@startsimpli/auth 0.4.16 → 0.4.17

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@startsimpli/auth",
-  "version": "0.4.16",
+  "version": "0.4.17",
   "description": "Shared authentication package for StartSimpli Next.js apps",
   "main": "./src/index.ts",
   "types": "./src/index.ts",
@@ -20,19 +20,10 @@
   "publishConfig": {
     "access": "public"
   },
-  "scripts": {
-    "build": "tsup",
-    "dev": "tsup --watch",
-    "type-check": "tsc --noEmit",
-    "test": "vitest run",
-    "test:watch": "vitest",
-    "test:coverage": "vitest run --coverage",
-    "clean": "rm -rf dist"
-  },
   "peerDependencies": {
+    "expo-secure-store": ">=12.0.0",
     "next": "^14.0.0 || ^15.0.0 || ^16.0.0",
-    "react": "^18.0.0 || ^19.0.0",
-    "expo-secure-store": ">=12.0.0"
+    "react": "^18.0.0 || ^19.0.0"
   },
   "peerDependenciesMeta": {
     "next": {
@@ -43,11 +34,14 @@
     }
   },
   "devDependencies": {
+    "@testing-library/react": "^16.3.2",
+    "@types/jsdom": "^21.1.7",
     "@types/node": "^20.19.39",
     "@types/react": "^19.2.14",
     "@vitest/ui": "^4.1.5",
     "jsdom": "^29.0.2",
-    "@types/jsdom": "^21.1.7",
+    "react": "^19.2.5",
+    "react-dom": "^19.2.5",
     "tsup": "^8.5.1",
     "typescript": "^6.0.3",
     "vitest": "^4.1.5"
@@ -61,5 +55,14 @@
   ],
   "dependencies": {
     "zod": "^4.3.6"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "type-check": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "clean": "rm -rf dist"
   }
-}
+}

package/src/__tests__/auth-client-oauth-register.test.ts

@@ -5,7 +5,7 @@
  * swap (bead q6vf). They are written to fail until the implementation lands.
  *
  * Scope of this file:
- *  - AuthClient.register({ email, password, passwordConfirm, name? })
+ *  - AuthClient.register({ email, password, name? })
  *  - AuthClient.signInWithGoogle(redirectTo?)
  *  - AuthClient.completeGoogleCallback(code, state)
  *
@@ -46,7 +46,7 @@ describe('AuthClient.register (contract)', () => {
     vi.restoreAllMocks()
   })
 
-  it('POSTs { email, password, password_confirm, name } to /api/v1/auth/register/ and returns a Session', async () => {
+  it('POSTs { email, password, name } to /api/v1/auth/register/ and returns a Session', async () => {
     const client = new AuthClient(makeConfig())
     const mockFetch = vi.fn()
       .mockResolvedValueOnce({
@@ -62,7 +62,6 @@ describe('AuthClient.register (contract)', () => {
     const session = await client.register({
       email: 'new@example.com',
       password: 'SecurePass1!',
-      passwordConfirm: 'SecurePass1!',
       name: 'New User',
     })
 
@@ -74,7 +73,6 @@ describe('AuthClient.register (contract)', () => {
     expect(body.email).toBe('new@example.com')
     expect(body.password).toBe('SecurePass1!')
     // Backend expects snake_case for confirmation field
-    expect(body.password_confirm).toBe('SecurePass1!')
     expect(body.name).toBe('New User')
 
     // Return shape
@@ -97,7 +95,7 @@ describe('AuthClient.register (contract)', () => {
     }))
 
     await expect(
-      client.register({ email: 'taken@example.com', password: 'x', passwordConfirm: 'x' })
+      client.register({ email: 'taken@example.com', password: 'x' })
     ).rejects.toThrow(/already exists/i)
   })
 
@@ -120,7 +118,6 @@ describe('AuthClient.register (contract)', () => {
     const session = await client.register({
       email: 'fetched@example.com',
       password: 'SecurePass1!',
-      passwordConfirm: 'SecurePass1!',
     })
 
     expect(session.user.email).toBe('fetched@example.com')
@@ -134,7 +131,7 @@ describe('AuthClient.register (contract)', () => {
       json: async () => ({ access: VALID_TOKEN, user: userPayload() }),
     }))
 
-    await client.register({ email: 'new@example.com', password: 'x', passwordConfirm: 'x' })
+    await client.register({ email: 'new@example.com', password: 'x' })
 
     // The refresh timer is a private member — asserting via internal state
     // is brittle, but the behavior we care about is observable: getSession
@@ -154,7 +151,7 @@ describe('AuthClient.register (contract)', () => {
     const { getAccessToken, setAccessToken } = await import('../client/functions')
     setAccessToken(null) // start clean
 
-    await client.register({ email: 'new@example.com', password: 'x', passwordConfirm: 'x' })
+    await client.register({ email: 'new@example.com', password: 'x' })
 
     // @startsimpli/api's FetchWrapper reads via this module-level getter.
     // Without the mirror, useAuth().session would have a token but API calls

package/src/__tests__/auth-functions.test.ts

@@ -131,7 +131,6 @@ describe('CSRF not required for signin/register (endpoints are @csrf_exempt)', (
     await registerAccount({
       email: 'new@test.com',
       password: 'securepassword',
-      passwordConfirm: 'securepassword',
     });
 
     // Should NOT call the CSRF endpoint

package/src/__tests__/useauth-shape-contract.test.ts

@@ -31,7 +31,6 @@ describe('useAuth() shape contract (target API)', () => {
     const _: (payload: {
       email: string
       password: string
-      passwordConfirm: string
       name?: string
       firstName?: string
       lastName?: string

package/src/client/__tests__/mock-backend.test.ts

@@ -44,7 +44,7 @@ describe('createMockAuthBackend', () => {
 
   it('registers a new account (unverified) and can sign in after', async () => {
     const b = createMockAuthBackend();
-    const s = await b.register({ email: 'new@x.test', password: 'pw', passwordConfirm: 'pw', name: 'New Artist' });
+    const s = await b.register({ email: 'new@x.test', password: 'pw', name: 'New Artist' });
     expect(s.user.email).toBe('new@x.test');
     expect(s.user.isEmailVerified).toBe(false);
     expect(s.user.name).toBe('New Artist');
@@ -52,14 +52,11 @@ describe('createMockAuthBackend', () => {
     expect((await b.login('new@x.test', 'pw')).user.email).toBe('new@x.test');
   });
 
-  it('rejects duplicate registration and mismatched passwords', async () => {
+  it('rejects duplicate registration', async () => {
     const b = createMockAuthBackend({ accounts: seed() });
     await expect(
-      b.register({ email: 'a@x.test', password: 'pw', passwordConfirm: 'pw' })
+      b.register({ email: 'a@x.test', password: 'pw' })
     ).rejects.toThrow(/already exists/i);
-    await expect(
-      b.register({ email: 'b@x.test', password: 'pw', passwordConfirm: 'nope' })
-    ).rejects.toThrow(/do not match/i);
   });
 
   it('persists across a "restart" via shared storage', async () => {

package/src/client/auth-client.ts

@@ -132,7 +132,6 @@ export class AuthClient implements AuthBackend {
       body: JSON.stringify({
         email: payload.email,
         password: payload.password,
-        password_confirm: payload.passwordConfirm,
         name: payload.name,
         first_name: payload.firstName ?? firstFromName ?? undefined,
         last_name: payload.lastName ?? lastFromName ?? undefined,
@@ -191,8 +190,66 @@ export class AuthClient implements AuthBackend {
    * Complete a Google OAuth callback: exchange the code + state for a session.
    */
   async completeGoogleCallback(code: string, state: string): Promise<Session> {
+    return this.completeOAuthCallback('google', code, state);
+  }
+
+  /**
+   * Kick off Microsoft OAuth (Azure AD / Entra ID). Mirrors the Google flow;
+   * the backend returns `{ authorization_url }`.
+   */
+  async signInWithMicrosoft(redirectTo?: string): Promise<string> {
+    const defaultRedirect =
+      typeof window !== 'undefined'
+        ? `${window.location.origin}/oauth/microsoft/callback`
+        : '';
+    const redirectUri = redirectTo ?? defaultRedirect;
+
+    const response = await fetch(
+      `${this.config.apiBaseUrl}/api/v1/auth/oauth/microsoft/initiate/`,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        credentials: 'include',
+        body: JSON.stringify({ redirect_uri: redirectUri }),
+      }
+    );
+
+    const data = await response.json().catch(() => ({} as Record<string, unknown>));
+
+    if (!response.ok) {
+      throw new Error(
+        extractApiError(data as Record<string, unknown>, 'Failed to initiate Microsoft OAuth')
+      );
+    }
+
+    // Microsoft backend returns `authorization_url`; fall back to other casings.
+    const obj = data as { authorization_url?: string; auth_url?: string; authUrl?: string };
+    const url = obj.authorization_url ?? obj.auth_url ?? obj.authUrl;
+    if (!url) {
+      throw new Error('OAuth initiation succeeded but no authorization_url was returned');
+    }
+    return url;
+  }
+
+  /**
+   * Complete a Microsoft OAuth callback: exchange the code + state for a session.
+   */
+  async completeMicrosoftCallback(code: string, state: string): Promise<Session> {
+    return this.completeOAuthCallback('microsoft', code, state);
+  }
+
+  /**
+   * Provider-agnostic OAuth callback completion. Both Google and Microsoft
+   * speak the same `GET /api/v1/auth/oauth/<provider>/callback/?code=&state=`
+   * shape, so we share the implementation and just swap the path segment.
+   */
+  private async completeOAuthCallback(
+    provider: 'google' | 'microsoft',
+    code: string,
+    state: string,
+  ): Promise<Session> {
     const url = new URL(
-      `${this.config.apiBaseUrl}/api/v1/auth/oauth/google/callback/`
+      `${this.config.apiBaseUrl}/api/v1/auth/oauth/${provider}/callback/`
     );
     url.searchParams.set('code', code);
     url.searchParams.set('state', state);

package/src/client/auth-context.tsx

@@ -26,13 +26,14 @@ interface AuthContextValue extends AuthState {
   register: (payload: {
     email: string;
     password: string;
-    passwordConfirm: string;
     name?: string;
     firstName?: string;
     lastName?: string;
   }) => Promise<void>;
   signInWithGoogle: (redirectTo?: string) => Promise<string>;
   completeGoogleCallback: (code: string, state: string) => Promise<void>;
+  signInWithMicrosoft: (redirectTo?: string) => Promise<string>;
+  completeMicrosoftCallback: (code: string, state: string) => Promise<void>;
   /**
    * Hydrate the provider with an externally-acquired session. Used by OAuth
    * callback flows that run the token exchange via a component (OAuthCallback)
@@ -151,11 +152,37 @@ export function AuthProvider({
       onSessionExpiredRef.current?.();
 
       if (loginPathRef.current && typeof window !== 'undefined') {
-        const here = window.location.pathname + window.location.search;
-        const isOnLogin = window.location.pathname.startsWith(loginPathRef.current);
-        if (!isOnLogin) {
-          const callback = encodeURIComponent(here);
-          window.location.href = `${loginPathRef.current}?${callbackParamRef.current}=${callback}`;
+        const loginPath = loginPathRef.current;
+        const callbackParam = callbackParamRef.current;
+        const here = window.location.href;
+        const isAbsolute = /^https?:\/\//i.test(loginPath);
+
+        if (isAbsolute) {
+          // Full-URL loginPath (e.g. central auth host at
+          // https://auth.startsimpli.com/signin?app=vault). Avoid bouncing if
+          // we're already on that host+pathname, and preserve any pre-existing
+          // query params on the loginPath (e.g. ?app=vault) by appending the
+          // callback via URL/searchParams instead of naive string concat.
+          try {
+            const target = new URL(loginPath);
+            const current = new URL(window.location.href);
+            const isOnLogin =
+              current.host === target.host && current.pathname === target.pathname;
+            if (!isOnLogin) {
+              target.searchParams.set(callbackParam, here);
+              window.location.href = target.toString();
+            }
+          } catch {
+            // Malformed loginPath — fall through to no-op rather than crash.
+          }
+        } else {
+          const path = window.location.pathname + window.location.search;
+          const isOnLogin = window.location.pathname.startsWith(loginPath);
+          if (!isOnLogin) {
+            const callback = encodeURIComponent(path);
+            const sep = loginPath.includes('?') ? '&' : '?';
+            window.location.href = `${loginPath}${sep}${callbackParam}=${callback}`;
+          }
         }
       }
     };
@@ -230,7 +257,6 @@ export function AuthProvider({
     async (payload: {
       email: string;
       password: string;
-      passwordConfirm: string;
       name?: string;
       firstName?: string;
       lastName?: string;
@@ -269,6 +295,33 @@ export function AuthProvider({
     [authClient]
   );
 
+  const signInWithMicrosoft = useCallback(
+    async (redirectTo?: string) => {
+      if (!authClient.signInWithMicrosoft) {
+        throw new Error('signInWithMicrosoft is not supported by this auth backend');
+      }
+      return authClient.signInWithMicrosoft(redirectTo);
+    },
+    [authClient]
+  );
+
+  const completeMicrosoftCallback = useCallback(
+    async (code: string, state: string) => {
+      if (!authClient.completeMicrosoftCallback) {
+        throw new Error('completeMicrosoftCallback is not supported by this auth backend');
+      }
+      setState((prev) => ({ ...prev, isLoading: true }));
+      try {
+        const session = await authClient.completeMicrosoftCallback(code, state);
+        setState({ session, isLoading: false, isAuthenticated: true });
+      } catch (error) {
+        setState((prev) => ({ ...prev, isLoading: false }));
+        throw error;
+      }
+    },
+    [authClient]
+  );
+
   const hydrateSession = useCallback(
     (session: Session) => {
       authClient.setSession(session);
@@ -286,6 +339,8 @@ export function AuthProvider({
     register,
     signInWithGoogle,
     completeGoogleCallback,
+    signInWithMicrosoft,
+    completeMicrosoftCallback,
     hydrateSession,
   };
 

package/src/client/backend.ts

@@ -15,7 +15,6 @@ import type { Session, AuthUser } from '../types';
 export interface RegisterPayload {
   email: string;
   password: string;
-  passwordConfirm: string;
   name?: string;
   firstName?: string;
   lastName?: string;
@@ -46,6 +45,16 @@ export interface AuthBackend {
   signInWithGoogle(redirectTo?: string): Promise<string>;
   /** Complete an OAuth flow by exchanging the code+state for a session. */
   completeGoogleCallback(code: string, state: string): Promise<Session>;
+  /**
+   * Begin a Microsoft OAuth flow; returns the authorization URL to redirect
+   * to. Optional — backends that don't speak Microsoft can omit it.
+   */
+  signInWithMicrosoft?(redirectTo?: string): Promise<string>;
+  /**
+   * Complete a Microsoft OAuth callback. Optional — backends that don't speak
+   * Microsoft can omit it.
+   */
+  completeMicrosoftCallback?(code: string, state: string): Promise<Session>;
   /**
    * Optional. Register the provider's session-expiry handler. The Django
    * AuthClient wires this through AuthConfig.onSessionExpired instead, so it

package/src/client/functions.ts

@@ -74,6 +74,8 @@ const AUTH_PATHS = {
   RESEND_VERIFICATION: `${API_BASE}/auth/resend-verification/`,
   OAUTH_GOOGLE_INITIATE: `${API_BASE}/auth/oauth/google/initiate/`,
   OAUTH_GOOGLE_CALLBACK: `${API_BASE}/auth/oauth/google/callback/`,
+  OAUTH_MICROSOFT_INITIATE: `${API_BASE}/auth/oauth/microsoft/initiate/`,
+  OAUTH_MICROSOFT_CALLBACK: `${API_BASE}/auth/oauth/microsoft/callback/`,
   ME: `${API_BASE}/auth/me/`,
 } as const;
 
@@ -297,7 +299,6 @@ export async function signInWithCredentials(email: string, password: string) {
 export async function registerAccount(payload: {
   email: string;
   password: string;
-  passwordConfirm: string;
   name?: string;
   firstName?: string;
   lastName?: string;
@@ -316,7 +317,6 @@ export async function registerAccount(payload: {
     body: JSON.stringify({
       email: payload.email,
       password: payload.password,
-      password_confirm: payload.passwordConfirm,
       first_name: payload.firstName ?? firstFromName ?? undefined,
       last_name: payload.lastName ?? lastFromName ?? undefined,
     }),
@@ -353,7 +353,6 @@ export async function requestPasswordReset(email: string): Promise<void> {
 export async function resetPassword(payload: {
   token: string;
   password: string;
-  passwordConfirm: string;
   email?: string;
 }): Promise<void> {
   const response = await fetchWithTimeout(resolveAuthUrl(AUTH_PATHS.RESET_PASSWORD), {
@@ -362,7 +361,6 @@ export async function resetPassword(payload: {
     body: JSON.stringify({
       token: payload.token,
       password: payload.password,
-      password_confirm: payload.passwordConfirm,
       ...(payload.email ? { email: payload.email } : {}),
     }),
   });
@@ -427,9 +425,37 @@ export async function initiateGoogleOAuth(redirectUri: string): Promise<any> {
 }
 
 export async function completeGoogleOAuth(code: string, state: string) {
+  return _completeOAuthCallback(AUTH_PATHS.OAUTH_GOOGLE_CALLBACK, code, state);
+}
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export async function initiateMicrosoftOAuth(redirectUri: string): Promise<any> {
+  const response = await fetch(resolveAuthUrl(AUTH_PATHS.OAUTH_MICROSOFT_INITIATE), {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    credentials: 'include',
+    body: JSON.stringify({ redirect_uri: redirectUri }),
+  });
+
+  const data = await response.json().catch(() => ({}));
+
+  if (!response.ok) {
+    const d = data as Record<string, unknown>;
+    const message = (d?.detail || d?.error || 'Failed to initiate Microsoft OAuth') as string;
+    throw new Error(message);
+  }
+
+  return data;
+}
+
+export async function completeMicrosoftOAuth(code: string, state: string) {
+  return _completeOAuthCallback(AUTH_PATHS.OAUTH_MICROSOFT_CALLBACK, code, state);
+}
+
+async function _completeOAuthCallback(callbackPath: string, code: string, state: string) {
   const response = await fetchWithTimeout(
     resolveAuthUrl(
-      `${AUTH_PATHS.OAUTH_GOOGLE_CALLBACK}?code=${encodeURIComponent(code)}&state=${encodeURIComponent(state)}`
+      `${callbackPath}?code=${encodeURIComponent(code)}&state=${encodeURIComponent(state)}`
     ),
     { credentials: 'include' }
   );

package/src/client/mock-backend.ts

@@ -153,9 +153,6 @@ export function createMockAuthBackend(
       if (accounts.has(key)) {
         throw new Error('An account with this email already exists');
       }
-      if (payload.password !== payload.passwordConfirm) {
-        throw new Error('Passwords do not match');
-      }
       const user = createUser(payload);
       accounts.set(key, { password: payload.password, user });
       session = makeSession(user);

package/src/client/use-auth.ts

@@ -20,13 +20,14 @@ export interface UseAuthReturn {
   register: (payload: {
     email: string;
     password: string;
-    passwordConfirm: string;
     name?: string;
     firstName?: string;
     lastName?: string;
   }) => Promise<void>;
   signInWithGoogle: (redirectTo?: string) => Promise<string>;
   completeGoogleCallback: (code: string, state: string) => Promise<void>;
+  signInWithMicrosoft: (redirectTo?: string) => Promise<string>;
+  completeMicrosoftCallback: (code: string, state: string) => Promise<void>;
   hydrateSession: (session: Session) => void;
 }
 
@@ -45,6 +46,8 @@ export function useAuth(): UseAuthReturn {
     register,
     signInWithGoogle,
     completeGoogleCallback,
+    signInWithMicrosoft,
+    completeMicrosoftCallback,
     hydrateSession,
   } = useAuthContext();
 
@@ -60,6 +63,8 @@ export function useAuth(): UseAuthReturn {
     register,
     signInWithGoogle,
     completeGoogleCallback,
+    signInWithMicrosoft,
+    completeMicrosoftCallback,
     hydrateSession,
   };
 }

package/src/components/forgot-password-form.tsx

@@ -0,0 +1,97 @@
+'use client'
+
+/**
+ * ForgotPasswordForm — shared "send a reset link" form. startsim-j29.
+ */
+
+import { useState } from 'react'
+import { requestPasswordReset } from '../client/functions'
+
+export interface ForgotPasswordFormProps {
+  onSuccess?: (email: string) => void
+  onSubmit?: (email: string) => Promise<void>
+  submitLabel?: string
+  submittingLabel?: string
+  successMessage?: string
+  classNames?: ForgotPasswordFormClassNames
+}
+
+export interface ForgotPasswordFormClassNames {
+  form?: string
+  fieldRow?: string
+  label?: string
+  input?: string
+  errorText?: string
+  submitButton?: string
+  successText?: string
+}
+
+const DEFAULTS: Required<ForgotPasswordFormClassNames> = {
+  form: 'space-y-4',
+  fieldRow: '',
+  label: 'block text-sm font-medium text-gray-700 mb-1',
+  input:
+    'w-full rounded-lg border border-gray-300 px-3 py-2 text-sm outline-none focus:border-primary-500 focus:ring-1 focus:ring-primary-500',
+  errorText: 'text-sm text-red-600',
+  submitButton:
+    'w-full rounded-lg bg-primary-600 px-4 py-2 text-sm font-semibold text-white hover:bg-primary-700 disabled:opacity-50',
+  successText: 'text-sm text-green-700',
+}
+
+export function ForgotPasswordForm({
+  onSuccess,
+  onSubmit,
+  submitLabel = 'Send reset link',
+  submittingLabel = 'Sending…',
+  successMessage = 'If an account with that email exists, you’ll get a reset link shortly.',
+  classNames,
+}: ForgotPasswordFormProps) {
+  const [email, setEmail] = useState('')
+  const [error, setError] = useState('')
+  const [success, setSuccess] = useState(false)
+  const [submitting, setSubmitting] = useState(false)
+  const cls = { ...DEFAULTS, ...(classNames ?? {}) }
+
+  async function handleSubmit(e: React.FormEvent) {
+    e.preventDefault()
+    setError('')
+    setSuccess(false)
+    setSubmitting(true)
+    try {
+      if (onSubmit) await onSubmit(email)
+      else await requestPasswordReset(email)
+      setSuccess(true)
+      onSuccess?.(email)
+    } catch (err) {
+      setError(err instanceof Error ? err.message : 'Could not send reset link')
+    } finally {
+      setSubmitting(false)
+    }
+  }
+
+  if (success) {
+    return <p className={cls.successText}>{successMessage}</p>
+  }
+
+  return (
+    <form onSubmit={handleSubmit} className={cls.form}>
+      <div className={cls.fieldRow}>
+        <label htmlFor="forgot-email" className={cls.label}>Email</label>
+        <input
+          id="forgot-email"
+          type="email"
+          value={email}
+          onChange={(e) => setEmail(e.target.value)}
+          autoComplete="email"
+          required
+          className={cls.input}
+          disabled={submitting}
+        />
+      </div>
+      {error && <p className={cls.errorText}>{error}</p>}
+      <button type="submit" disabled={submitting} className={cls.submitButton}>
+        {submitting ? submittingLabel : submitLabel}
+      </button>
+    </form>
+  )
+}

package/src/components/index.ts

@@ -1,4 +1,8 @@
 export { GoogleSignInButton, type GoogleSignInButtonProps } from './google-sign-in-button'
 export { OAuthCallback, type OAuthCallbackProps } from './oauth-callback'
-export { useOAuthCallback, type UseOAuthCallbackOptions, type UseOAuthCallbackReturn, type OAuthCallbackResult } from './use-oauth-callback'
+export { useOAuthCallback, type UseOAuthCallbackOptions, type UseOAuthCallbackReturn, type OAuthCallbackResult, type OAuthProvider } from './use-oauth-callback'
 export { OAuthConnectionCard, type OAuthConnectionCardProps } from './oauth-connection-card'
+export { SignupForm, type SignupFormProps, type SignupPayload, type SignupFormClassNames } from './signup-form'
+export { SignInForm, type SignInFormProps, type SignInPayload, type SignInFormClassNames } from './sign-in-form'
+export { ResetPasswordForm, type ResetPasswordFormProps, type ResetPasswordFormClassNames } from './reset-password-form'
+export { ForgotPasswordForm, type ForgotPasswordFormProps, type ForgotPasswordFormClassNames } from './forgot-password-form'

package/src/components/oauth-callback.tsx

@@ -1,7 +1,6 @@
 'use client'
 
-import type { AuthUser } from '../types'
-import { useOAuthCallback, type OAuthCallbackResult } from './use-oauth-callback'
+import { useOAuthCallback, type OAuthCallbackResult, type OAuthProvider } from './use-oauth-callback'
 
 export interface OAuthCallbackProps {
   /** Code from OAuth redirect URL params */
@@ -18,6 +17,8 @@ export interface OAuthCallbackProps {
   loadingContent?: React.ReactNode
   /** Custom error content renderer */
   renderError?: (error: string, signInPath: string) => React.ReactNode
+  /** OAuth provider to complete the callback against. Default: 'google'. */
+  provider?: OAuthProvider
 }
 
 /**
@@ -45,12 +46,14 @@ export function OAuthCallback({
   signInPath = '/auth/signin',
   loadingContent,
   renderError,
+  provider,
 }: OAuthCallbackProps) {
   const { error, isProcessing, redirectTo } = useOAuthCallback(
     { code, state },
     {
       onSuccess: (result) => onSuccess({ ...result, redirectTo }),
       onError,
+      provider,
     },
   )