bezzie 0.2.2 → 1.0.0

package/dist/index.d.ts

@@ -1,7 +1,6 @@
 import { Hono, type MiddlewareHandler } from 'hono';
-import { middleware, optionalMiddleware, type Variables } from './middleware';
-import { type DiscoveryCache } from './discovery';
-import { type SessionAdapter } from './session';
+import { middleware, optionalMiddleware, type AuthenticatedVariables, type OptionalVariables, type LoginHookContext, type RefreshHookContext, type LogoutHookContext, type HookErrorContext } from './middleware';
+import type { SessionAdapter, SessionAdapterFactory } from './session';
 /**
  * Configuration for Bezzie.
  */
@@ -23,15 +22,44 @@ export interface BezzieConfig<TUser extends Record<string, unknown> = Record<str
      */
     audience?: string;
     /**
-     * Session adapter (e.g. `cloudflareKV(env.SESSION_KV)`).
+     * Session adapter factory (e.g. `cloudflareKVAdapter(env.SESSION_KV)`).
+     *
+     * The factory is called once during `createBezzie` with `TUser` inferred from
+     * the `createBezzie` type parameter, so callers don't need to specify `TUser`
+     * twice.
      */
-    adapter: SessionAdapter<TUser>;
+    adapter: SessionAdapterFactory;
     /**
      * Base URL of your application (used for callback and redirects).
      */
     baseUrl: string;
+    /**
+     * Custom route paths for Bezzie's internal auth routes.
+     *
+     * Note: the `callback` path used for the OAuth redirect URI defaults to
+     * `/auth/callback` to match the common pattern of mounting the Bezzie
+     * router under `/auth`.
+     */
+    routes?: {
+        /**
+         * Path for the login route.
+         * @default '/login'
+         */
+        login?: string;
+        /**
+         * Path for the callback route.
+         * @default '/callback'
+         */
+        callback?: string;
+        /**
+         * Path for the logout route.
+         * @default '/logout'
+         */
+        logout?: string;
+    };
     /**
      * Optional path to the login route (defaults to /auth/login).
+     * @deprecated Use `routes.login` instead.
      */
     loginPath?: string;
     /**
@@ -39,9 +67,9 @@ export interface BezzieConfig<TUser extends Record<string, unknown> = Record<str
      */
     validateAccessToken?: boolean;
     /**
-     * Optional tweaks for specific providers.
+     * Hard overrides for specific provider values that cannot be derived from discovery.
      */
-    providerHints?: {
+    providerOverrides?: {
         /**
          * Custom logout URL if different from the default OIDC logout.
          */
@@ -68,7 +96,22 @@ export interface BezzieConfig<TUser extends Record<string, unknown> = Record<str
     cookieName?: string;
     /**
      * OAuth scopes to request.
+     *
+     * Providing a value **replaces** the default list entirely — it does not
+     * extend it. If you set `scopes`, you must explicitly include every scope
+     * you need.
+     *
+     * In particular, include `'offline_access'` if you want Bezzie to be able
+     * to refresh access tokens; without it the provider will not issue a
+     * refresh token and sessions will terminate when the access token expires.
+     *
      * @default ['openid', 'profile', 'email', 'offline_access']
+     * @example
+     * // Good — includes offline_access for refresh support:
+     * scopes: ['openid', 'profile', 'email', 'offline_access', 'read:things']
+     *
+     * // Bad — no refresh token will be issued:
+     * scopes: ['openid', 'read:things']
      */
     scopes?: string[];
     /**
@@ -76,7 +119,48 @@ export interface BezzieConfig<TUser extends Record<string, unknown> = Record<str
      * @default 60
      */
     refreshBufferSeconds?: number;
+    /**
+     * Optional function to map and validate raw ID token claims to TUser.
+     * Called in /callback after the ID token is validated.
+     * If provided, its return value is used as session.user instead of the raw claims.
+     * If it throws, the login is aborted, the partial session is deleted, and a 500 is returned.
+     * Use this to validate claims with Zod or any other schema library.
+     *
+     * @example
+     * mapClaims: (claims) => MyUserSchema.parse(claims)
+     */
+    mapClaims?: (claims: unknown) => TUser | Promise<TUser>;
+    /**
+     * Called at the end of /callback after the session is created.
+     * Awaited. If it throws, the login is aborted and the partial session is deleted.
+     * Use c.executionCtx?.waitUntil() for non-critical background work.
+     */
+    onLogin?: (ctx: LoginHookContext<TUser>) => Promise<void> | void;
+    /**
+     * Called in middleware after a successful token refresh.
+     * Awaited, but errors are caught and routed to onError — the request continues.
+     */
+    onRefresh?: (ctx: RefreshHookContext<TUser>) => Promise<void> | void;
+    /**
+     * Called at /logout after the session is deleted.
+     * Awaited, but errors are caught and routed to onError — logout always succeeds.
+     */
+    onLogout?: (ctx: LogoutHookContext<TUser>) => Promise<void> | void;
+    /**
+     * Called when a non-fatal hook throws (onRefresh, onLogout).
+     * Defaults to console.error. onLogin errors still bubble.
+     */
+    onError?: (err: unknown, ctx: HookErrorContext) => void;
 }
+/**
+ * Resolved Bezzie configuration where the adapter factory has been invoked.
+ *
+ * Internal — routes and middleware use this so they can call `config.adapter.get(...)`
+ * etc. directly, rather than dealing with a factory function.
+ */
+export type ResolvedBezzieConfig<TUser extends Record<string, unknown> = Record<string, unknown>> = Omit<BezzieConfig<TUser>, 'adapter'> & {
+    adapter: SessionAdapter<TUser>;
+};
 /**
  * Common OIDC provider configurations.
  */
@@ -84,35 +168,25 @@ export declare const providers: {
     /**
      * Auth0 provider configuration.
      */
-    auth0: (domain: string) => {
-        issuer: string;
-        providerHints: {
-            logoutUrl: string;
-        };
-    };
+    auth0: (domain: string) => Pick<BezzieConfig, "issuer" | "providerOverrides">;
     /**
      * Okta provider configuration.
      */
-    okta: (domain: string) => {
-        issuer: string;
-    };
+    okta: (domain: string) => Pick<BezzieConfig, "issuer">;
     /**
      * Keycloak provider configuration.
      */
-    keycloak: (baseUrl: string, realm: string) => {
-        issuer: string;
-    };
+    keycloak: (baseUrl: string, realm: string) => Pick<BezzieConfig, "issuer">;
     /**
      * Google provider configuration.
      */
-    google: () => {
-        issuer: string;
-    };
+    google: () => Pick<BezzieConfig, "issuer">;
 };
 /**
- * Creates a Cloudflare KV session adapter.
+ * Helper for consumers writing custom adapters — provides type inference for
+ * the factory function without any runtime behaviour.
  */
-declare function cloudflareKV<TUser extends Record<string, unknown> = Record<string, unknown>>(kv: KVNamespace): SessionAdapter<TUser>;
+export declare function defineAdapter(factory: SessionAdapterFactory): SessionAdapterFactory;
 /**
  * The main Bezzie interface.
  */
@@ -125,30 +199,30 @@ export interface Bezzie<TUser extends Record<string, unknown> = Record<string, u
      * Returns a Hono middleware that protects routes and manages sessions.
      */
     middleware: () => MiddlewareHandler<{
-        Variables: Variables<TUser>;
+        Variables: AuthenticatedVariables<TUser>;
     }>;
     /**
      * Returns a Hono middleware that sets user context if a session exists but always calls next().
      */
     optionalMiddleware: () => MiddlewareHandler<{
-        Variables: Variables<TUser>;
+        Variables: OptionalVariables<TUser>;
     }>;
-    /**
-     * Internal discovery cache.
-     * @internal
-     */
-    cache: DiscoveryCache;
 }
 /**
  * Creates a new Bezzie instance.
  *
  * @param config Bezzie configuration
  * @returns Bezzie instance
- * @throws {Error} if required configuration is missing or invalid
+ * @throws {ConfigError} if required configuration is missing or invalid
  */
 declare function createBezzie<TUser extends Record<string, unknown> = Record<string, unknown>>(config: BezzieConfig<TUser>): Bezzie<TUser>;
-export { createBezzie, cloudflareKV, middleware, optionalMiddleware };
-export type { Variables } from './middleware';
-export type { SessionAdapter, PKCEState, Session } from './session';
+export { createBezzie, middleware, optionalMiddleware };
+export { cloudflareKVAdapter } from './adapters/cloudflare-kv';
+export { redisAdapter } from './adapters/redis';
+export { memoryAdapter } from './adapters/memory';
+export type { Variables, AuthenticatedVariables, OptionalVariables, LoginHookContext, RefreshHookContext, LogoutHookContext, HookErrorContext, } from './middleware';
+export type { SessionAdapter, SessionAdapterFactory, PKCEState, Session, StoredSession } from './session';
 export { CloudflareKVAdapter, RedisAdapter, MemoryAdapter } from './session';
+export { BezzieError, DiscoveryError, CallbackError, TokenExchangeError, RefreshError, SessionStoreError, ConfigError, } from './errors';
+export type { BezzieErrorCode, BezzieErrorOptions } from './errors';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAEnD,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,KAAK,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7E,OAAO,EAAwB,KAAK,cAAc,EAAE,MAAM,aAAa,CAAA;AAEvE,OAAO,EAAuB,KAAK,cAAc,EAAE,MAAM,WAAW,CAAA;AAEpE;;GAEG;AACH,MAAM,WAAW,YAAY,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC3F;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IAEd;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IAEpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IAEjB;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC,KAAK,CAAC,CAAA;IAE9B;;OAEG;IACH,OAAO,EAAE,MAAM,CAAA;IAEf;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB;;OAEG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAE7B;;OAEG;IACH,aAAa,CAAC,EAAE;QACd;;WAEG;QACH,SAAS,CAAC,EAAE,MAAM,CAAA;QAElB;;WAEG;QACH,aAAa,CAAC,EAAE,MAAM,CAAA;KACvB,CAAA;IAED;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAE1B;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAE5B;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IAEjB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAA;CAC9B;AAED;;GAEG;AACH,eAAO,MAAM,SAAS;IACpB;;OAEG;oBACa,MAAM;;;;;;IAOtB;;OAEG;mBACY,MAAM;;;IAIrB;;OAEG;wBACiB,MAAM,SAAS,MAAM;;;IAIzC;;OAEG;;;;CAIJ,CAAA;AAED;;GAEG;AACH,iBAAS,YAAY,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnF,EAAE,EAAE,WAAW,GACd,cAAc,CAAC,KAAK,CAAC,CAEvB;AAED;;GAEG;AACH,MAAM,WAAW,MAAM,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACrF;;OAEG;IACH,MAAM,EAAE,MAAM,IAAI,CAAA;IAElB;;OAEG;IACH,UAAU,EAAE,MAAM,iBAAiB,CAAC;QAAE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;KAAE,CAAC,CAAA;IAEpE;;OAEG;IACH,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;QAAE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;KAAE,CAAC,CAAA;IAE5E;;;OAGG;IACH,KAAK,EAAE,cAAc,CAAA;CACtB;AAED;;;;;;GAMG;AACH,iBAAS,YAAY,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnF,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,GAC1B,MAAM,CAAC,KAAK,CAAC,CA2Bf;AAED,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAA;AACrE,YAAY,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,YAAY,EAAE,cAAc,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnE,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAEnD,OAAO,EACL,UAAU,EACV,kBAAkB,EAClB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACtB,MAAM,cAAc,CAAA;AAGrB,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAA;AAGtE;;GAEG;AACH,MAAM,WAAW,YAAY,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC3F;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IAEd;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IAEpB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IAEjB;;;;;;OAMG;IACH,OAAO,EAAE,qBAAqB,CAAA;IAE9B;;OAEG;IACH,OAAO,EAAE,MAAM,CAAA;IAEf;;;;;;OAMG;IACH,MAAM,CAAC,EAAE;QACP;;;WAGG;QACH,KAAK,CAAC,EAAE,MAAM,CAAA;QAEd;;;WAGG;QACH,QAAQ,CAAC,EAAE,MAAM,CAAA;QAEjB;;;WAGG;QACH,MAAM,CAAC,EAAE,MAAM,CAAA;KAChB,CAAA;IAED;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB;;OAEG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAE7B;;OAEG;IACH,iBAAiB,CAAC,EAAE;QAClB;;WAEG;QACH,SAAS,CAAC,EAAE,MAAM,CAAA;QAElB;;WAEG;QACH,aAAa,CAAC,EAAE,MAAM,CAAA;KACvB,CAAA;IAED;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAE1B;;;OAGG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAE5B;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IAEjB;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAE7B;;;;;;;;;OASG;IACH,SAAS,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAA;IAEvD;;;;OAIG;IACH,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,gBAAgB,CAAC,KAAK,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;IAEhE;;;OAGG;IACH,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,kBAAkB,CAAC,KAAK,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;IAEpE;;;OAGG;IACH,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,iBAAiB,CAAC,KAAK,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;IAElE;;;OAGG;IACH,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,gBAAgB,KAAK,IAAI,CAAA;CACxD;AAED;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAC9F,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,GAAG;IAAE,OAAO,EAAE,cAAc,CAAC,KAAK,CAAC,CAAA;CAAE,CAAA;AAE3E;;GAEG;AACH,eAAO,MAAM,SAAS;IACpB;;OAEG;oBACa,MAAM,KAAG,IAAI,CAAC,YAAY,EAAE,QAAQ,GAAG,mBAAmB,CAAC;IAO3E;;OAEG;mBACY,MAAM,KAAG,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC;IAIpD;;OAEG;wBACiB,MAAM,SAAS,MAAM,KAAG,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC;IAIxE;;OAEG;kBACS,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC;CAGzC,CAAA;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,qBAAqB,GAAG,qBAAqB,CAEnF;AAED;;GAEG;AACH,MAAM,WAAW,MAAM,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACrF;;OAEG;IACH,MAAM,EAAE,MAAM,IAAI,CAAA;IAElB;;OAEG;IACH,UAAU,EAAE,MAAM,iBAAiB,CAAC;QAAE,SAAS,EAAE,sBAAsB,CAAC,KAAK,CAAC,CAAA;KAAE,CAAC,CAAA;IAEjF;;OAEG;IACH,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;QAAE,SAAS,EAAE,iBAAiB,CAAC,KAAK,CAAC,CAAA;KAAE,CAAC,CAAA;CACrF;AAED;;;;;;GAMG;AACH,iBAAS,YAAY,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnF,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,GAC1B,MAAM,CAAC,KAAK,CAAC,CA8Bf;AAED,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAA;AACvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,YAAY,EACV,SAAS,EACT,sBAAsB,EACtB,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,cAAc,CAAA;AACrB,YAAY,EAAE,cAAc,EAAE,qBAAqB,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AACzG,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AAC5E,OAAO,EACL,WAAW,EACX,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,YAAY,EACZ,iBAAiB,EACjB,WAAW,GACZ,MAAM,UAAU,CAAA;AACjB,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA"}

package/dist/index.js

@@ -1,7 +1,7 @@
 import { authRoutes } from './routes';
-import { middleware, optionalMiddleware } from './middleware';
+import { middleware, optionalMiddleware, } from './middleware';
 import { createDiscoveryCache } from './discovery';
-import { CloudflareKVAdapter } from './session';
+import { ConfigError } from './errors';
 /**
  * Common OIDC provider configurations.
  */
@@ -11,7 +11,7 @@ export const providers = {
      */
     auth0: (domain) => ({
         issuer: `https://${domain}`,
-        providerHints: {
+        providerOverrides: {
             logoutUrl: `https://${domain}/v2/logout`,
         },
     }),
@@ -35,43 +35,50 @@ export const providers = {
     }),
 };
 /**
- * Creates a Cloudflare KV session adapter.
+ * Helper for consumers writing custom adapters — provides type inference for
+ * the factory function without any runtime behaviour.
  */
-function cloudflareKV(kv) {
-    return new CloudflareKVAdapter(kv);
+export function defineAdapter(factory) {
+    return factory;
 }
 /**
  * Creates a new Bezzie instance.
  *
  * @param config Bezzie configuration
  * @returns Bezzie instance
- * @throws {Error} if required configuration is missing or invalid
+ * @throws {ConfigError} if required configuration is missing or invalid
  */
 function createBezzie(config) {
     const required = ['issuer', 'clientId', 'clientSecret', 'adapter', 'baseUrl'];
     for (const key of required) {
         if (!config[key]) {
-            throw new Error(`Bezzie: missing required config: ${key}`);
+            throw new ConfigError('config_invalid', `Bezzie: missing required config: ${key}`);
         }
     }
     if (!config.issuer.startsWith('https://')) {
-        throw new Error('Bezzie: issuer must start with https://');
+        throw new ConfigError('config_invalid', 'Bezzie: issuer must start with https://');
     }
     try {
         new URL(config.issuer);
     }
     catch {
-        throw new Error('Bezzie: issuer must be a valid URL');
+        throw new ConfigError('config_invalid', 'Bezzie: issuer must be a valid URL');
     }
+    const adapter = config.adapter();
+    const resolvedConfig = { ...config, adapter };
     const cache = createDiscoveryCache();
-    const router = authRoutes(config, cache);
+    const router = authRoutes(resolvedConfig, cache);
     return {
         routes: () => router,
-        middleware: () => middleware(config, cache),
-        optionalMiddleware: () => optionalMiddleware(config, cache),
+        middleware: () => middleware(resolvedConfig, cache),
+        optionalMiddleware: () => optionalMiddleware(resolvedConfig, cache),
         cache,
     };
 }
-export { createBezzie, cloudflareKV, middleware, optionalMiddleware };
+export { createBezzie, middleware, optionalMiddleware };
+export { cloudflareKVAdapter } from './adapters/cloudflare-kv';
+export { redisAdapter } from './adapters/redis';
+export { memoryAdapter } from './adapters/memory';
 export { CloudflareKVAdapter, RedisAdapter, MemoryAdapter } from './session';
+export { BezzieError, DiscoveryError, CallbackError, TokenExchangeError, RefreshError, SessionStoreError, ConfigError, } from './errors';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAkB,MAAM,cAAc,CAAA;AAC7E,OAAO,EAAE,oBAAoB,EAAuB,MAAM,aAAa,CAAA;AAEvE,OAAO,EAAE,mBAAmB,EAAuB,MAAM,WAAW,CAAA;AA4FpE;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB;;OAEG;IACH,KAAK,EAAE,CAAC,MAAc,EAAE,EAAE,CAAC,CAAC;QAC1B,MAAM,EAAE,WAAW,MAAM,EAAE;QAC3B,aAAa,EAAE;YACb,SAAS,EAAE,WAAW,MAAM,YAAY;SACzC;KACF,CAAC;IAEF;;OAEG;IACH,IAAI,EAAE,CAAC,MAAc,EAAE,EAAE,CAAC,CAAC;QACzB,MAAM,EAAE,WAAW,MAAM,iBAAiB;KAC3C,CAAC;IAEF;;OAEG;IACH,QAAQ,EAAE,CAAC,OAAe,EAAE,KAAa,EAAE,EAAE,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,OAAO,WAAW,KAAK,EAAE;KACrC,CAAC;IAEF;;OAEG;IACH,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACb,MAAM,EAAE,6BAA6B;KACtC,CAAC;CACH,CAAA;AAED;;GAEG;AACH,SAAS,YAAY,CACnB,EAAe;IAEf,OAAO,IAAI,mBAAmB,CAAQ,EAAE,CAAC,CAAA;AAC3C,CAAC;AA4BD;;;;;;GAMG;AACH,SAAS,YAAY,CACnB,MAA2B;IAE3B,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,GAAgC,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,oCAAoC,GAAG,EAAE,CAAC,CAAA;QAC5D,CAAC;IACH,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IAC5D,CAAC;IAED,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IACvD,CAAC;IAED,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAA;IACpC,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAExC,OAAO;QACL,MAAM,EAAE,GAAG,EAAE,CAAC,MAAM;QACpB,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC;QAC3C,kBAAkB,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,MAAM,EAAE,KAAK,CAAC;QAC3D,KAAK;KACN,CAAA;AACH,CAAC;AAED,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAA;AAGrE,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EACL,UAAU,EACV,kBAAkB,GAOnB,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,oBAAoB,EAAuB,MAAM,aAAa,CAAA;AAGvE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAyLtC;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB;;OAEG;IACH,KAAK,EAAE,CAAC,MAAc,EAAsD,EAAE,CAAC,CAAC;QAC9E,MAAM,EAAE,WAAW,MAAM,EAAE;QAC3B,iBAAiB,EAAE;YACjB,SAAS,EAAE,WAAW,MAAM,YAAY;SACzC;KACF,CAAC;IAEF;;OAEG;IACH,IAAI,EAAE,CAAC,MAAc,EAAgC,EAAE,CAAC,CAAC;QACvD,MAAM,EAAE,WAAW,MAAM,iBAAiB;KAC3C,CAAC;IAEF;;OAEG;IACH,QAAQ,EAAE,CAAC,OAAe,EAAE,KAAa,EAAgC,EAAE,CAAC,CAAC;QAC3E,MAAM,EAAE,GAAG,OAAO,WAAW,KAAK,EAAE;KACrC,CAAC;IAEF;;OAEG;IACH,MAAM,EAAE,GAAiC,EAAE,CAAC,CAAC;QAC3C,MAAM,EAAE,6BAA6B;KACtC,CAAC;CACH,CAAA;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,OAA8B;IAC1D,OAAO,OAAO,CAAA;AAChB,CAAC;AAsBD;;;;;;GAMG;AACH,SAAS,YAAY,CACnB,MAA2B;IAE3B,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,GAAgC,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,WAAW,CAAC,gBAAgB,EAAE,oCAAoC,GAAG,EAAE,CAAC,CAAA;QACpF,CAAC;IACH,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,WAAW,CAAC,gBAAgB,EAAE,yCAAyC,CAAC,CAAA;IACpF,CAAC;IAED,IAAI,CAAC;QACH,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,WAAW,CAAC,gBAAgB,EAAE,oCAAoC,CAAC,CAAA;IAC/E,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAS,CAAA;IACvC,MAAM,cAAc,GAAgC,EAAE,GAAG,MAAM,EAAE,OAAO,EAAE,CAAA;IAE1E,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAA;IACpC,MAAM,MAAM,GAAG,UAAU,CAAC,cAAc,EAAE,KAAK,CAAC,CAAA;IAEhD,OAAO;QACL,MAAM,EAAE,GAAG,EAAE,CAAC,MAAM;QACpB,UAAU,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,cAAc,EAAE,KAAK,CAAC;QACnD,kBAAkB,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,EAAE,KAAK,CAAC;QACnE,KAAK;KACuC,CAAA;AAChD,CAAC;AAED,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,CAAA;AACvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAWjD,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AAC5E,OAAO,EACL,WAAW,EACX,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,YAAY,EACZ,iBAAiB,EACjB,WAAW,GACZ,MAAM,UAAU,CAAA"}

package/dist/middleware.d.ts

@@ -1,12 +1,15 @@
-import type { MiddlewareHandler } from 'hono';
+import type { MiddlewareHandler, Context } from 'hono';
 import { type DiscoveryCache } from './discovery';
 import type { Session } from './session';
-import type { BezzieConfig } from './index';
+import type { ResolvedBezzieConfig } from './index';
 /**
  * Hono context variables provided by Bezzie middleware.
  * These are what downstream route handlers read from `c.var`.
  */
-export type Variables<TUser extends Record<string, unknown> = Record<string, unknown>> = {
+/**
+ * Hono context variables guaranteed to be present in routes protected by `middleware()`.
+ */
+export type AuthenticatedVariables<TUser extends Record<string, unknown> = Record<string, unknown>> = {
     /**
      * The authenticated user's information.
      */
@@ -16,13 +19,68 @@ export type Variables<TUser extends Record<string, unknown> = Record<string, unk
      */
     accessToken: string;
 };
-export declare function middleware<TUser extends Record<string, unknown> = Record<string, unknown>>(config: BezzieConfig<TUser>, cache: DiscoveryCache): MiddlewareHandler<{
-    Variables: Variables<TUser>;
+/**
+ * Hono context variables that may be present in routes using `optionalMiddleware()`.
+ */
+export type OptionalVariables<TUser extends Record<string, unknown> = Record<string, unknown>> = {
+    /**
+     * The authenticated user's information, if a valid session exists.
+     */
+    user?: Session<TUser>['user'];
+    /**
+     * The current OAuth access token, if a valid session exists.
+     */
+    accessToken?: string;
+};
+/**
+ * Alias for `AuthenticatedVariables` — the common case for protected routes.
+ */
+export type Variables<TUser extends Record<string, unknown> = Record<string, unknown>> = AuthenticatedVariables<TUser>;
+/**
+ * Context passed to the `onLogin` lifecycle hook.
+ */
+export interface LoginHookContext<TUser extends Record<string, unknown> = Record<string, unknown>> {
+    user: Session<TUser>['user'];
+    sessionId: string;
+    tokens: {
+        accessToken: string;
+        expiresAt: number;
+    };
+    isNewSession: boolean;
+    c: Context;
+}
+/**
+ * Context passed to the `onRefresh` lifecycle hook.
+ */
+export interface RefreshHookContext<TUser extends Record<string, unknown> = Record<string, unknown>> {
+    user: Session<TUser>['user'];
+    sessionId: string;
+    previousExpiresAt: number;
+    newExpiresAt: number;
+    c: Context;
+}
+/**
+ * Context passed to the `onLogout` lifecycle hook.
+ */
+export interface LogoutHookContext<TUser extends Record<string, unknown> = Record<string, unknown>> {
+    user: Session<TUser>['user'];
+    sessionId: string;
+    c: Context;
+}
+/**
+ * Context passed to the `onError` hook when a non-fatal lifecycle hook throws.
+ */
+export interface HookErrorContext {
+    hook: 'onLogin' | 'onRefresh' | 'onLogout';
+    c: Context;
+}
+export declare function middleware<TUser extends Record<string, unknown> = Record<string, unknown>>(config: ResolvedBezzieConfig<TUser>, cache: DiscoveryCache): MiddlewareHandler<{
+    Variables: AuthenticatedVariables<TUser>;
 }>;
 /**
  * Middleware that sets user context if a session exists but always calls next().
  */
-export declare function optionalMiddleware<TUser extends Record<string, unknown> = Record<string, unknown>>(config: BezzieConfig<TUser>, cache: DiscoveryCache): MiddlewareHandler<{
-    Variables: Variables<TUser>;
+export declare function optionalMiddleware<TUser extends Record<string, unknown> = Record<string, unknown>>(config: ResolvedBezzieConfig<TUser>, cache: DiscoveryCache): MiddlewareHandler<{
+    Variables: OptionalVariables<TUser>;
 }>;
 //# sourceMappingURL=middleware.d.ts.map

package/dist/middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAW,MAAM,MAAM,CAAA;AAGtD,OAAO,EAA0B,KAAK,cAAc,EAAE,MAAM,aAAa,CAAA;AACzE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C;;;GAGG;AACH,MAAM,MAAM,SAAS,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI;IACvF;;OAEG;IACH,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAA;IAC5B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AA4GD,wBAAgB,UAAU,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxF,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,EAC3B,KAAK,EAAE,cAAc,GACpB,iBAAiB,CAAC;IAAE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;CAAE,CAAC,CAmBpD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChG,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,EAC3B,KAAK,EAAE,cAAc,GACpB,iBAAiB,CAAC;IAAE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;CAAE,CAAC,CAapD"}
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAGtD,OAAO,EAA0B,KAAK,cAAc,EAAE,MAAM,aAAa,CAAA;AACzE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAA;AAEnD;;;GAGG;AACH;;GAEG;AACH,MAAM,MAAM,sBAAsB,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI;IACpG;;OAEG;IACH,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAA;IAC5B;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI;IAC/F;;OAEG;IACH,IAAI,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAA;IAC7B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,SAAS,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,sBAAsB,CAAC,KAAK,CAAC,CAAA;AAEtH;;GAEG;AACH,MAAM,WAAW,gBAAgB,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC/F,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAA;IAC5B,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAA;IAClD,YAAY,EAAE,OAAO,CAAA;IACrB,CAAC,EAAE,OAAO,CAAA;CACX;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACjG,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAA;IAC5B,SAAS,EAAE,MAAM,CAAA;IACjB,iBAAiB,EAAE,MAAM,CAAA;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,CAAC,EAAE,OAAO,CAAA;CACX;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAChG,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAA;IAC5B,SAAS,EAAE,MAAM,CAAA;IACjB,CAAC,EAAE,OAAO,CAAA;CACX;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,SAAS,GAAG,WAAW,GAAG,UAAU,CAAA;IAC1C,CAAC,EAAE,OAAO,CAAA;CACX;AAkID,wBAAgB,UAAU,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxF,MAAM,EAAE,oBAAoB,CAAC,KAAK,CAAC,EACnC,KAAK,EAAE,cAAc,GACpB,iBAAiB,CAAC;IAAE,SAAS,EAAE,sBAAsB,CAAC,KAAK,CAAC,CAAA;CAAE,CAAC,CAmBjE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChG,MAAM,EAAE,oBAAoB,CAAC,KAAK,CAAC,EACnC,KAAK,EAAE,cAAc,GACpB,iBAAiB,CAAC;IAAE,SAAS,EAAE,iBAAiB,CAAC,KAAK,CAAC,CAAA;CAAE,CAAC,CAa5D"}

package/dist/middleware.js

@@ -10,7 +10,7 @@ async function authenticate(c, config, cache) {
         return { type: 'unauthenticated' };
     }
     // 3. Look up the session in KV using SessionStore
-    let session = await sessionStore.get(sessionId);
+    let session = await sessionStore.get(`session:${sessionId}`);
     // 4. If no session found or it's a PKCE state → unauthenticated
     if (!session || session._type === 'pkce') {
         return { type: 'unauthenticated' };
@@ -18,7 +18,7 @@ async function authenticate(c, config, cache) {
     // 4.5 Check for absolute session expiry (90 days)
     const MAX_SESSION_AGE = 90 * 24 * 60 * 60; // 90 days
     if (Math.floor(Date.now() / 1000) - session.createdAt > MAX_SESSION_AGE) {
-        await sessionStore.delete(sessionId);
+        await sessionStore.delete(`session:${sessionId}`);
         return { type: 'expired' };
     }
     const as = await getAuthorizationServer(config, cache);
@@ -29,21 +29,38 @@ async function authenticate(c, config, cache) {
                 // 6. If expired → use oauth4webapi to perform a refresh token grant
                 const client = { client_id: config.clientId };
                 const clientAuth = oauth.ClientSecretPost(config.clientSecret);
-                const response = await oauth.refreshTokenGrantRequest(as, client, clientAuth, session.refreshToken);
+                const response = await oauth.refreshTokenGrantRequest(as, client, clientAuth, session.refreshToken, { signal: AbortSignal.timeout(5000) });
                 try {
                     const result = await oauth.processRefreshTokenResponse(as, client, response);
+                    // Capture previous expiresAt before overwriting, for onRefresh hook.
+                    const previousExpiresAt = session.expiresAt;
                     // Update the session in KV with new tokens and new expiresAt
                     session.accessToken = result.access_token;
                     if (result.refresh_token) {
                         session.refreshToken = result.refresh_token;
                     }
                     session.expiresAt = Math.floor(Date.now() / 1000) + (result.expires_in || 3600);
-                    await sessionStore.set(sessionId, session, config.sessionTtlSeconds ?? 30 * 24 * 60 * 60); // 30 days, matches initial session TTL
+                    await sessionStore.set(`session:${sessionId}`, session, config.sessionTtlSeconds ?? 30 * 24 * 60 * 60); // 30 days, matches initial session TTL
+                    if (config.onRefresh) {
+                        try {
+                            await config.onRefresh({
+                                user: session.user,
+                                sessionId,
+                                previousExpiresAt,
+                                newExpiresAt: session.expiresAt,
+                                c,
+                            });
+                        }
+                        catch (hookErr) {
+                            const handler = config.onError ?? ((e) => console.error('Bezzie: onRefresh hook threw:', e instanceof Error ? e.message : String(e)));
+                            handler(hookErr, { hook: 'onRefresh', c });
+                        }
+                    }
                 }
                 catch (err) {
                     if (err instanceof oauth.ResponseBodyError && err.error === 'invalid_grant') {
                         // Potential race condition: another request might have already refreshed this token
-                        const refreshedSession = await sessionStore.get(sessionId);
+                        const refreshedSession = await sessionStore.get(`session:${sessionId}`);
                         if (refreshedSession &&
                             refreshedSession._type === 'session' &&
                             refreshedSession.accessToken !== session.accessToken) {
@@ -52,18 +69,18 @@ async function authenticate(c, config, cache) {
                         }
                         else {
                             // Truly failed
-                            await sessionStore.delete(sessionId);
+                            await sessionStore.delete(`session:${sessionId}`);
                             return { type: 'unauthenticated' };
                         }
                     }
                     else {
-                        await sessionStore.delete(sessionId);
+                        await sessionStore.delete(`session:${sessionId}`);
                         return { type: 'unauthenticated' };
                     }
                 }
             }
             catch {
-                await sessionStore.delete(sessionId);
+                await sessionStore.delete(`session:${sessionId}`);
                 return { type: 'unauthenticated' };
             }
         }
@@ -77,12 +94,17 @@ async function authenticate(c, config, cache) {
                     Authorization: `Bearer ${session.accessToken}`,
                 },
             });
+            // S10: validateJwtAccessToken verifies the JWT signature via JWKS and
+            // asserts the standard claims — `iss` matches the authorization server,
+            // `aud` matches `config.audience` (passed as the third argument, the
+            // expectedAudience parameter), and `exp`/`nbf`/`iat` are within bounds.
             await oauth.validateJwtAccessToken(as, mockReq, config.audience, { [oauth.jwksCache]: cache.jwksCache });
         }
-        catch {
+        catch (err) {
             // 9. If JWT invalid → fallback to opaque token (pass through)
             // This allows Bezzie to work with providers that issue opaque access tokens
             // or if the JWT is not verifiable for some reason, but we still have a valid session.
+            console.warn('Bezzie: JWT access token validation failed (falling back to session trust):', err instanceof Error ? err.message : String(err));
         }
     }
     return { type: 'authenticated', user: session.user, accessToken: session.accessToken };
@@ -94,7 +116,7 @@ export function middleware(config, cache) {
             return c.text('Unauthorized', 401);
         }
         if (result.type === 'expired') {
-            return c.redirect(config.loginPath ?? '/auth/login');
+            return c.redirect(config.loginPath ?? config.routes?.login ?? '/auth/login');
         }
         // Attach the user and accessToken to Hono context
         c.set('user', result.user);

package/dist/middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AACvC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,sBAAsB,EAAuB,MAAM,aAAa,CAAA;AAwBzE,KAAK,UAAU,YAAY,CACzB,CAAU,EACV,MAA2B,EAC3B,KAAqB;IAErB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAA;IAEnC,gDAAgD;IAChD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,IAAI,gBAAgB,CAAC,CAAA;IAErE,oCAAoC;IACpC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;IACpC,CAAC;IAED,kDAAkD;IAClD,IAAI,OAAO,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;IAE/C,gEAAgE;IAChE,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;QACzC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;IACpC,CAAC;IAED,kDAAkD;IAClD,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA,CAAC,UAAU;IACpD,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,SAAS,GAAG,eAAe,EAAE,CAAC;QACxE,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACpC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;IAC5B,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAEtD,qEAAqE;IACrE,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,oBAAoB,IAAI,EAAE,CAAC,EAAE,CAAC;QAChF,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,oEAAoE;gBACpE,MAAM,MAAM,GAAiB,EAAE,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAA;gBAC3D,MAAM,UAAU,GAAG,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;gBAE9D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,wBAAwB,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,CAAA;gBAEnG,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,2BAA2B,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;oBAC5E,6DAA6D;oBAC7D,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,YAAY,CAAA;oBACzC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;wBACzB,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,aAAa,CAAA;oBAC7C,CAAC;oBACD,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAA;oBAE/E,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA,CAAC,uCAAuC;gBACnI,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,GAAG,YAAY,KAAK,CAAC,iBAAiB,IAAI,GAAG,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;wBAC5E,oFAAoF;wBACpF,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;wBAC1D,IACE,gBAAgB;4BAChB,gBAAgB,CAAC,KAAK,KAAK,SAAS;4BACpC,gBAAgB,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EACpD,CAAC;4BACD,uDAAuD;4BACvD,OAAO,GAAG,gBAAgB,CAAA;wBAC5B,CAAC;6BAAM,CAAC;4BACN,eAAe;4BACf,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;4BACpC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;wBACpC,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;wBACpC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;oBACpC,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;gBACpC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,qFAAqF;IACrF,IAAI,MAAM,CAAC,mBAAmB,KAAK,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC5D,IAAI,CAAC;YACH,wFAAwF;YACxF,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE;gBACzC,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,OAAO,CAAC,WAAW,EAAE;iBAC/C;aACF,CAAC,CAAA;YAEF,MAAM,KAAK,CAAC,sBAAsB,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;QAC1G,CAAC;QAAC,MAAM,CAAC;YACP,8DAA8D;YAC9D,4EAA4E;YAC5E,sFAAsF;QACxF,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAA;AACxF,CAAC;AAED,MAAM,UAAU,UAAU,CACxB,MAA2B,EAC3B,KAAqB;IAErB,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;QAEnD,IAAI,MAAM,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;YACtC,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;QACpC,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,IAAI,aAAa,CAAC,CAAA;QACtD,CAAC;QAED,kDAAkD;QAClD,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;QAC1B,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,CAAC,CAAA;QAExC,cAAc;QACd,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAA2B,EAC3B,KAAqB;IAErB,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;QAEnD,IAAI,MAAM,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YACpC,kDAAkD;YAClD,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;YAC1B,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,CAAC,CAAA;QAC1C,CAAC;QAED,qBAAqB;QACrB,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC"}
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AACvC,OAAO,KAAK,KAAK,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,sBAAsB,EAAuB,MAAM,aAAa,CAAA;AAqFzE,KAAK,UAAU,YAAY,CACzB,CAAU,EACV,MAAmC,EACnC,KAAqB;IAErB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAA;IAEnC,gDAAgD;IAChD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,IAAI,gBAAgB,CAAC,CAAA;IAErE,oCAAoC;IACpC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;IACpC,CAAC;IAED,kDAAkD;IAClD,IAAI,OAAO,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,WAAW,SAAS,EAAE,CAAC,CAAA;IAE5D,gEAAgE;IAChE,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;QACzC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;IACpC,CAAC;IAED,kDAAkD;IAClD,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA,CAAC,UAAU;IACpD,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,SAAS,GAAG,eAAe,EAAE,CAAC;QACxE,MAAM,YAAY,CAAC,MAAM,CAAC,WAAW,SAAS,EAAE,CAAC,CAAA;QACjD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;IAC5B,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAEtD,qEAAqE;IACrE,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,oBAAoB,IAAI,EAAE,CAAC,EAAE,CAAC;QAChF,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,oEAAoE;gBACpE,MAAM,MAAM,GAAiB,EAAE,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAA;gBAC3D,MAAM,UAAU,GAAG,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;gBAE9D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,wBAAwB,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;gBAE1I,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,2BAA2B,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;oBAC5E,qEAAqE;oBACrE,MAAM,iBAAiB,GAAG,OAAO,CAAC,SAAS,CAAA;oBAC3C,6DAA6D;oBAC7D,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC,YAAY,CAAA;oBACzC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;wBACzB,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,aAAa,CAAA;oBAC7C,CAAC;oBACD,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAA;oBAE/E,MAAM,YAAY,CAAC,GAAG,CAAC,WAAW,SAAS,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA,CAAC,uCAAuC;oBAE9I,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;wBACrB,IAAI,CAAC;4BACH,MAAM,MAAM,CAAC,SAAS,CAAC;gCACrB,IAAI,EAAE,OAAO,CAAC,IAAI;gCAClB,SAAS;gCACT,iBAAiB;gCACjB,YAAY,EAAE,OAAO,CAAC,SAAS;gCAC/B,CAAC;6BACF,CAAC,CAAA;wBACJ,CAAC;wBAAC,OAAO,OAAO,EAAE,CAAC;4BACjB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;4BAC9I,OAAO,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAA;wBAC5C,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,GAAG,YAAY,KAAK,CAAC,iBAAiB,IAAI,GAAG,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;wBAC5E,oFAAoF;wBACpF,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,WAAW,SAAS,EAAE,CAAC,CAAA;wBACvE,IACE,gBAAgB;4BAChB,gBAAgB,CAAC,KAAK,KAAK,SAAS;4BACpC,gBAAgB,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EACpD,CAAC;4BACD,uDAAuD;4BACvD,OAAO,GAAG,gBAAgB,CAAA;wBAC5B,CAAC;6BAAM,CAAC;4BACN,eAAe;4BACf,MAAM,YAAY,CAAC,MAAM,CAAC,WAAW,SAAS,EAAE,CAAC,CAAA;4BACjD,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;wBACpC,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,YAAY,CAAC,MAAM,CAAC,WAAW,SAAS,EAAE,CAAC,CAAA;wBACjD,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;oBACpC,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,YAAY,CAAC,MAAM,CAAC,WAAW,SAAS,EAAE,CAAC,CAAA;gBACjD,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAA;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,qFAAqF;IACrF,IAAI,MAAM,CAAC,mBAAmB,KAAK,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC5D,IAAI,CAAC;YACH,wFAAwF;YACxF,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE;gBACzC,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,OAAO,CAAC,WAAW,EAAE;iBAC/C;aACF,CAAC,CAAA;YAEF,sEAAsE;YACtE,wEAAwE;YACxE,qEAAqE;YACrE,wEAAwE;YACxE,MAAM,KAAK,CAAC,sBAAsB,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;QAC1G,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,8DAA8D;YAC9D,4EAA4E;YAC5E,sFAAsF;YACtF,OAAO,CAAC,IAAI,CAAC,6EAA6E,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAA;QAC/I,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAA;AACxF,CAAC;AAED,MAAM,UAAU,UAAU,CACxB,MAAmC,EACnC,KAAqB;IAErB,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;QAEnD,IAAI,MAAM,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;YACtC,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAA;QACpC,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,IAAI,aAAa,CAAC,CAAA;QAC9E,CAAC;QAED,kDAAkD;QAClD,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;QAC1B,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,CAAC,CAAA;QAExC,cAAc;QACd,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAAmC,EACnC,KAAqB;IAErB,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,CAAA;QAEnD,IAAI,MAAM,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YACpC,kDAAkD;YAClD,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;YAC1B,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,CAAC,CAAA;QAC1C,CAAC;QAED,qBAAqB;QACrB,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC"}

package/dist/routes.d.ts

@@ -1,5 +1,5 @@
 import { Hono } from 'hono';
 import { type DiscoveryCache } from './discovery';
-import type { BezzieConfig } from './index';
-export declare function authRoutes<TUser extends Record<string, unknown> = Record<string, unknown>>(config: BezzieConfig<TUser>, cache: DiscoveryCache): Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;
+import type { ResolvedBezzieConfig } from './index';
+export declare function authRoutes<TUser extends Record<string, unknown> = Record<string, unknown>>(config: ResolvedBezzieConfig<TUser>, cache: DiscoveryCache): Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;
 //# sourceMappingURL=routes.d.ts.map

package/dist/routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAG3B,OAAO,EAA0B,KAAK,cAAc,EAAE,MAAM,aAAa,CAAA;AAEzE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C,wBAAgB,UAAU,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxF,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,EAC3B,KAAK,EAAE,cAAc,8EA+MtB"}
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAG3B,OAAO,EAA0B,KAAK,cAAc,EAAE,MAAM,aAAa,CAAA;AAEzE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAA;AAEnD,wBAAgB,UAAU,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxF,MAAM,EAAE,oBAAoB,CAAC,KAAK,CAAC,EACnC,KAAK,EAAE,cAAc,8EAsUtB"}