actor-gate 0.1.0

package/src/next/app/catch-all.js

@@ -0,0 +1,82 @@
+import { AUTH_ROUTE_HTTP_METHODS, isAuthRouteMethodAllowed, normalizeAuthRouteSegments, resolveAuthRoute, } from '../shared/auth-routes';
+function jsonResponse(statusCode, body, headers) {
+    const responseHeaders = new Headers(headers);
+    responseHeaders.set('Content-Type', 'application/json');
+    return new Response(JSON.stringify(body), {
+        status: statusCode,
+        headers: responseHeaders,
+    });
+}
+function sendUnsupportedRoute() {
+    return jsonResponse(404, {
+        error: 'not_found',
+        error_description: 'Unsupported auth route.',
+    });
+}
+function sendMethodNotAllowed(allowedMethods) {
+    return jsonResponse(405, {
+        error: 'method_not_allowed',
+        error_description: 'HTTP method not allowed for auth route.',
+    }, { Allow: allowedMethods.join(', ') });
+}
+async function resolveParams(context) {
+    if (context.params === undefined) {
+        return {};
+    }
+    return context.params instanceof Promise
+        ? await context.params
+        : context.params;
+}
+export function createAppAuthCatchAllHandlers(options) {
+    const dispatch = async function dispatch(req, context) {
+        const params = await resolveParams(context);
+        const segments = normalizeAuthRouteSegments(params.auth);
+        const route = resolveAuthRoute(segments);
+        if (!route) {
+            return options.onUnsupportedRoute
+                ? options.onUnsupportedRoute({
+                    req,
+                    params,
+                    segments,
+                })
+                : sendUnsupportedRoute();
+        }
+        if (!isAuthRouteMethodAllowed(route, req.method)) {
+            return options.onMethodNotAllowed
+                ? options.onMethodNotAllowed({
+                    req,
+                    params,
+                    action: route.action,
+                    allowedMethods: route.methods,
+                })
+                : sendMethodNotAllowed(route.methods);
+        }
+        const handler = options.handlers[route.action];
+        if (!handler) {
+            return options.onUnsupportedRoute
+                ? options.onUnsupportedRoute({
+                    req,
+                    params,
+                    segments,
+                    action: route.action,
+                })
+                : sendUnsupportedRoute();
+        }
+        return handler({
+            req,
+            params,
+            action: route.action,
+            segments,
+        });
+    };
+    return {
+        GET: dispatch,
+        POST: dispatch,
+        PUT: dispatch,
+        PATCH: dispatch,
+        DELETE: dispatch,
+        OPTIONS: dispatch,
+        HEAD: dispatch,
+    };
+}
+export const APP_AUTH_CATCH_ALL_METHODS = AUTH_ROUTE_HTTP_METHODS;

package/src/next/app/cookies.d.ts

@@ -0,0 +1,22 @@
+import { type CookieSameSite, type PagesCookieOptions } from '../pages/cookies';
+export type AppCookieOptions = PagesCookieOptions;
+export declare function appendAppSetCookieHeader(headers: Headers, serializedCookie: string): void;
+export declare function setAppCookie(headers: Headers, input: {
+    name: string;
+    value: string;
+    options?: AppCookieOptions;
+}): string;
+export declare function setAppAuthCookie(headers: Headers, input: {
+    name: string;
+    value: string;
+    maxAgeSeconds: number;
+    secure?: boolean;
+    sameSite?: CookieSameSite;
+    path?: string;
+}): string;
+export declare function clearAppAuthCookie(headers: Headers, input: {
+    name: string;
+    secure?: boolean;
+    sameSite?: CookieSameSite;
+    path?: string;
+}): string;

package/src/next/app/cookies.js

@@ -0,0 +1,36 @@
+import { serializeSetCookie, } from '../pages/cookies';
+export function appendAppSetCookieHeader(headers, serializedCookie) {
+    headers.append('Set-Cookie', serializedCookie);
+}
+export function setAppCookie(headers, input) {
+    const serializedCookie = serializeSetCookie(input);
+    appendAppSetCookieHeader(headers, serializedCookie);
+    return serializedCookie;
+}
+export function setAppAuthCookie(headers, input) {
+    return setAppCookie(headers, {
+        name: input.name,
+        value: input.value,
+        options: {
+            path: input.path ?? '/',
+            maxAgeSeconds: input.maxAgeSeconds,
+            secure: input.secure ?? false,
+            httpOnly: true,
+            sameSite: input.sameSite ?? 'lax',
+        },
+    });
+}
+export function clearAppAuthCookie(headers, input) {
+    return setAppCookie(headers, {
+        name: input.name,
+        value: '',
+        options: {
+            path: input.path ?? '/',
+            maxAgeSeconds: 0,
+            expires: new Date(0),
+            secure: input.secure ?? false,
+            httpOnly: true,
+            sameSite: input.sameSite ?? 'lax',
+        },
+    });
+}

package/src/next/app/direct-auth-handlers.d.ts

@@ -0,0 +1,55 @@
+import type { LoginMethodAdapter } from '../../core/adapters/login-method-adapter';
+import type { DirectAuthService } from '../../core/services/direct-auth-service';
+import type { AuthActor } from '../../core/types/auth-contract';
+import { type DirectAccessTokenTransportConfig, type DirectCsrfConfig, type RefreshTokenSource } from '../shared/direct-auth-utils';
+export type DirectCookieConfig = {
+    enabled?: boolean;
+    accessTokenCookieName?: string;
+    refreshTokenCookieName?: string;
+    path?: string;
+    sameSite?: 'lax' | 'strict' | 'none';
+    secure?: boolean;
+    secureInProduction?: boolean;
+    refreshTokenMaxAgeSeconds?: number;
+};
+export type AppDirectLoginIssueResult = {
+    accessToken?: string;
+    accessClaims?: {
+        exp: number;
+        iat: number;
+    };
+    refreshToken?: string;
+    clientSession?: unknown;
+    body?: Record<string, unknown>;
+    redirectTo?: string;
+    statusCode?: number;
+};
+export type CreateAppDirectAuthHandlersOptions<TSessionId, TUserId, TActor extends AuthActor = AuthActor> = {
+    directAuthService: DirectAuthService<TSessionId, TUserId, TActor>;
+    loginMethods?: Readonly<Record<string, LoginMethodAdapter<TUserId>>>;
+    issueLogin?: (input: {
+        req: Request;
+        requestId?: string;
+        method: string;
+        userId: TUserId;
+    }) => Promise<AppDirectLoginIssueResult | void> | AppDirectLoginIssueResult | void;
+    defaultLoginMethod?: string;
+    parseSessionId?: (value: unknown) => TSessionId | undefined;
+    accessTokenTransport?: DirectAccessTokenTransportConfig<TActor>;
+    refreshTokenFieldName?: string;
+    refreshTokenPriority?: readonly RefreshTokenSource[];
+    expectedAudience?: string;
+    allowedActors?: readonly TActor[] | ReadonlySet<TActor>;
+    csrf?: DirectCsrfConfig;
+    cookies?: DirectCookieConfig;
+    logoutAllowMissingCredentials?: boolean;
+    requestIdHeaderName?: string;
+    authorizationHeaderName?: string;
+};
+export type AppDirectAuthHandlers = {
+    refresh: (req: Request) => Promise<Response>;
+    logout: (req: Request) => Promise<Response>;
+    loginStart: (req: Request) => Promise<Response>;
+    loginFinish: (req: Request) => Promise<Response>;
+};
+export declare function createAppDirectAuthHandlers<TSessionId, TUserId, TActor extends AuthActor = AuthActor>(options: CreateAppDirectAuthHandlersOptions<TSessionId, TUserId, TActor>): AppDirectAuthHandlers;

package/src/next/app/direct-auth-handlers.js

@@ -0,0 +1,419 @@
+import { AuthServiceError } from '../../core/services/auth-error';
+import { clearAppAuthCookie, setAppAuthCookie, } from './cookies';
+import { sendAppRedirect } from './response';
+import { withAppAuthRoute } from './wrapper';
+import { assertBearerOnlyActorPolicy, assertCsrfForCookieMutation, DEFAULT_ACCESS_TOKEN_COOKIE_NAME, DEFAULT_REFRESH_TOKEN_COOKIE_NAME, extractRefreshToken, parseNonNegativeSafeInteger, resolveAccessTokenTransportAdapter, resolveCookieSecureFlag, resolveLoginMethod, resolvePathnameFromUrl, } from '../shared/direct-auth-utils';
+import { parseBodyToRecord, toSingleString } from '../shared/oauth-utils';
+function jsonResponse(statusCode, body, headers) {
+    const responseHeaders = new Headers(headers);
+    responseHeaders.set('Content-Type', 'application/json');
+    return new Response(JSON.stringify(body), {
+        status: statusCode,
+        headers: responseHeaders,
+    });
+}
+function methodNotAllowedResponse(allowedMethods) {
+    return jsonResponse(405, {
+        error: 'method_not_allowed',
+        error_description: 'HTTP method not allowed for auth route.',
+    }, { Allow: allowedMethods.join(', ') });
+}
+function buildTokenOutput(input) {
+    const expiresIn = Math.max(0, input.accessClaims.exp - input.accessClaims.iat);
+    return {
+        access_token: input.accessToken,
+        token_type: 'Bearer',
+        expires_in: expiresIn,
+        ...(input.refreshToken === undefined
+            ? {}
+            : { refresh_token: input.refreshToken }),
+        ...(input.clientSession === undefined
+            ? {}
+            : { clientSession: input.clientSession }),
+    };
+}
+function resolveCookiesConfig(config) {
+    const path = toSingleString(config?.path) ?? '/';
+    const sameSite = config?.sameSite ?? 'lax';
+    const secure = resolveCookieSecureFlag({
+        ...(config?.secure === undefined ? {} : { secure: config.secure }),
+        ...(config?.secureInProduction === undefined
+            ? {}
+            : { secureInProduction: config.secureInProduction }),
+    });
+    return {
+        enabled: config?.enabled ?? true,
+        accessTokenCookieName: toSingleString(config?.accessTokenCookieName) ??
+            DEFAULT_ACCESS_TOKEN_COOKIE_NAME,
+        refreshTokenCookieName: toSingleString(config?.refreshTokenCookieName) ??
+            DEFAULT_REFRESH_TOKEN_COOKIE_NAME,
+        options: {
+            path,
+            sameSite,
+            secure,
+        },
+        refreshTokenMaxAgeSeconds: parseNonNegativeSafeInteger(config?.refreshTokenMaxAgeSeconds ?? 60 * 60 * 24 * 30, 'cookies.refreshTokenMaxAgeSeconds'),
+    };
+}
+function appendAuthCookies(input) {
+    if (!input.cookiesConfig.enabled) {
+        return;
+    }
+    setAppAuthCookie(input.headers, {
+        name: input.cookiesConfig.accessTokenCookieName,
+        value: input.accessToken,
+        maxAgeSeconds: input.accessTokenMaxAgeSeconds,
+        ...input.cookiesConfig.options,
+    });
+    if (input.refreshToken !== undefined) {
+        setAppAuthCookie(input.headers, {
+            name: input.cookiesConfig.refreshTokenCookieName,
+            value: input.refreshToken,
+            maxAgeSeconds: input.cookiesConfig.refreshTokenMaxAgeSeconds,
+            ...input.cookiesConfig.options,
+        });
+    }
+}
+function appendClearAuthCookies(headers, cookiesConfig) {
+    if (!cookiesConfig.enabled) {
+        return;
+    }
+    clearAppAuthCookie(headers, {
+        name: cookiesConfig.accessTokenCookieName,
+        ...cookiesConfig.options,
+    });
+    clearAppAuthCookie(headers, {
+        name: cookiesConfig.refreshTokenCookieName,
+        ...cookiesConfig.options,
+    });
+}
+async function readBody(req) {
+    return parseBodyToRecord(await req.text());
+}
+function getQueryMethod(req) {
+    return new URL(req.url).searchParams.get('method') ?? undefined;
+}
+function requireLoginMethods(loginMethods) {
+    if (!loginMethods || Object.keys(loginMethods).length === 0) {
+        throw new AuthServiceError({
+            code: 'invalid_request',
+            message: 'No login methods are configured.',
+        });
+    }
+    return loginMethods;
+}
+function requireLoginMethod(input) {
+    const adapter = input.loginMethods[input.method];
+    if (!adapter) {
+        throw new AuthServiceError({
+            code: 'invalid_request',
+            message: `Unsupported login method "${input.method}".`,
+        });
+    }
+    return adapter;
+}
+export function createAppDirectAuthHandlers(options) {
+    const cookiesConfig = resolveCookiesConfig(options.cookies);
+    const refreshTokenFieldName = toSingleString(options.refreshTokenFieldName) ?? 'refresh_token';
+    const accessTokenTransport = resolveAccessTokenTransportAdapter(options.accessTokenTransport);
+    const logoutAllowMissingCredentials = options.logoutAllowMissingCredentials ?? true;
+    const refresh = withAppAuthRoute({
+        ...(options.requestIdHeaderName === undefined
+            ? {}
+            : { requestIdHeaderName: options.requestIdHeaderName }),
+        ...(options.authorizationHeaderName === undefined
+            ? {}
+            : { authorizationHeaderName: options.authorizationHeaderName }),
+        handler: async ({ req, requestId, cookies }) => {
+            if (req.method !== 'POST') {
+                return methodNotAllowedResponse(['POST']);
+            }
+            const body = await readBody(req);
+            const pathname = resolvePathnameFromUrl(req.url);
+            const extractedRefreshToken = extractRefreshToken({
+                body,
+                cookies,
+                bodyFieldName: refreshTokenFieldName,
+                cookieName: cookiesConfig.refreshTokenCookieName,
+                ...(options.refreshTokenPriority === undefined
+                    ? {}
+                    : { priority: options.refreshTokenPriority }),
+            });
+            assertCsrfForCookieMutation({
+                method: req.method,
+                pathname,
+                cookies,
+                headers: req.headers,
+                body,
+                cookieAuthenticated: extractedRefreshToken.source === 'cookie',
+                ...(options.csrf === undefined ? {} : { config: options.csrf }),
+            });
+            if (extractedRefreshToken.token === undefined) {
+                throw new AuthServiceError({
+                    code: 'unauthorized',
+                    message: 'Refresh token is required.',
+                });
+            }
+            const refreshed = await options.directAuthService.refresh({
+                refreshToken: extractedRefreshToken.token,
+                ...(requestId === undefined ? {} : { requestId }),
+            });
+            const output = buildTokenOutput({
+                accessToken: refreshed.accessToken,
+                accessClaims: refreshed.accessClaims,
+                ...(refreshed.refreshToken === undefined
+                    ? {}
+                    : { refreshToken: refreshed.refreshToken }),
+                ...(refreshed.clientSession === undefined
+                    ? {}
+                    : { clientSession: refreshed.clientSession }),
+            });
+            if (extractedRefreshToken.source !== 'cookie') {
+                return output;
+            }
+            const headers = new Headers();
+            appendAuthCookies({
+                headers,
+                cookiesConfig,
+                accessToken: refreshed.accessToken,
+                accessTokenMaxAgeSeconds: output.expires_in,
+                refreshToken: refreshed.refreshToken ?? extractedRefreshToken.token,
+            });
+            return jsonResponse(200, output, headers);
+        },
+    });
+    const logout = withAppAuthRoute({
+        ...(options.requestIdHeaderName === undefined
+            ? {}
+            : { requestIdHeaderName: options.requestIdHeaderName }),
+        ...(options.authorizationHeaderName === undefined
+            ? {}
+            : { authorizationHeaderName: options.authorizationHeaderName }),
+        handler: async ({ req, requestId, transport, cookies }) => {
+            if (req.method !== 'POST') {
+                return methodNotAllowedResponse(['POST']);
+            }
+            const body = await readBody(req);
+            const pathname = resolvePathnameFromUrl(req.url);
+            const extractedRefreshToken = extractRefreshToken({
+                body,
+                cookies,
+                bodyFieldName: refreshTokenFieldName,
+                cookieName: cookiesConfig.refreshTokenCookieName,
+                ...(options.refreshTokenPriority === undefined
+                    ? {}
+                    : { priority: options.refreshTokenPriority }),
+            });
+            const extractedAccessToken = accessTokenTransport.extractAccessToken({
+                transport,
+            });
+            assertCsrfForCookieMutation({
+                method: req.method,
+                pathname,
+                cookies,
+                headers: req.headers,
+                body,
+                cookieAuthenticated: extractedRefreshToken.source === 'cookie' ||
+                    extractedAccessToken.source === 'cookie',
+                ...(options.csrf === undefined ? {} : { config: options.csrf }),
+            });
+            let validatedAccess;
+            if (extractedAccessToken.token) {
+                validatedAccess = await options.directAuthService.validateAccessToken({
+                    accessToken: extractedAccessToken.token,
+                    ...(requestId === undefined ? {} : { requestId }),
+                    ...(options.expectedAudience === undefined
+                        ? {}
+                        : { expectedAudience: options.expectedAudience }),
+                    ...(options.allowedActors === undefined
+                        ? {}
+                        : { allowedActors: options.allowedActors }),
+                });
+                assertBearerOnlyActorPolicy({
+                    actor: validatedAccess.claims.actor,
+                    ...(extractedAccessToken.source === undefined
+                        ? {}
+                        : { source: extractedAccessToken.source }),
+                    ...(options.accessTokenTransport?.requireBearerForActors === undefined
+                        ? {}
+                        : {
+                            requireBearerForActors: options.accessTokenTransport.requireBearerForActors,
+                        }),
+                });
+            }
+            const sessionId = options.parseSessionId?.(body.session_id);
+            const resolvedSessionId = sessionId ?? validatedAccess?.authContext.sessionId;
+            const headers = new Headers();
+            appendClearAuthCookies(headers, cookiesConfig);
+            if (resolvedSessionId === undefined &&
+                extractedRefreshToken.token === undefined &&
+                validatedAccess === undefined) {
+                if (logoutAllowMissingCredentials) {
+                    return jsonResponse(200, {
+                        ok: true,
+                        session_revoked: false,
+                        refresh_token_revoked: false,
+                        access_token_revoked: false,
+                    }, headers);
+                }
+                throw new AuthServiceError({
+                    code: 'invalid_request',
+                    message: 'At least one logout credential (session_id, refresh_token, or access token) is required.',
+                });
+            }
+            const result = await options.directAuthService.logout({
+                ...(requestId === undefined ? {} : { requestId }),
+                ...(resolvedSessionId === undefined
+                    ? {}
+                    : { sessionId: resolvedSessionId }),
+                ...(extractedRefreshToken.token === undefined
+                    ? {}
+                    : { refreshToken: extractedRefreshToken.token }),
+                ...(validatedAccess === undefined
+                    ? {}
+                    : {
+                        accessTokenJti: validatedAccess.claims.jti,
+                        accessTokenExpiresAtUnix: validatedAccess.claims.exp,
+                    }),
+            });
+            return jsonResponse(200, {
+                ok: true,
+                session_revoked: result.sessionRevoked,
+                refresh_token_revoked: result.refreshTokenRevoked,
+                access_token_revoked: result.accessTokenRevoked,
+            }, headers);
+        },
+    });
+    const loginStart = withAppAuthRoute({
+        ...(options.requestIdHeaderName === undefined
+            ? {}
+            : { requestIdHeaderName: options.requestIdHeaderName }),
+        handler: async ({ req }) => {
+            if (req.method !== 'POST') {
+                return methodNotAllowedResponse(['POST']);
+            }
+            const loginMethods = requireLoginMethods(options.loginMethods);
+            const body = await readBody(req);
+            const method = resolveLoginMethod({
+                pathname: resolvePathnameFromUrl(req.url),
+                phase: 'start',
+                body,
+                queryMethod: getQueryMethod(req),
+                ...(options.defaultLoginMethod === undefined
+                    ? {}
+                    : { defaultMethod: options.defaultLoginMethod }),
+            });
+            const adapter = requireLoginMethod({
+                loginMethods,
+                method,
+            });
+            if (!adapter.start) {
+                throw new AuthServiceError({
+                    code: 'invalid_request',
+                    message: `Login method "${method}" does not implement start.`,
+                });
+            }
+            await adapter.start(body);
+            return { ok: true };
+        },
+    });
+    const loginFinish = withAppAuthRoute({
+        ...(options.requestIdHeaderName === undefined
+            ? {}
+            : { requestIdHeaderName: options.requestIdHeaderName }),
+        handler: async ({ req, requestId }) => {
+            if (req.method !== 'GET') {
+                return methodNotAllowedResponse(['GET']);
+            }
+            const loginMethods = requireLoginMethods(options.loginMethods);
+            const query = Object.fromEntries(new URL(req.url).searchParams.entries());
+            const method = resolveLoginMethod({
+                pathname: resolvePathnameFromUrl(req.url),
+                phase: 'finish',
+                queryMethod: query.method,
+                ...(options.defaultLoginMethod === undefined
+                    ? {}
+                    : { defaultMethod: options.defaultLoginMethod }),
+            });
+            const adapter = requireLoginMethod({
+                loginMethods,
+                method,
+            });
+            const finishResult = await adapter.finish(query);
+            if (finishResult === null) {
+                throw new AuthServiceError({
+                    code: 'unauthorized',
+                    message: 'Login method did not authenticate a user.',
+                });
+            }
+            if (!options.issueLogin) {
+                return { ok: true };
+            }
+            const issued = await options.issueLogin({
+                req,
+                method,
+                userId: finishResult.userId,
+                ...(requestId === undefined ? {} : { requestId }),
+            });
+            if (!issued) {
+                return { ok: true };
+            }
+            if (issued.accessToken !== undefined) {
+                if (issued.accessClaims === undefined) {
+                    throw new AuthServiceError({
+                        code: 'invalid_request',
+                        message: 'issueLogin must include accessClaims when accessToken is provided.',
+                    });
+                }
+                const tokenOutput = buildTokenOutput({
+                    accessToken: issued.accessToken,
+                    accessClaims: issued.accessClaims,
+                    ...(issued.refreshToken === undefined
+                        ? {}
+                        : { refreshToken: issued.refreshToken }),
+                    ...(issued.clientSession === undefined
+                        ? {}
+                        : { clientSession: issued.clientSession }),
+                });
+                const headers = new Headers();
+                appendAuthCookies({
+                    headers,
+                    cookiesConfig,
+                    accessToken: issued.accessToken,
+                    accessTokenMaxAgeSeconds: tokenOutput.expires_in,
+                    ...(issued.refreshToken === undefined
+                        ? {}
+                        : { refreshToken: issued.refreshToken }),
+                });
+                if (issued.redirectTo) {
+                    const redirectResponse = sendAppRedirect({
+                        location: issued.redirectTo,
+                        ...(issued.statusCode === undefined
+                            ? {}
+                            : { statusCode: issued.statusCode }),
+                    });
+                    headers.forEach((value, key) => {
+                        redirectResponse.headers.append(key, value);
+                    });
+                    return redirectResponse;
+                }
+                return jsonResponse(200, issued.body ?? tokenOutput, headers);
+            }
+            if (issued.redirectTo) {
+                return sendAppRedirect({
+                    location: issued.redirectTo,
+                    ...(issued.statusCode === undefined
+                        ? {}
+                        : { statusCode: issued.statusCode }),
+                });
+            }
+            return issued.body ?? { ok: true };
+        },
+    });
+    return {
+        refresh,
+        logout,
+        loginStart,
+        loginFinish,
+    };
+}

package/src/next/app/index.d.ts

@@ -0,0 +1,8 @@
+export { buildAppAccessTokenTransportInput, getAppAuthorizationHeader, getAppCookies, getAppRequestId, } from './request';
+export { appendAppSetCookieHeader, clearAppAuthCookie, setAppAuthCookie, setAppCookie, type AppCookieOptions, } from './cookies';
+export { sendAppAuthError, sendAppRedirect, sendAppSystemError, type AppAuthErrorResponseBody, } from './response';
+export { withAppAuthRoute, type AppAuthRouteContext, type WithAppAuthRouteOptions, } from './wrapper';
+export { withAppProtectedRoute, type AppProtectedAuth, type AppProtectedRouteContext, type WithAppProtectedRouteOptions, } from './protected-route';
+export { APP_AUTH_CATCH_ALL_METHODS, createAppAuthCatchAllHandlers, type AppAuthCatchAllActionHandler, type AppAuthCatchAllContext, type AppAuthCatchAllHandlers, type AppAuthCatchAllMethodHandler, type AppAuthCatchAllParams, type CreateAppAuthCatchAllHandlersOptions, } from './catch-all';
+export { createAppMcpHandler, createAppOAuthHandlers, createAppWellKnownHandlers, type AppOAuthHandlers, type AppWellKnownHandlers, type CreateAppMcpHandlerOptions, type CreateAppOAuthHandlersOptions, type CreateAppWellKnownHandlersOptions, } from './mcp-oauth-handlers';
+export { createAppDirectAuthHandlers, type AppDirectAuthHandlers, type AppDirectLoginIssueResult, type CreateAppDirectAuthHandlersOptions, type DirectCookieConfig as AppDirectCookieConfig, } from './direct-auth-handlers';

package/src/next/app/index.js

@@ -0,0 +1,8 @@
+export { buildAppAccessTokenTransportInput, getAppAuthorizationHeader, getAppCookies, getAppRequestId, } from './request';
+export { appendAppSetCookieHeader, clearAppAuthCookie, setAppAuthCookie, setAppCookie, } from './cookies';
+export { sendAppAuthError, sendAppRedirect, sendAppSystemError, } from './response';
+export { withAppAuthRoute, } from './wrapper';
+export { withAppProtectedRoute, } from './protected-route';
+export { APP_AUTH_CATCH_ALL_METHODS, createAppAuthCatchAllHandlers, } from './catch-all';
+export { createAppMcpHandler, createAppOAuthHandlers, createAppWellKnownHandlers, } from './mcp-oauth-handlers';
+export { createAppDirectAuthHandlers, } from './direct-auth-handlers';