.username,\n name: userInfo.name,\n sub: userInfo.sub,\n },\n secret: nextAuthSecret,\n });\n\n const redirectResponse = NextResponse.redirect(new URL(redirectUrl, request.url));\n\n // Set NextAuth session cookie\n const cookieName = process.env.NODE_ENV === 'production'\n ? '__Secure-next-auth.session-token'\n : 'next-auth.session-token';\n\n redirectResponse.cookies.set(cookieName, sessionToken, {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'lax',\n maxAge: 60 * 60 * 24 * 30, // 30 days\n path: '/',\n });\n\n return redirectResponse;\n } catch (error) {\n console.error('OAuth callback error:', error);\n return NextResponse.redirect(new URL(`${errorUrl}?error=callback_failed`, request.url));\n }\n };\n}\n"],"mappings":";AAAA,OAAO,qBAAqB;;;ACyBrB,SAAS,gBACd,SACgB;AAChB,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,kBAAkB;AAC/D,QAAM,UAAU,OAAO,QAAQ,OAAO,EAAE;AAExC,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA;AAAA,IAGT,WAAW,GAAG,OAAO;AAAA;AAAA,IAGrB,eAAe;AAAA,MACb,KAAK,GAAG,OAAO;AAAA,MACf,QAAQ;AAAA,QACN,QAAQ,QAAQ,UAAU,CAAC,UAAU,WAAW,OAAO,GAAG,KAAK,GAAG;AAAA,QAClE,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,IACA,OAAO,GAAG,OAAO;AAAA,IACjB,UAAU,GAAG,OAAO;AAAA,IAEpB,QAAQ;AAAA,MACN,IAAI,QAAQ;AAAA,MACZ,QAAQ,QAAQ;AAAA,MAChB,4BAA4B;AAAA,MAC5B,8BAA8B;AAAA;AAAA,IAChC;AAAA,IAEA,QAAQ;AAAA,IAER,QAAQ,QAAQ,gBAAgB,QAAQ,CAAC,QAAQ,OAAO,IAAI,CAAC,OAAO;AAAA,IAEpE,QAAQ,SAAyB,QAAa;AAC5C,aAAO;AAAA,QACL,IAAI,QAAQ,OAAO,QAAQ,MAAM,QAAQ;AAAA,QACzC,OAAO,QAAQ;AAAA,QACf,eAAe,QAAQ,iBAAiB,oBAAI,KAAK,IAAI;AAAA,QACrD,MAAM,QAAQ,QAAQ,GAAG,QAAQ,cAAc,EAAE,IAAI,QAAQ,eAAe,EAAE,GAAG,KAAK;AAAA,QACtF,OAAO,QAAQ;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,IAAI;AAAA,MACJ,MAAM;AAAA,IACR;AAAA,IAEA;AAAA,EACF;AACF;;;AChFA,SAAS,oBAAoB,0BAA0B;AAoBvD,eAAsB,qBACjB,MAIH;AACA,SAAO,mBAAmB,GAAG,IAAW;AAC1C;AAKO,SAAS,mBACd,SACA,aACA;AACA,SAAO,OAAO,KAAqB,QAAyB;AAC1D,UAAM,UAAU,MAAM,kBAAkB,KAAK,KAAK,WAAW;AAE7D,QAAI,CAAC,SAAS;AACZ,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,IACvD;AAEA,WAAO,QAAQ,KAAK,KAAK,OAAO;AAAA,EAClC;AACF;AAKO,SAAS,2BACd,oBAIA,aACA;AACA,SAAO,OAAO,YAAuC;AACnD,UAAM,UAAU,MAAM;AAAA,MACpB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF;AAEA,WAAO,mBAAmB,SAAS,OAAO;AAAA,EAC5C;AACF;;;AFrEA,IAAM,WAAY,gBAAwB,WAAW;AAoB9C,SAAS,WAAW,UAA6B,CAAC,GAAG;AAC1D,QAAM,WAAW,QAAQ,YAAY,QAAQ,IAAI;AACjD,QAAM,eAAe,QAAQ,gBAAgB,QAAQ,IAAI;AAEzD,MAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,UAAM,IAAI;AAAA,MACR;AAAA,IAGF;AAAA,EACF;AAEA,QAAM,cAA+B;AAAA,IACnC,WAAW;AAAA,MACT,gBAAgB;AAAA,QACd;AAAA,QACA;AAAA,QACA,QAAQ,QAAQ;AAAA,QAChB,QAAQ,QAAQ;AAAA,QAChB,aAAa,QAAQ;AAAA,MACvB,CAAC;AAAA,IACH;AAAA,IAEA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,SAAS,QAAQ,GAAG;AAErC,YAAI,SAAS;AACX,gBAAM,cAAc,QAAQ;AAC5B,gBAAM,eAAe,QAAQ;AAC7B,gBAAM,YAAY,QAAQ;AAC1B,gBAAM,UAAU,QAAQ;AAAA,QAC1B;AAGA,YAAI,SAAS;AACX,gBAAM,iBAAiB;AACvB,gBAAM,QAAQ,eAAe;AAC7B,gBAAM,WAAW,eAAe;AAChC,gBAAM,gBAAgB,eAAe;AAAA,QACvC;AAGA,YAAI,QAAQ,WAAW,KAAK;AAC1B,iBAAO,QAAQ,UAAU,IAAI,EAAE,OAAO,SAAS,QAAQ,CAAQ;AAAA,QACjE;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAEhC,gBAAQ,cAAc,MAAM;AAC5B,gBAAQ,UAAU,MAAM;AAExB,YAAI,QAAQ,MAAM;AAChB,kBAAQ,KAAK,QAAQ,MAAM;AAC3B,kBAAQ,KAAK,WAAW,MAAM;AAC9B,kBAAQ,KAAK,gBAAgB,MAAM;AAAA,QACrC;AAGA,YAAI,QAAQ,WAAW,SAAS;AAC9B,iBAAO,QAAQ,UAAU,QAAQ,EAAE,SAAS,MAAM,CAAQ;AAAA,QAC5D;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAO;AAAA,MACP,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,SAAS;AAAA,MACP,UAAU;AAAA,MACV,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAAA,IAEjD,QAAQ,QAAQ,IAAI;AAAA,EACtB;AAGA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,SAAS,WAAW;AAAA,EAChC;AACF;AAKO,SAAS,eAAe,aAA8B;AAC3D,QAAM,UAAU,SAAS,WAAW;AACpC,SAAO,EAAE,KAAK,SAAS,MAAM,QAAQ;AACvC;AASO,IAAM,mBAAmB;AAKhC,eAAsB,mBAAmB,OAAY,UAAkB,cAAsB,QAAiB;AAC5G,MAAI;AACF,UAAM,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AACxD,UAAM,WAAW,GAAG,OAAO;AAG3B,UAAM,eAAoB;AAAA,MACxB,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,IAAI,gBAAgB;AAAA,QACxB,YAAY;AAAA,QACZ,eAAe,MAAM;AAAA,QACrB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAAA,IACH;AAGA,QAAI,QAAQ,IAAI,aAAa,gBAAgB,SAAS,WAAW,UAAU,GAAG;AAC5E,YAAMA,SAAQ,MAAM,OAAO,OAAO;AAClC,mBAAa,QAAQ,IAAIA,OAAM,MAAM;AAAA,QACnC,oBAAoB;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,UAAM,WAAW,MAAM,MAAM,UAAU,YAAY;AACnD,UAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,MACL,GAAG;AAAA,MACH,aAAa,gBAAgB;AAAA,MAC7B,cAAc,gBAAgB,iBAAiB,MAAM;AAAA;AAAA,MAErD,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,gBAAgB,cAAc;AAAA;AAAA,MAE1E,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,mCAAmC,KAAK;AACtD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AG1LA,SAAoB,WAAXC,gBAA2B;;;ACLpC,SAAsB,oBAAoB;AAC1C,SAAS,gBAAgB;AAiBlB,SAAS,gBAAgB,UAA8B,CAAC,GAAG;AAChE,SAAO,eAAe,WAAW,KAAkB;AACjD,UAAM,QAAQ,MAAM,SAAS;AAAA,MAC3B;AAAA,MACA,QAAQ,QAAQ,IAAI;AAAA,IACtB,CAAC;AAED,UAAM,WAAW,IAAI,QAAQ;AAG7B,QAAI,QAAQ,aAAa,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,GAAG;AAChE,aAAO,aAAa,KAAK;AAAA,IAC3B;AAGA,UAAM,kBAAkB,QAAQ,iBAC5B,QAAQ,eAAe,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,IAC7D;AAEJ,QAAI,CAAC,iBAAiB;AACpB,aAAO,aAAa,KAAK;AAAA,IAC3B;AAGA,QAAI,eAAe,CAAC,CAAC;AAErB,QAAI,QAAQ,WAAW,YAAY;AACjC,qBAAe,MAAM,QAAQ,UAAU,WAAW,EAAE,OAAO,IAAI,CAAC;AAAA,IAClE;AAEA,QAAI,CAAC,cAAc;AACjB,YAAM,YAAY,QAAQ,OAAO,UAAU;AAC3C,YAAM,MAAM,IAAI,IAAI,WAAW,IAAI,GAAG;AACtC,UAAI,aAAa,IAAI,eAAe,QAAQ;AAC5C,aAAO,aAAa,SAAS,GAAG;AAAA,IAClC;AAEA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAKO,SAAS,uBACd,iBAA2B,CAAC,YAAY,GACxC,cAAwB,CAAC,SAAS,WAAW,GAC7C;AACA,SAAO;AAAA,IACL,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAQP;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AChFA,SAAsB,gBAAAC,qBAAoB;AAC1C,OAAO,WAAW;AAClB,SAAS,cAAc;AAyDhB,SAAS,yBAAyB,UAAqC,CAAC,GAAG;AAChF,SAAO,eAAe,IAAI,SAAsB;AAC9C,UAAM;AAAA,MACJ,SAAS,QAAQ,IAAI,kBAAkB;AAAA,MACvC,WAAW,QAAQ,IAAI;AAAA,MACvB,eAAe,QAAQ,IAAI;AAAA,MAC3B,UAAU,QAAQ,IAAI;AAAA,MACtB,iBAAiB,QAAQ,IAAI;AAAA,MAC7B,cAAc;AAAA,MACd,WAAW;AAAA,IACb,IAAI;AAEJ,QAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,cAAQ,MAAM,yCAAyC;AACvD,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,8BAA8B,QAAQ,GAAG,CAAC;AAAA,IAC5F;AAEA,QAAI,CAAC,gBAAgB;AACnB,cAAQ,MAAM,6BAA6B;AAC3C,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,yBAAyB,QAAQ,GAAG,CAAC;AAAA,IACvF;AAEA,UAAM,eAAe,QAAQ,QAAQ;AACrC,UAAM,OAAO,aAAa,IAAI,MAAM;AAEpC,QAAI,CAAC,MAAM;AACT,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,uBAAuB,QAAQ,GAAG,CAAC;AAAA,IACrF;AAEA,QAAI;AAEF,YAAM,gBAAgB,GAAG,MAAM;AAE/B,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,YAAY;AAAA,QACZ;AAAA,QACA,cAAc,GAAG,OAAO;AAAA,QACxB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAGD,YAAM,eAA4B;AAAA,QAChC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA,MAAM,KAAK,SAAS;AAAA,MACtB;AAEA,UAAI,QAAQ,IAAI,aAAa,cAAc;AACzC,cAAM,QAAQ,IAAI,MAAM,MAAM;AAAA,UAC5B,oBAAoB;AAAA,QACtB,CAAC;AACD,QAAC,aAAqB,QAAQ;AAAA,MAChC;AAEA,YAAM,gBAAgB,MAAM,MAAM,eAAe,YAAY;AAC7D,YAAM,SAAS,MAAM,cAAc,KAAK;AAExC,UAAI,CAAC,cAAc,IAAI;AACrB,gBAAQ,MAAM,0BAA0B,MAAM;AAC9C,eAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,gCAAgC,QAAQ,GAAG,CAAC;AAAA,MAC9F;AAGA,YAAM,mBAAmB,GAAG,MAAM;AAClC,YAAM,mBAAmB,MAAM,MAAM,kBAAkB;AAAA,QACrD,SAAS;AAAA,UACP,iBAAiB,UAAU,OAAO,YAAY;AAAA,QAChD;AAAA,QACA,GAAI,QAAQ,IAAI,aAAa,eAAe;AAAA,UAC1C,OAAO,IAAI,MAAM,MAAM,EAAE,oBAAoB,MAAM,CAAC;AAAA,QACtD,IAAW,CAAC;AAAA,MACd,CAAC;AAED,YAAM,WAAW,MAAM,iBAAiB,KAAK;AAG7C,YAAM,eAAe,MAAM,OAAO;AAAA,QAChC,OAAO;AAAA,UACL,aAAa,OAAO;AAAA,UACpB,cAAc,OAAO;AAAA,UACrB,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,cAAc;AAAA,UACjE,SAAS,OAAO;AAAA,UAChB,OAAO,SAAS;AAAA,UAChB,UAAU,SAAS;AAAA,UACnB,MAAM,SAAS;AAAA,UACf,KAAK,SAAS;AAAA,QAChB;AAAA,QACA,QAAQ;AAAA,MACV,CAAC;AAED,YAAM,mBAAmBA,cAAa,SAAS,IAAI,IAAI,aAAa,QAAQ,GAAG,CAAC;AAGhF,YAAM,aAAa,QAAQ,IAAI,aAAa,eACxC,qCACA;AAEJ,uBAAiB,QAAQ,IAAI,YAAY,cAAc;AAAA,QACrD,UAAU;AAAA,QACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,QACjC,UAAU;AAAA,QACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,QACvB,MAAM;AAAA,MACR,CAAC;AAED,aAAO;AAAA,IACT,SAAS,OAAO;AACd,cAAQ,MAAM,yBAAyB,KAAK;AAC5C,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,0BAA0B,QAAQ,GAAG,CAAC;AAAA,IACxF;AAAA,EACF;AACF;","names":["https","default","NextResponse"]}
1
+ {"version":3,"sources":["../../src/server/auth.ts","../../src/provider.ts","../../src/server/session.ts","../../src/server/index.ts","../../src/server/middleware.ts","../../src/server/hosted-auth-callback.ts"],"sourcesContent":["import NextAuthDefault from 'next-auth';\nimport type { NextAuthOptions } from 'next-auth';\nimport { OAuth42Provider, OAuth42Profile } from '../provider';\nimport { getOAuth42Session } from './session';\n\n// Handle both CommonJS and ESM exports\nconst NextAuth = (NextAuthDefault as any).default || NextAuthDefault;\n\nexport { type NextAuthOptions };\n\nexport interface CreateAuthOptions {\n clientId?: string;\n clientSecret?: string;\n issuer?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n debug?: boolean;\n callbacks?: NextAuthOptions['callbacks'];\n pages?: NextAuthOptions['pages'];\n session?: NextAuthOptions['session'];\n}\n\n/**\n * Create a pre-configured NextAuth instance for OAuth42\n * This provides a simplified setup with sensible defaults\n */\nexport function createAuth(options: CreateAuthOptions = {}) {\n const clientId = options.clientId || process.env.OAUTH42_CLIENT_ID;\n const clientSecret = options.clientSecret || process.env.OAUTH42_CLIENT_SECRET;\n \n if (!clientId || !clientSecret) {\n throw new Error(\n 'OAuth42 client credentials are required. ' +\n 'Set OAUTH42_CLIENT_ID and OAUTH42_CLIENT_SECRET environment variables ' +\n 'or pass them in the options.'\n );\n }\n \n const authOptions: NextAuthOptions = {\n providers: [\n OAuth42Provider({\n clientId,\n clientSecret,\n issuer: options.issuer,\n scopes: options.scopes,\n pkceEnabled: options.pkceEnabled,\n }),\n ],\n \n callbacks: {\n async jwt({ token, account, profile }) {\n // Store OAuth tokens in the JWT\n if (account) {\n token.accessToken = account.access_token;\n token.refreshToken = account.refresh_token;\n token.expiresAt = account.expires_at;\n token.idToken = account.id_token;\n }\n \n // Add user profile data\n if (profile) {\n const oauth42Profile = profile as OAuth42Profile;\n token.email = oauth42Profile.email;\n token.username = oauth42Profile.username;\n token.emailVerified = oauth42Profile.email_verified;\n }\n \n // Call custom callback if provided\n if (options.callbacks?.jwt) {\n return options.callbacks.jwt({ token, account, profile } as any);\n }\n \n return token;\n },\n \n async session({ session, token }) {\n // Add OAuth42-specific data to session\n session.accessToken = token.accessToken as string;\n session.idToken = token.idToken as string;\n\n if (session.user) {\n session.user.email = token.email as string;\n session.user.name = token.name as string;\n session.user.username = token.username as string;\n session.user.emailVerified = token.emailVerified as boolean;\n }\n\n // Call custom callback if provided\n if (options.callbacks?.session) {\n return options.callbacks.session({ session, token } as any);\n }\n\n return session;\n },\n \n ...options.callbacks,\n },\n \n pages: {\n signIn: '/auth/signin',\n signOut: '/auth/signout',\n error: '/auth/error',\n ...options.pages,\n },\n \n session: {\n strategy: 'jwt',\n ...options.session,\n },\n \n debug: options.debug || process.env.NODE_ENV === 'development',\n \n secret: process.env.NEXTAUTH_SECRET,\n };\n \n // Return the configuration and a function to create handlers\n return {\n auth: authOptions,\n handlers: NextAuth(authOptions),\n };\n}\n\n/**\n * Create NextAuth handlers for API routes\n */\nexport function createHandlers(authOptions: NextAuthOptions) {\n const handler = NextAuth(authOptions);\n return { GET: handler, POST: handler };\n}\n\n/**\n * Helper to get the current session server-side\n * @deprecated Use getOAuth42Session instead - this is now just an alias for backward compatibility\n * \n * This function is maintained for backward compatibility but internally\n * calls getOAuth42Session which properly handles both App Router and Pages Router\n */\nexport const getServerSession = getOAuth42Session;\n\n/**\n * Token refresh helper\n */\nexport async function refreshAccessToken(token: any, clientId: string, clientSecret: string, issuer?: string) {\n try {\n const baseUrl = issuer || process.env.OAUTH42_ISSUER || 'https://oauth42.com';\n const tokenUrl = `${baseUrl}/oauth2/token`;\n \n // In development, we need to handle self-signed certificates\n const fetchOptions: any = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: token.refreshToken,\n client_id: clientId,\n client_secret: clientSecret,\n }),\n };\n \n // Add agent for self-signed certificates in development\n if (process.env.NODE_ENV !== 'production' && tokenUrl.startsWith('https://')) {\n const https = await import('https');\n fetchOptions.agent = new https.Agent({\n rejectUnauthorized: false\n });\n }\n \n const response = await fetch(tokenUrl, fetchOptions);\n const refreshedTokens = await response.json();\n \n if (!response.ok) {\n throw refreshedTokens;\n }\n \n return {\n ...token,\n accessToken: refreshedTokens.access_token,\n refreshToken: refreshedTokens.refresh_token ?? token.refreshToken,\n // Store expiration time in seconds (Unix timestamp)\n expiresAt: Math.floor(Date.now() / 1000) + (refreshedTokens.expires_in || 3600),\n // Explicitly remove any error property on successful refresh\n error: undefined,\n };\n } catch (error) {\n console.error('Failed to refresh access token:', error);\n return {\n ...token,\n error: 'RefreshAccessTokenError',\n };\n }\n}","import type { OAuthConfig, OAuthUserConfig } from 'next-auth/providers/oauth';\n\nexport interface OAuth42Profile {\n sub: string;\n email: string;\n email_verified?: boolean;\n name?: string;\n given_name?: string;\n family_name?: string;\n picture?: string;\n username?: string;\n id?: string;\n}\n\nexport interface OAuth42ProviderOptions {\n clientId: string;\n clientSecret: string;\n issuer?: string;\n authorizationUrl?: string;\n tokenUrl?: string;\n userinfoUrl?: string;\n scopes?: string[];\n pkceEnabled?: boolean;\n}\n\nexport function OAuth42Provider<P extends OAuth42Profile>(\n options: OAuthUserConfig<P> & Partial<OAuth42ProviderOptions>\n): OAuthConfig<P> {\n const issuer = options.issuer || process.env.OAUTH42_ISSUER || 'https://oauth42.com';\n const baseUrl = issuer.replace(/\\/$/, '');\n \n return {\n id: 'oauth42',\n name: 'OAuth42',\n type: 'oauth',\n version: '2.0',\n \n // Use OIDC discovery to automatically find endpoints\n wellKnown: `${baseUrl}/.well-known/openid-configuration`,\n \n // Also set individual endpoints for compatibility\n authorization: {\n url: `${baseUrl}/oauth2/authorize`,\n params: {\n scope: (options.scopes || ['openid', 'profile', 'email']).join(' '),\n response_type: 'code',\n },\n },\n token: `${baseUrl}/oauth2/token`,\n userinfo: `${baseUrl}/oauth2/userinfo`,\n \n client: {\n id: options.clientId,\n secret: options.clientSecret,\n token_endpoint_auth_method: 'client_secret_post',\n id_token_signed_response_alg: 'HS256', // OAuth42 uses HS256 for ID tokens\n },\n \n issuer: baseUrl,\n \n checks: options.pkceEnabled !== false ? ['pkce', 'state'] : ['state'],\n \n profile(profile: OAuth42Profile, tokens: any) {\n return {\n id: profile.sub || profile.id || profile.email,\n email: profile.email,\n emailVerified: profile.email_verified ? new Date() : null,\n name: profile.name || `${profile.given_name || ''} ${profile.family_name || ''}`.trim(),\n image: profile.picture,\n };\n },\n \n style: {\n logo: '/oauth42-logo.svg',\n bg: '#1e40af',\n text: '#ffffff',\n },\n \n options,\n };\n}","import { getServerSession as getNextAuthSession } from 'next-auth';\nimport { NextAuthOptions } from 'next-auth';\nimport { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';\n\n/**\n * Get the OAuth42 session server-side\n * \n * This is the primary method for retrieving sessions in OAuth42 SDK.\n * Supports both Pages Router and App Router:\n * \n * App Router:\n * ```ts\n * const session = await getOAuth42Session(authOptions);\n * ```\n * \n * Pages Router:\n * ```ts\n * const session = await getOAuth42Session(req, res, authOptions);\n * ```\n */\nexport async function getOAuth42Session(\n ...args: \n | [GetServerSidePropsContext['req'], GetServerSidePropsContext['res'], NextAuthOptions]\n | [NextApiRequest, NextApiResponse, NextAuthOptions]\n | [NextAuthOptions]\n) {\n return getNextAuthSession(...args as any);\n}\n\n/**\n * Helper for protecting API routes\n */\nexport function withOAuth42Session(\n handler: (req: NextApiRequest, res: NextApiResponse, session: any) => Promise<void> | void,\n authOptions: NextAuthOptions\n) {\n return async (req: NextApiRequest, res: NextApiResponse) => {\n const session = await getOAuth42Session(req, res, authOptions);\n \n if (!session) {\n return res.status(401).json({ error: 'Unauthorized' });\n }\n \n return handler(req, res, session);\n };\n}\n\n/**\n * Helper for protecting server-side props\n */\nexport function withOAuth42ServerSideProps(\n getServerSideProps: (\n context: GetServerSidePropsContext,\n session: any\n ) => Promise<any>,\n authOptions: NextAuthOptions\n) {\n return async (context: GetServerSidePropsContext) => {\n const session = await getOAuth42Session(\n context.req,\n context.res,\n authOptions\n );\n \n if (!session) {\n return {\n redirect: {\n destination: '/auth/signin',\n permanent: false,\n },\n };\n }\n \n return getServerSideProps(context, session);\n };\n}","// Server-side exports\nexport { createAuth, createHandlers, getServerSession, refreshAccessToken } from './auth';\nexport type { CreateAuthOptions, NextAuthOptions } from './auth';\n\n// Re-export NextAuth from next-auth\nexport { default as NextAuth } from 'next-auth';\n\n// Re-export OAuth42Provider\nexport { OAuth42Provider } from '../provider';\n\nexport { withOAuth42Auth, createMiddlewareConfig } from './middleware';\nexport type { OAuth42AuthOptions } from './middleware';\n\nexport { getOAuth42Session, withOAuth42Session, withOAuth42ServerSideProps } from './session';\n\n// Hosted auth callback handler\nexport { createHostedAuthCallback } from './hosted-auth-callback';\nexport type { HostedAuthCallbackOptions } from './hosted-auth-callback';","import { NextRequest, NextResponse } from 'next/server';\nimport { getToken } from 'next-auth/jwt';\n\nexport interface OAuth42AuthOptions {\n pages?: {\n signIn?: string;\n error?: string;\n };\n callbacks?: {\n authorized?: (params: { token: any; req: NextRequest }) => boolean | Promise<boolean>;\n };\n protectedPaths?: string[];\n publicPaths?: string[];\n}\n\n/**\n * Middleware helper for protecting routes with OAuth42\n */\nexport function withOAuth42Auth(options: OAuth42AuthOptions = {}) {\n return async function middleware(req: NextRequest) {\n const token = await getToken({ \n req: req as any, \n secret: process.env.NEXTAUTH_SECRET \n });\n \n const pathname = req.nextUrl.pathname;\n \n // Check if path is explicitly public\n if (options.publicPaths?.some(path => pathname.startsWith(path))) {\n return NextResponse.next();\n }\n \n // Check if path needs protection\n const needsProtection = options.protectedPaths\n ? options.protectedPaths.some(path => pathname.startsWith(path))\n : true; // Default to protecting all paths\n \n if (!needsProtection) {\n return NextResponse.next();\n }\n \n // Check authorization\n let isAuthorized = !!token;\n \n if (options.callbacks?.authorized) {\n isAuthorized = await options.callbacks.authorized({ token, req });\n }\n \n if (!isAuthorized) {\n const signInUrl = options.pages?.signIn || '/auth/signin';\n const url = new URL(signInUrl, req.url);\n url.searchParams.set('callbackUrl', pathname);\n return NextResponse.redirect(url);\n }\n \n return NextResponse.next();\n };\n}\n\n/**\n * Helper to create middleware configuration\n */\nexport function createMiddlewareConfig(\n protectedPaths: string[] = ['/protected'],\n publicPaths: string[] = ['/auth', '/api/auth']\n) {\n return {\n matcher: [\n /*\n * Match all request paths except for the ones starting with:\n * - _next/static (static files)\n * - _next/image (image optimization files)\n * - favicon.ico (favicon file)\n * - public folder\n */\n '/((?!_next/static|_next/image|favicon.ico|public).*)',\n ],\n protectedPaths,\n publicPaths,\n };\n}","import { NextRequest, NextResponse } from 'next/server';\nimport https from 'https';\nimport { encode } from 'next-auth/jwt';\n\nexport interface HostedAuthCallbackOptions {\n /**\n * OAuth42 issuer URL (e.g., 'https://api.oauth42.com' or 'https://localhost:8443')\n */\n issuer?: string;\n\n /**\n * OAuth2 client ID\n */\n clientId?: string;\n\n /**\n * OAuth2 client secret\n */\n clientSecret?: string;\n\n /**\n * Application base URL (e.g., 'http://localhost:3000')\n */\n baseUrl?: string;\n\n /**\n * NextAuth secret for JWT encoding\n */\n nextAuthSecret?: string;\n\n /**\n * URL to redirect to after successful authentication\n * @default '/dashboard'\n */\n redirectUrl?: string;\n\n /**\n * URL to redirect to on error\n * @default '/'\n */\n errorUrl?: string;\n}\n\n/**\n * Creates a handler for OAuth42 hosted auth callback that integrates with NextAuth.\n *\n * This function handles the OAuth callback, exchanges the authorization code for tokens,\n * fetches user info, and creates a NextAuth-compatible session cookie.\n *\n * @example\n * ```typescript\n * // app/api/oauth/callback/route.ts\n * import { createHostedAuthCallback } from '@oauth42/next/server';\n *\n * export const GET = createHostedAuthCallback({\n * redirectUrl: '/dashboard',\n * });\n * ```\n */\nexport function createHostedAuthCallback(options: HostedAuthCallbackOptions = {}) {\n return async function GET(request: NextRequest) {\n const {\n issuer = process.env.OAUTH42_ISSUER || 'https://api.oauth42.com',\n clientId = process.env.OAUTH42_CLIENT_ID,\n clientSecret = process.env.OAUTH42_CLIENT_SECRET,\n baseUrl = process.env.NEXTAUTH_URL,\n nextAuthSecret = process.env.NEXTAUTH_SECRET,\n redirectUrl = '/dashboard',\n errorUrl = '/',\n } = options;\n\n if (!clientId || !clientSecret) {\n console.error('OAuth42 client credentials are required');\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_credentials`, request.url));\n }\n\n if (!nextAuthSecret) {\n console.error('NEXTAUTH_SECRET is required');\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_secret`, request.url));\n }\n\n const searchParams = request.nextUrl.searchParams;\n const code = searchParams.get('code');\n\n if (!code) {\n return NextResponse.redirect(new URL(`${errorUrl}?error=missing_code`, request.url));\n }\n\n try {\n // Exchange authorization code for tokens\n const tokenEndpoint = `${issuer}/oauth2/token`;\n\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n redirect_uri: `${baseUrl}/api/oauth/callback`,\n client_id: clientId,\n client_secret: clientSecret,\n });\n\n // For development, use custom agent to disable SSL verification\n const fetchOptions: RequestInit = {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n body: body.toString(),\n };\n\n if (process.env.NODE_ENV !== 'production') {\n const agent = new https.Agent({\n rejectUnauthorized: false,\n });\n (fetchOptions as any).agent = agent;\n }\n\n const tokenResponse = await fetch(tokenEndpoint, fetchOptions);\n const tokens = await tokenResponse.json();\n\n if (!tokenResponse.ok) {\n console.error('Token exchange failed:', tokens);\n return NextResponse.redirect(new URL(`${errorUrl}?error=token_exchange_failed`, request.url));\n }\n\n // Fetch user info\n const userInfoEndpoint = `${issuer}/oauth2/userinfo`;\n const userInfoResponse = await fetch(userInfoEndpoint, {\n headers: {\n 'Authorization': `Bearer ${tokens.access_token}`,\n },\n ...(process.env.NODE_ENV !== 'production' ? {\n agent: new https.Agent({ rejectUnauthorized: false })\n } as any : {})\n });\n\n const userInfo = await userInfoResponse.json();\n\n // Create NextAuth-compatible session token\n const sessionToken = await encode({\n token: {\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token,\n expiresAt: Math.floor(Date.now() / 1000) + (tokens.expires_in || 3600),\n idToken: tokens.id_token,\n email: userInfo.email,\n username: userInfo.username,\n name: userInfo.name,\n sub: userInfo.sub,\n },\n secret: nextAuthSecret,\n });\n\n const redirectResponse = NextResponse.redirect(new URL(redirectUrl, request.url));\n\n // Set NextAuth session cookie\n const cookieName = process.env.NODE_ENV === 'production'\n ? '__Secure-next-auth.session-token'\n : 'next-auth.session-token';\n\n redirectResponse.cookies.set(cookieName, sessionToken, {\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'lax',\n maxAge: 60 * 60 * 24 * 30, // 30 days\n path: '/',\n });\n\n return redirectResponse;\n } catch (error) {\n console.error('OAuth callback error:', error);\n return NextResponse.redirect(new URL(`${errorUrl}?error=callback_failed`, request.url));\n }\n };\n}\n"],"mappings":";AAAA,OAAO,qBAAqB;;;ACyBrB,SAAS,gBACd,SACgB;AAChB,QAAM,SAAS,QAAQ,UAAU,QAAQ,IAAI,kBAAkB;AAC/D,QAAM,UAAU,OAAO,QAAQ,OAAO,EAAE;AAExC,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA;AAAA,IAGT,WAAW,GAAG,OAAO;AAAA;AAAA,IAGrB,eAAe;AAAA,MACb,KAAK,GAAG,OAAO;AAAA,MACf,QAAQ;AAAA,QACN,QAAQ,QAAQ,UAAU,CAAC,UAAU,WAAW,OAAO,GAAG,KAAK,GAAG;AAAA,QAClE,eAAe;AAAA,MACjB;AAAA,IACF;AAAA,IACA,OAAO,GAAG,OAAO;AAAA,IACjB,UAAU,GAAG,OAAO;AAAA,IAEpB,QAAQ;AAAA,MACN,IAAI,QAAQ;AAAA,MACZ,QAAQ,QAAQ;AAAA,MAChB,4BAA4B;AAAA,MAC5B,8BAA8B;AAAA;AAAA,IAChC;AAAA,IAEA,QAAQ;AAAA,IAER,QAAQ,QAAQ,gBAAgB,QAAQ,CAAC,QAAQ,OAAO,IAAI,CAAC,OAAO;AAAA,IAEpE,QAAQ,SAAyB,QAAa;AAC5C,aAAO;AAAA,QACL,IAAI,QAAQ,OAAO,QAAQ,MAAM,QAAQ;AAAA,QACzC,OAAO,QAAQ;AAAA,QACf,eAAe,QAAQ,iBAAiB,oBAAI,KAAK,IAAI;AAAA,QACrD,MAAM,QAAQ,QAAQ,GAAG,QAAQ,cAAc,EAAE,IAAI,QAAQ,eAAe,EAAE,GAAG,KAAK;AAAA,QACtF,OAAO,QAAQ;AAAA,MACjB;AAAA,IACF;AAAA,IAEA,OAAO;AAAA,MACL,MAAM;AAAA,MACN,IAAI;AAAA,MACJ,MAAM;AAAA,IACR;AAAA,IAEA;AAAA,EACF;AACF;;;AChFA,SAAS,oBAAoB,0BAA0B;AAoBvD,eAAsB,qBACjB,MAIH;AACA,SAAO,mBAAmB,GAAG,IAAW;AAC1C;AAKO,SAAS,mBACd,SACA,aACA;AACA,SAAO,OAAO,KAAqB,QAAyB;AAC1D,UAAM,UAAU,MAAM,kBAAkB,KAAK,KAAK,WAAW;AAE7D,QAAI,CAAC,SAAS;AACZ,aAAO,IAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,eAAe,CAAC;AAAA,IACvD;AAEA,WAAO,QAAQ,KAAK,KAAK,OAAO;AAAA,EAClC;AACF;AAKO,SAAS,2BACd,oBAIA,aACA;AACA,SAAO,OAAO,YAAuC;AACnD,UAAM,UAAU,MAAM;AAAA,MACpB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,IACF;AAEA,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,QACL,UAAU;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,IACF;AAEA,WAAO,mBAAmB,SAAS,OAAO;AAAA,EAC5C;AACF;;;AFrEA,IAAM,WAAY,gBAAwB,WAAW;AAoB9C,SAAS,WAAW,UAA6B,CAAC,GAAG;AAC1D,QAAM,WAAW,QAAQ,YAAY,QAAQ,IAAI;AACjD,QAAM,eAAe,QAAQ,gBAAgB,QAAQ,IAAI;AAEzD,MAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,UAAM,IAAI;AAAA,MACR;AAAA,IAGF;AAAA,EACF;AAEA,QAAM,cAA+B;AAAA,IACnC,WAAW;AAAA,MACT,gBAAgB;AAAA,QACd;AAAA,QACA;AAAA,QACA,QAAQ,QAAQ;AAAA,QAChB,QAAQ,QAAQ;AAAA,QAChB,aAAa,QAAQ;AAAA,MACvB,CAAC;AAAA,IACH;AAAA,IAEA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,SAAS,QAAQ,GAAG;AAErC,YAAI,SAAS;AACX,gBAAM,cAAc,QAAQ;AAC5B,gBAAM,eAAe,QAAQ;AAC7B,gBAAM,YAAY,QAAQ;AAC1B,gBAAM,UAAU,QAAQ;AAAA,QAC1B;AAGA,YAAI,SAAS;AACX,gBAAM,iBAAiB;AACvB,gBAAM,QAAQ,eAAe;AAC7B,gBAAM,WAAW,eAAe;AAChC,gBAAM,gBAAgB,eAAe;AAAA,QACvC;AAGA,YAAI,QAAQ,WAAW,KAAK;AAC1B,iBAAO,QAAQ,UAAU,IAAI,EAAE,OAAO,SAAS,QAAQ,CAAQ;AAAA,QACjE;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAEhC,gBAAQ,cAAc,MAAM;AAC5B,gBAAQ,UAAU,MAAM;AAExB,YAAI,QAAQ,MAAM;AAChB,kBAAQ,KAAK,QAAQ,MAAM;AAC3B,kBAAQ,KAAK,OAAO,MAAM;AAC1B,kBAAQ,KAAK,WAAW,MAAM;AAC9B,kBAAQ,KAAK,gBAAgB,MAAM;AAAA,QACrC;AAGA,YAAI,QAAQ,WAAW,SAAS;AAC9B,iBAAO,QAAQ,UAAU,QAAQ,EAAE,SAAS,MAAM,CAAQ;AAAA,QAC5D;AAEA,eAAO;AAAA,MACT;AAAA,MAEA,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAO;AAAA,MACP,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,SAAS;AAAA,MACP,UAAU;AAAA,MACV,GAAG,QAAQ;AAAA,IACb;AAAA,IAEA,OAAO,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAAA,IAEjD,QAAQ,QAAQ,IAAI;AAAA,EACtB;AAGA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,SAAS,WAAW;AAAA,EAChC;AACF;AAKO,SAAS,eAAe,aAA8B;AAC3D,QAAM,UAAU,SAAS,WAAW;AACpC,SAAO,EAAE,KAAK,SAAS,MAAM,QAAQ;AACvC;AASO,IAAM,mBAAmB;AAKhC,eAAsB,mBAAmB,OAAY,UAAkB,cAAsB,QAAiB;AAC5G,MAAI;AACF,UAAM,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AACxD,UAAM,WAAW,GAAG,OAAO;AAG3B,UAAM,eAAoB;AAAA,MACxB,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,IAAI,gBAAgB;AAAA,QACxB,YAAY;AAAA,QACZ,eAAe,MAAM;AAAA,QACrB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAAA,IACH;AAGA,QAAI,QAAQ,IAAI,aAAa,gBAAgB,SAAS,WAAW,UAAU,GAAG;AAC5E,YAAMA,SAAQ,MAAM,OAAO,OAAO;AAClC,mBAAa,QAAQ,IAAIA,OAAM,MAAM;AAAA,QACnC,oBAAoB;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,UAAM,WAAW,MAAM,MAAM,UAAU,YAAY;AACnD,UAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,MACL,GAAG;AAAA,MACH,aAAa,gBAAgB;AAAA,MAC7B,cAAc,gBAAgB,iBAAiB,MAAM;AAAA;AAAA,MAErD,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,gBAAgB,cAAc;AAAA;AAAA,MAE1E,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,mCAAmC,KAAK;AACtD,WAAO;AAAA,MACL,GAAG;AAAA,MACH,OAAO;AAAA,IACT;AAAA,EACF;AACF;;;AG3LA,SAAoB,WAAXC,gBAA2B;;;ACLpC,SAAsB,oBAAoB;AAC1C,SAAS,gBAAgB;AAiBlB,SAAS,gBAAgB,UAA8B,CAAC,GAAG;AAChE,SAAO,eAAe,WAAW,KAAkB;AACjD,UAAM,QAAQ,MAAM,SAAS;AAAA,MAC3B;AAAA,MACA,QAAQ,QAAQ,IAAI;AAAA,IACtB,CAAC;AAED,UAAM,WAAW,IAAI,QAAQ;AAG7B,QAAI,QAAQ,aAAa,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,GAAG;AAChE,aAAO,aAAa,KAAK;AAAA,IAC3B;AAGA,UAAM,kBAAkB,QAAQ,iBAC5B,QAAQ,eAAe,KAAK,UAAQ,SAAS,WAAW,IAAI,CAAC,IAC7D;AAEJ,QAAI,CAAC,iBAAiB;AACpB,aAAO,aAAa,KAAK;AAAA,IAC3B;AAGA,QAAI,eAAe,CAAC,CAAC;AAErB,QAAI,QAAQ,WAAW,YAAY;AACjC,qBAAe,MAAM,QAAQ,UAAU,WAAW,EAAE,OAAO,IAAI,CAAC;AAAA,IAClE;AAEA,QAAI,CAAC,cAAc;AACjB,YAAM,YAAY,QAAQ,OAAO,UAAU;AAC3C,YAAM,MAAM,IAAI,IAAI,WAAW,IAAI,GAAG;AACtC,UAAI,aAAa,IAAI,eAAe,QAAQ;AAC5C,aAAO,aAAa,SAAS,GAAG;AAAA,IAClC;AAEA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAKO,SAAS,uBACd,iBAA2B,CAAC,YAAY,GACxC,cAAwB,CAAC,SAAS,WAAW,GAC7C;AACA,SAAO;AAAA,IACL,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAQP;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AChFA,SAAsB,gBAAAC,qBAAoB;AAC1C,OAAO,WAAW;AAClB,SAAS,cAAc;AAyDhB,SAAS,yBAAyB,UAAqC,CAAC,GAAG;AAChF,SAAO,eAAe,IAAI,SAAsB;AAC9C,UAAM;AAAA,MACJ,SAAS,QAAQ,IAAI,kBAAkB;AAAA,MACvC,WAAW,QAAQ,IAAI;AAAA,MACvB,eAAe,QAAQ,IAAI;AAAA,MAC3B,UAAU,QAAQ,IAAI;AAAA,MACtB,iBAAiB,QAAQ,IAAI;AAAA,MAC7B,cAAc;AAAA,MACd,WAAW;AAAA,IACb,IAAI;AAEJ,QAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,cAAQ,MAAM,yCAAyC;AACvD,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,8BAA8B,QAAQ,GAAG,CAAC;AAAA,IAC5F;AAEA,QAAI,CAAC,gBAAgB;AACnB,cAAQ,MAAM,6BAA6B;AAC3C,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,yBAAyB,QAAQ,GAAG,CAAC;AAAA,IACvF;AAEA,UAAM,eAAe,QAAQ,QAAQ;AACrC,UAAM,OAAO,aAAa,IAAI,MAAM;AAEpC,QAAI,CAAC,MAAM;AACT,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,uBAAuB,QAAQ,GAAG,CAAC;AAAA,IACrF;AAEA,QAAI;AAEF,YAAM,gBAAgB,GAAG,MAAM;AAE/B,YAAM,OAAO,IAAI,gBAAgB;AAAA,QAC/B,YAAY;AAAA,QACZ;AAAA,QACA,cAAc,GAAG,OAAO;AAAA,QACxB,WAAW;AAAA,QACX,eAAe;AAAA,MACjB,CAAC;AAGD,YAAM,eAA4B;AAAA,QAChC,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,QACA,MAAM,KAAK,SAAS;AAAA,MACtB;AAEA,UAAI,QAAQ,IAAI,aAAa,cAAc;AACzC,cAAM,QAAQ,IAAI,MAAM,MAAM;AAAA,UAC5B,oBAAoB;AAAA,QACtB,CAAC;AACD,QAAC,aAAqB,QAAQ;AAAA,MAChC;AAEA,YAAM,gBAAgB,MAAM,MAAM,eAAe,YAAY;AAC7D,YAAM,SAAS,MAAM,cAAc,KAAK;AAExC,UAAI,CAAC,cAAc,IAAI;AACrB,gBAAQ,MAAM,0BAA0B,MAAM;AAC9C,eAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,gCAAgC,QAAQ,GAAG,CAAC;AAAA,MAC9F;AAGA,YAAM,mBAAmB,GAAG,MAAM;AAClC,YAAM,mBAAmB,MAAM,MAAM,kBAAkB;AAAA,QACrD,SAAS;AAAA,UACP,iBAAiB,UAAU,OAAO,YAAY;AAAA,QAChD;AAAA,QACA,GAAI,QAAQ,IAAI,aAAa,eAAe;AAAA,UAC1C,OAAO,IAAI,MAAM,MAAM,EAAE,oBAAoB,MAAM,CAAC;AAAA,QACtD,IAAW,CAAC;AAAA,MACd,CAAC;AAED,YAAM,WAAW,MAAM,iBAAiB,KAAK;AAG7C,YAAM,eAAe,MAAM,OAAO;AAAA,QAChC,OAAO;AAAA,UACL,aAAa,OAAO;AAAA,UACpB,cAAc,OAAO;AAAA,UACrB,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,cAAc;AAAA,UACjE,SAAS,OAAO;AAAA,UAChB,OAAO,SAAS;AAAA,UAChB,UAAU,SAAS;AAAA,UACnB,MAAM,SAAS;AAAA,UACf,KAAK,SAAS;AAAA,QAChB;AAAA,QACA,QAAQ;AAAA,MACV,CAAC;AAED,YAAM,mBAAmBA,cAAa,SAAS,IAAI,IAAI,aAAa,QAAQ,GAAG,CAAC;AAGhF,YAAM,aAAa,QAAQ,IAAI,aAAa,eACxC,qCACA;AAEJ,uBAAiB,QAAQ,IAAI,YAAY,cAAc;AAAA,QACrD,UAAU;AAAA,QACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,QACjC,UAAU;AAAA,QACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,QACvB,MAAM;AAAA,MACR,CAAC;AAED,aAAO;AAAA,IACT,SAAS,OAAO;AACd,cAAQ,MAAM,yBAAyB,KAAK;AAC5C,aAAOA,cAAa,SAAS,IAAI,IAAI,GAAG,QAAQ,0BAA0B,QAAQ,GAAG,CAAC;AAAA,IACxF;AAAA,EACF;AACF;","names":["https","default","NextResponse"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@oauth42/next",
3
- "version": "0.2.3",
3
+ "version": "0.2.5",
4
4
  "description": "Official OAuth42 SDK for Next.js applications",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",
@@ -33,6 +33,7 @@
33
33
  },
34
34
  "files": [
35
35
  "dist",
36
+ "src/types",
36
37
  "README.md",
37
38
  "LICENSE"
38
39
  ],
package/src/types/index.ts ADDED
@@ -0,0 +1,73 @@
1
+ import { DefaultSession } from 'next-auth';
2
+
3
+ declare module 'next-auth' {
4
+ interface Session extends DefaultSession {
5
+ accessToken?: string;
6
+ idToken?: string;
7
+ user?: {
8
+ id?: string;
9
+ email?: string | null;
10
+ name?: string | null;
11
+ image?: string | null;
12
+ username?: string;
13
+ emailVerified?: boolean;
14
+ };
15
+ }
16
+
17
+ interface JWT {
18
+ accessToken?: string;
19
+ refreshToken?: string;
20
+ idToken?: string;
21
+ expiresAt?: number;
22
+ username?: string;
23
+ emailVerified?: boolean;
24
+ error?: string;
25
+ }
26
+ }
27
+
28
+ export interface OAuth42Config {
29
+ clientId: string;
30
+ clientSecret?: string;
31
+ issuer?: string;
32
+ authorizationUrl?: string;
33
+ tokenUrl?: string;
34
+ userinfoUrl?: string;
35
+ jwksUrl?: string;
36
+ scopes?: string[];
37
+ pkceEnabled?: boolean;
38
+ debug?: boolean;
39
+ }
40
+
41
+ export interface OAuth42TokenResponse {
42
+ access_token: string;
43
+ token_type: string;
44
+ expires_in: number;
45
+ refresh_token?: string;
46
+ id_token?: string;
47
+ scope?: string;
48
+ }
49
+
50
+ export interface OAuth42UserInfo {
51
+ sub: string;
52
+ email: string;
53
+ email_verified?: boolean;
54
+ name?: string;
55
+ given_name?: string;
56
+ family_name?: string;
57
+ picture?: string;
58
+ username?: string;
59
+ phone?: string;
60
+ address?: {
61
+ street_address?: string;
62
+ locality?: string;
63
+ region?: string;
64
+ postal_code?: string;
65
+ country?: string;
66
+ };
67
+ }
68
+
69
+ export interface OAuth42Error {
70
+ error: string;
71
+ error_description?: string;
72
+ error_uri?: string;
73
+ }
package/src/types/next-auth.d.ts ADDED
@@ -0,0 +1,28 @@
1
+ import "next-auth"
2
+ import "next-auth/jwt"
3
+
4
+ declare module "next-auth" {
5
+ interface Session {
6
+ accessToken?: string
7
+ idToken?: string
8
+ user?: {
9
+ email?: string | null
10
+ name?: string | null
11
+ image?: string | null
12
+ username?: string
13
+ emailVerified?: boolean
14
+ }
15
+ }
16
+ }
17
+
18
+ declare module "next-auth/jwt" {
19
+ interface JWT {
20
+ accessToken?: string
21
+ refreshToken?: string
22
+ idToken?: string
23
+ expiresAt?: number
24
+ email?: string
25
+ username?: string
26
+ emailVerified?: boolean
27
+ }
28
+ }