create-authhero 0.38.0 → 0.40.0

package/dist/aws-sst/src/index.ts

@@ -44,7 +44,7 @@ export async function handler(event: APIGatewayProxyEventV2, context: Context) {
         // WARNING: These localhost origins are for development only
         // Remove or override via ALLOWED_ORIGINS env var in production
         "http://localhost:5173",
-        "https://localhost:3000",
+        "http://localhost:3000",
         origin,
       ].filter(Boolean);
 

package/dist/cloudflare/README.md

@@ -58,7 +58,7 @@ This project is designed to be **open-source friendly**. Sensitive Cloudflare ID
    npm run dev
    ```
 
-The server will be available at `https://localhost:3000`.
+The server will be available at `http://localhost:3000`.
 
 ### Remote Development (Your Cloudflare Account)
 

package/dist/cloudflare/src/index.ts

@@ -58,7 +58,7 @@ export default {
       // Allow CORS for the Management API from admin UIs
       allowedOrigins: [
         "http://localhost:5173",
-        "https://localhost:3000",
+        "http://localhost:3000",
         "https://manage.authhero.net",
         "https://local.authhero.net",
         origin,

package/dist/create-authhero.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { Command as P } from "commander";
 import m from "inquirer";
-import s from "fs";
+import a from "fs";
 import i from "path";
 import { spawn as E } from "child_process";
 const D = new P(), p = {
@@ -9,10 +9,10 @@ const D = new P(), p = {
     name: "Local (SQLite)",
     description: "Local development setup with SQLite database - great for getting started",
     templateDir: "local",
-    packageJson: (a, e, n, r, o) => {
+    packageJson: (s, e, o, r, n) => {
       const t = r ? "workspace:*" : "latest";
       return {
-        name: a,
+        name: s,
         version: "1.0.0",
         type: "module",
         scripts: {
@@ -23,7 +23,7 @@ const D = new P(), p = {
         },
         dependencies: {
           "@authhero/kysely-adapter": t,
-          ...o && { "@authhero/react-admin": t },
+          ...n && { "@authhero/react-admin": t },
           "@authhero/widget": t,
           "@hono/swagger-ui": "^0.5.0",
           "@hono/zod-openapi": "^0.19.0",
@@ -33,7 +33,7 @@ const D = new P(), p = {
           hono: "^4.6.0",
           kysely: "latest",
           ...e && { "@authhero/multi-tenancy": t },
-          ...n && { bcryptjs: "latest" }
+          ...o && { bcryptjs: "latest" }
         },
         devDependencies: {
           "@types/better-sqlite3": "^7.6.0",
@@ -49,10 +49,10 @@ const D = new P(), p = {
     name: "Cloudflare Workers (D1)",
     description: "Cloudflare Workers setup with D1 database",
     templateDir: "cloudflare",
-    packageJson: (a, e, n, r, o) => {
+    packageJson: (s, e, o, r, n) => {
       const t = r ? "workspace:*" : "latest";
       return {
-        name: a,
+        name: s,
         version: "1.0.0",
         type: "module",
         scripts: {
@@ -72,7 +72,7 @@ const D = new P(), p = {
         dependencies: {
           "@authhero/drizzle": t,
           "@authhero/kysely-adapter": t,
-          ...o && { "@authhero/react-admin": t },
+          ...n && { "@authhero/react-admin": t },
           "@authhero/widget": t,
           "@hono/swagger-ui": "^0.5.0",
           "@hono/zod-openapi": "^0.19.0",
@@ -81,7 +81,7 @@ const D = new P(), p = {
           kysely: "latest",
           "kysely-d1": "latest",
           ...e && { "@authhero/multi-tenancy": t },
-          ...n && { bcryptjs: "latest" }
+          ...o && { bcryptjs: "latest" }
         },
         devDependencies: {
           "@cloudflare/workers-types": "^4.0.0",
@@ -98,10 +98,10 @@ const D = new P(), p = {
     name: "AWS SST (Lambda + DynamoDB)",
     description: "Serverless AWS deployment with Lambda, DynamoDB, and SST",
     templateDir: "aws-sst",
-    packageJson: (a, e, n, r, o) => {
+    packageJson: (s, e, o, r, n) => {
       const t = r ? "workspace:*" : "latest";
       return {
-        name: a,
+        name: s,
         version: "1.0.0",
         type: "module",
         scripts: {
@@ -113,7 +113,7 @@ const D = new P(), p = {
         },
         dependencies: {
           "@authhero/aws": t,
-          ...o && { "@authhero/react-admin": t },
+          ...n && { "@authhero/react-admin": t },
           "@authhero/widget": t,
           "@aws-sdk/client-dynamodb": "^3.0.0",
           "@aws-sdk/lib-dynamodb": "^3.0.0",
@@ -122,7 +122,7 @@ const D = new P(), p = {
           authhero: t,
           hono: "^4.6.0",
           ...e && { "@authhero/multi-tenancy": t },
-          ...n && { bcryptjs: "latest" }
+          ...o && { bcryptjs: "latest" }
         },
         devDependencies: {
           "@types/aws-lambda": "^8.10.0",
@@ -136,34 +136,42 @@ const D = new P(), p = {
     seedFile: "seed.ts"
   }
 };
-function N(a, e) {
-  s.readdirSync(a).forEach((r) => {
-    const o = i.join(a, r), t = i.join(e, r);
-    s.lstatSync(o).isDirectory() ? (s.mkdirSync(t, { recursive: !0 }), N(o, t)) : s.copyFileSync(o, t);
+function N(s, e) {
+  a.readdirSync(s).forEach((r) => {
+    const n = i.join(s, r), t = i.join(e, r);
+    a.lstatSync(n).isDirectory() ? (a.mkdirSync(t, { recursive: !0 }), N(n, t)) : a.copyFileSync(n, t);
   });
 }
-function R(a, e = !1, n = "authhero-local", r) {
-  const o = a ? "control_plane" : "main", t = a ? "Control Plane" : "Main", c = [
+function R(s, e = !1, o = "authhero-local", r) {
+  const n = s ? "control_plane" : "main", t = s ? "Control Plane" : "Main", c = [
     "https://manage.authhero.net/auth-callback",
     "https://local.authhero.net/auth-callback",
     "http://localhost:5173/auth-callback",
-    "https://localhost:3000/auth-callback",
-    ...r ? ["https://localhost:3000/admin/auth-callback"] : []
+    "http://localhost:3000/auth-callback",
+    ...r ? ["http://localhost:3000/admin/auth-callback"] : []
   ], d = e ? [
-    `https://localhost.emobix.co.uk:8443/test/a/${n}/callback`,
-    `https://localhost:8443/test/a/${n}/callback`
+    `https://localhost.emobix.co.uk:8443/test/a/${o}/callback`,
+    `https://localhost:8443/test/a/${o}/callback`
   ] : [], f = [...c, ...d], h = [
     "https://manage.authhero.net",
     "https://local.authhero.net",
     "http://localhost:5173",
-    "https://localhost:3000"
-  ], C = e ? ["https://localhost:8443/", "https://localhost.emobix.co.uk:8443/"] : [], y = [...h, ...C], S = e ? `
+    "http://localhost:3000"
+  ], C = e ? ["https://localhost:8443/", "https://localhost.emobix.co.uk:8443/"] : [], y = [...h, ...C], b = e ? `
   // Create OpenID Conformance Suite test clients and user
   console.log("Creating conformance test clients and user...");
-  
+
+  // The OIDCC basic test plan calls /token without an audience param. AuthHero
+  // requires either an explicit audience or a tenant default_audience to mint
+  // an access token, so set one here for the conformance setup.
+  await adapters.tenants.update("${n}", {
+    default_audience: "urn:authhero:management",
+  });
+  console.log("✅ Set tenant default_audience for conformance");
+
   const conformanceCallbacks = [
-    "https://localhost.emobix.co.uk:8443/test/a/${n}/callback",
-    "https://localhost:8443/test/a/${n}/callback",
+    "https://localhost.emobix.co.uk:8443/test/a/${o}/callback",
+    "https://localhost:8443/test/a/${o}/callback",
   ];
   const conformanceLogoutUrls = [
     "https://localhost:8443/",
@@ -175,7 +183,7 @@ function R(a, e = !1, n = "authhero-local", r) {
   ];
 
   try {
-    await adapters.clients.create("${o}", {
+    await adapters.clients.create("${n}", {
       client_id: "conformance-test",
       client_secret: "conformanceTestSecret123",
       name: "Conformance Test Client",
@@ -193,7 +201,7 @@ function R(a, e = !1, n = "authhero-local", r) {
   }
 
   try {
-    await adapters.clients.create("${o}", {
+    await adapters.clients.create("${n}", {
       client_id: "conformance-test2",
       client_secret: "conformanceTestSecret456",
       name: "Conformance Test Client 2",
@@ -213,7 +221,7 @@ function R(a, e = !1, n = "authhero-local", r) {
   // Create a conformance test user with ALL OIDC profile claims populated
   // This is required for OIDCC-5.4 (VerifyScopesReturnedInUserInfoClaims) test
   try {
-    await adapters.users.create("${o}", {
+    await adapters.users.create("${n}", {
       user_id: \`\${USERNAME_PASSWORD_PROVIDER}|conformance-user\`,
       email: "conformance@example.com",
       email_verified: true,
@@ -248,7 +256,7 @@ function R(a, e = !1, n = "authhero-local", r) {
   try {
     const bcrypt = await import("bcryptjs");
     const hashedPassword = await bcrypt.hash("ConformanceTest123!", 10);
-    await adapters.passwords.create("${o}", {
+    await adapters.passwords.create("${n}", {
       user_id: \`\${USERNAME_PASSWORD_PROVIDER}|conformance-user\`,
       password: hashedPassword,
     });
@@ -266,9 +274,51 @@ import Database from "better-sqlite3";
 import createAdapters from "@authhero/kysely-adapter";
 import { seed } from "authhero";
 
+interface ExtraClient {
+  client_id: string;
+  client_secret: string;
+  name?: string;
+  callbacks?: string[];
+  allowed_logout_urls?: string[];
+  web_origins?: string[];
+}
+
+function parseFlag(name: string): string | undefined {
+  const argv = process.argv.slice(2);
+  const eqPrefix = \`--\${name}=\`;
+  for (let i = 0; i < argv.length; i++) {
+    const arg = argv[i]!;
+    if (arg === \`--\${name}\`) return argv[i + 1];
+    if (arg.startsWith(eqPrefix)) return arg.slice(eqPrefix.length);
+  }
+  return undefined;
+}
+
+function positionalArgs(): string[] {
+  const out: string[] = [];
+  const argv = process.argv.slice(2);
+  for (let i = 0; i < argv.length; i++) {
+    const arg = argv[i]!;
+    if (arg.startsWith("--")) {
+      if (!arg.includes("=")) i++;
+      continue;
+    }
+    out.push(arg);
+  }
+  return out;
+}
+
 async function main() {
-  const adminUsername = process.argv[2] || process.env.ADMIN_USERNAME || "admin";
-  const adminPassword = process.argv[3] || process.env.ADMIN_PASSWORD || "admin";
+  const positional = positionalArgs();
+  const adminUsername = positional[0] || process.env.ADMIN_USERNAME || "admin";
+  const adminPassword = positional[1] || process.env.ADMIN_PASSWORD || "admin";
+
+  const clientsJson = parseFlag("clients");
+  const userProfileJson = parseFlag("user-profile");
+  const extraClients: ExtraClient[] = clientsJson ? JSON.parse(clientsJson) : [];
+  const userProfile: Record<string, unknown> = userProfileJson
+    ? JSON.parse(userProfileJson)
+    : {};
 
   const dialect = new SqliteDialect({
     database: new Database("db.sqlite"),
@@ -277,42 +327,69 @@ async function main() {
   const db = new Kysely<any>({ dialect });
   const adapters = createAdapters(db);
 
-  await seed(adapters, {
+  const seedResult = await seed(adapters, {
     adminUsername,
     adminPassword,
-    tenantId: "${o}",
+    tenantId: "${n}",
     tenantName: "${t}",
-    isControlPlane: ${!!a},
-    clientId: "default"
+    isControlPlane: ${!!s},
+    clientId: "default",
     callbacks: ${JSON.stringify(f)},
     allowedLogoutUrls: ${JSON.stringify(y)},
   });
-${S}
+
+  for (const c of extraClients) {
+    const existing = await adapters.clients.get(seedResult.tenantId, c.client_id);
+    if (existing) {
+      console.log(\`Client "\${c.client_id}" already exists, skipping...\`);
+      continue;
+    }
+    await adapters.clients.create(seedResult.tenantId, {
+      client_id: c.client_id,
+      client_secret: c.client_secret,
+      name: c.name ?? c.client_id,
+      callbacks: c.callbacks ?? [],
+      allowed_logout_urls: c.allowed_logout_urls ?? [],
+      web_origins: c.web_origins ?? [],
+      connections: ["Username-Password-Authentication"],
+      client_metadata: { universal_login_version: "2" },
+    });
+    console.log(\`✅ Created client "\${c.client_id}"\`);
+  }
+
+  if (Object.keys(userProfile).length > 0) {
+    await adapters.users.update(seedResult.tenantId, seedResult.userId, userProfile);
+    console.log(\`✅ Updated profile of user "\${seedResult.username}"\`);
+  }
+${b}
   await db.destroy();
 }
 
-main().catch(console.error);
+main().catch((err) => {
+  console.error(err);
+  process.exit(1);
+});
 `;
 }
-function U(a, e) {
-  const n = e ? `import fs from "fs";
+function O(s, e) {
+  const o = e ? `import fs from "fs";
 ` : "", r = e ? `
 const adminDistPath = path.resolve(
   __dirname,
   "../node_modules/@authhero/react-admin/dist",
 );
 const adminIndexPath = path.join(adminDistPath, "index.html");
-` : "", o = e ? `
+` : "", n = e ? `
   // Add admin UI handler if the package is installed
   if (fs.existsSync(adminIndexPath)) {
     const issuer =
-      process.env.ISSUER || \`https://localhost:\${process.env.PORT || 3000}/\`;
+      process.env.ISSUER || \`http://localhost:\${process.env.PORT || 3000}/\`;
     const rawHtml = fs.readFileSync(adminIndexPath, "utf-8")
       .replace(/src="\\.\\//g, 'src="/admin/')
       .replace(/href="\\.\\//g, 'href="/admin/');
     const configJson = JSON.stringify({
       domain: issuer.replace(/\\/$/, ""),
-      clientId: ${a ? "CONTROL_PLANE_CLIENT_ID," : '"default",'}
+      clientId: ${s ? "CONTROL_PLANE_CLIENT_ID," : '"default",'}
       basePath: "/admin",
     }).replace(/</g, "\\\\u003c");
     configWithHandlers.adminIndexHtml = rawHtml.replace(
@@ -325,13 +402,13 @@ const adminIndexPath = path.join(adminDistPath, "index.html");
     });
   }
 ` : "";
-  return a ? `import { Context } from "hono";
+  return s ? `import { Context } from "hono";
 import { swaggerUI } from "@hono/swagger-ui";
 import { AuthHeroConfig, DataAdapters } from "authhero";
 import { serveStatic } from "@hono/node-server/serve-static";
 import { initMultiTenant } from "@authhero/multi-tenancy";
 import path from "path";
-${n}import { fileURLToPath } from "url";
+${o}import { fileURLToPath } from "url";
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
@@ -352,7 +429,7 @@ export default function createApp(config: AuthHeroConfig & { dataAdapter: DataAd
       rewriteRequestPath: (p) => p.replace("/u/widget", ""),
     }),
   };
-${o}
+${n}
   // Initialize multi-tenant AuthHero - syncs resource servers, roles, and connections by default
   const { app } = initMultiTenant({
     ...configWithHandlers,
@@ -389,7 +466,7 @@ import { AuthHeroConfig, init } from "authhero";
 import { swaggerUI } from "@hono/swagger-ui";
 import { serveStatic } from "@hono/node-server/serve-static";
 import path from "path";
-${n}import { fileURLToPath } from "url";
+${o}import { fileURLToPath } from "url";
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
@@ -406,7 +483,7 @@ export default function createApp(config: AuthHeroConfig) {
       rewriteRequestPath: (p) => p.replace("/u/widget", ""),
     }),
   };
-${o}
+${n}
   const { app } = init(configWithHandlers);
 
   app
@@ -430,7 +507,7 @@ ${o}
 }
 `;
 }
-function O(a) {
+function U(s) {
   return `import { D1Dialect } from "kysely-d1";
 import { Kysely } from "kysely";
 import createAdapters from "@authhero/kysely-adapter";
@@ -457,9 +534,9 @@ export default {
         adminUsername,
         adminPassword,
         issuer,
-        tenantId: "${a ? "control_plane" : "main"}",
-        tenantName: "${a ? "Control Plane" : "Main"}",
-        isControlPlane: ${!!a},
+        tenantId: "${s ? "control_plane" : "main"}",
+        tenantName: "${s ? "Control Plane" : "Main"}",
+        isControlPlane: ${!!s},
         clientId: "default",
       });
 
@@ -491,15 +568,15 @@ export default {
 };
 `;
 }
-function L(a, e) {
-  const n = e ? `import adminIndexHtml from "./admin-index-html";
+function $(s, e) {
+  const o = e ? `import adminIndexHtml from "./admin-index-html";
 ` : "", r = e ? `    adminIndexHtml,
 ` : "";
-  return a ? `import { Context } from "hono";
+  return s ? `import { Context } from "hono";
 import { swaggerUI } from "@hono/swagger-ui";
 import { AuthHeroConfig, DataAdapters } from "authhero";
 import { initMultiTenant } from "@authhero/multi-tenancy";
-${n}
+${o}
 // Control plane configuration
 const CONTROL_PLANE_TENANT_ID = "control_plane";
 const CONTROL_PLANE_CLIENT_ID = "default";
@@ -540,7 +617,7 @@ ${r}    controlPlane: {
 import { cors } from "hono/cors";
 import { AuthHeroConfig, init } from "authhero";
 import { swaggerUI } from "@hono/swagger-ui";
-${n}
+${o}
 export default function createApp(config: AuthHeroConfig) {
   const { app } = init({
     ...config,
@@ -576,8 +653,8 @@ ${r}  });
 }
 `;
 }
-function j(a) {
-  return a ? `import { Context } from "hono";
+function L(s) {
+  return s ? `import { Context } from "hono";
 import { swaggerUI } from "@hono/swagger-ui";
 import { AuthHeroConfig, DataAdapters } from "authhero";
 import { initMultiTenant } from "@authhero/multi-tenancy";
@@ -682,7 +759,7 @@ export default function createApp(config: AppConfig) {
 }
 `;
 }
-function $(a) {
+function j(s) {
   return `import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
 import { DynamoDBDocumentClient } from "@aws-sdk/lib-dynamodb";
 import createAdapters from "@authhero/aws";
@@ -711,9 +788,9 @@ async function main() {
   await seed(adapters, {
     adminUsername,
     adminPassword,
-    tenantId: "${a ? "control_plane" : "main"}",
-    tenantName: "${a ? "Control Plane" : "Main"}",
-    isControlPlane: ${!!a},
+    tenantId: "${s ? "control_plane" : "main"}",
+    tenantName: "${s ? "Control Plane" : "Main"}",
+    isControlPlane: ${!!s},
   });
 
   console.log("✅ Database seeded successfully!");
@@ -722,23 +799,23 @@ async function main() {
 main().catch(console.error);
 `;
 }
-function H(a, e) {
-  const n = i.join(a, "src");
-  s.writeFileSync(
-    i.join(n, "app.ts"),
+function H(s, e) {
+  const o = i.join(s, "src");
+  a.writeFileSync(
+    i.join(o, "app.ts"),
+    L(e)
+  ), a.writeFileSync(
+    i.join(o, "seed.ts"),
     j(e)
-  ), s.writeFileSync(
-    i.join(n, "seed.ts"),
-    $(e)
   );
 }
 function x() {
   console.log("\\n" + "─".repeat(50)), console.log("🔐 AuthHero deployed to AWS!"), console.log("📚 Check SST output for your API URL"), console.log("🚀 Open your server URL /setup to complete initial setup"), console.log("🌐 Portal available at https://local.authhero.net"), console.log("─".repeat(50) + "\\n");
 }
-function M(a) {
-  const e = i.join(a, ".github", "workflows");
-  s.mkdirSync(e, { recursive: !0 });
-  const n = `name: Unit tests
+function F(s) {
+  const e = i.join(s, ".github", "workflows");
+  a.mkdirSync(e, { recursive: !0 });
+  const o = `name: Unit tests
 
 on: push
 
@@ -795,7 +872,7 @@ jobs:
         with:
           apiToken: \${{ secrets.CLOUDFLARE_API_TOKEN }}
           command: deploy
-`, o = `name: Deploy to Production
+`, n = `name: Deploy to Production
 
 on:
   release:
@@ -824,9 +901,9 @@ jobs:
           apiToken: \${{ secrets.PROD_CLOUDFLARE_API_TOKEN }}
           command: deploy --env production
 `;
-  s.writeFileSync(i.join(e, "unit-tests.yml"), n), s.writeFileSync(i.join(e, "deploy-dev.yml"), r), s.writeFileSync(i.join(e, "release.yml"), o), console.log("\\n📦 GitHub CI workflows created!");
+  a.writeFileSync(i.join(e, "unit-tests.yml"), o), a.writeFileSync(i.join(e, "deploy-dev.yml"), r), a.writeFileSync(i.join(e, "release.yml"), n), console.log("\\n📦 GitHub CI workflows created!");
 }
-function F(a) {
+function M(s) {
   const e = {
     branches: ["main"],
     plugins: [
@@ -835,11 +912,11 @@ function F(a) {
       "@semantic-release/github"
     ]
   };
-  s.writeFileSync(
-    i.join(a, ".releaserc.json"),
+  a.writeFileSync(
+    i.join(s, ".releaserc.json"),
     JSON.stringify(e, null, 2)
   );
-  const n = i.join(a, "package.json"), r = JSON.parse(s.readFileSync(n, "utf-8"));
+  const o = i.join(s, "package.json"), r = JSON.parse(a.readFileSync(o, "utf-8"));
   r.devDependencies = {
     ...r.devDependencies,
     "semantic-release": "^24.0.0"
@@ -847,38 +924,38 @@ function F(a) {
     ...r.scripts,
     test: 'echo "No tests yet"',
     "type-check": "tsc --noEmit"
-  }, s.writeFileSync(n, JSON.stringify(r, null, 2));
+  }, a.writeFileSync(o, JSON.stringify(r, null, 2));
 }
-function b(a, e) {
-  return new Promise((n, r) => {
-    const o = E(a, [], {
+function _(s, e) {
+  return new Promise((o, r) => {
+    const n = E(s, [], {
       cwd: e,
       shell: !0,
       stdio: "inherit"
     });
-    o.on("close", (t) => {
-      t === 0 ? n() : r(new Error(`Command failed with exit code ${t}`));
-    }), o.on("error", r);
+    n.on("close", (t) => {
+      t === 0 ? o() : r(new Error(`Command failed with exit code ${t}`));
+    }), n.on("error", r);
   });
 }
-function W(a, e, n) {
-  const r = i.join(a, "src");
-  s.writeFileSync(
+function W(s, e, o) {
+  const r = i.join(s, "src");
+  a.writeFileSync(
     i.join(r, "app.ts"),
-    L(e, n)
-  ), s.writeFileSync(
+    $(e, o)
+  ), a.writeFileSync(
     i.join(r, "seed.ts"),
-    O(e)
+    U(e)
   );
 }
-function _() {
+function I() {
   console.log(`
-` + "─".repeat(50)), console.log("🔐 AuthHero server running at https://localhost:3000"), console.log("📚 API documentation available at https://localhost:3000/docs"), console.log("🚀 Open https://localhost:3000/setup to complete initial setup"), console.log("🌐 Portal available at https://local.authhero.net"), console.log("─".repeat(50) + `
+` + "─".repeat(50)), console.log("🔐 AuthHero server running at https://localhost:3000"), console.log("🚀 Open https://localhost:3000/setup to complete initial setup"), console.log("─".repeat(50) + `
 `);
 }
 function k() {
   console.log(`
-` + "─".repeat(50)), console.log("✅ Self-signed certificates generated with openssl"), console.log("⚠️  You may need to trust the certificate in your browser"), console.log("🔐 AuthHero server running at https://localhost:3000"), console.log("📚 API documentation available at https://localhost:3000/docs"), console.log("🚀 Open https://localhost:3000/setup to complete initial setup"), console.log("🌐 Portal available at https://local.authhero.net"), console.log("─".repeat(50) + `
+` + "─".repeat(50)), console.log("✅ Self-signed certificates generated with openssl"), console.log("⚠️  You may need to trust the certificate in your browser"), console.log("🔐 AuthHero server running at http://localhost:3000"), console.log("📚 API documentation available at http://localhost:3000/docs"), console.log("🚀 Open http://localhost:3000/setup to complete initial setup"), console.log("─".repeat(50) + `
 `);
 }
 D.version("1.0.0").description("Create a new AuthHero project").argument("[project-name]", "name of the project").option("-t, --template <type>", "template type: local or cloudflare").option(
@@ -890,13 +967,13 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
 ).option(
   "--workspace",
   "use workspace:* dependencies for local monorepo development"
-).option("-y, --yes", "skip all prompts and use defaults/provided options").action(async (a, e) => {
-  const n = e.yes === !0;
+).option("-y, --yes", "skip all prompts and use defaults/provided options").action(async (s, e) => {
+  const o = e.yes === !0;
   console.log(`
 🔐 Welcome to AuthHero!
 `);
-  let r = a;
-  r || (n ? (r = "auth-server", console.log(`Using default project name: ${r}`)) : r = (await m.prompt([
+  let r = s;
+  r || (o ? (r = "auth-server", console.log(`Using default project name: ${r}`)) : r = (await m.prompt([
     {
       type: "input",
       name: "projectName",
@@ -905,8 +982,8 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
       validate: (u) => u !== "" || "Project name cannot be empty"
     }
   ])).projectName);
-  const o = i.join(process.cwd(), r);
-  s.existsSync(o) && (console.error(`❌ Project "${r}" already exists.`), process.exit(1));
+  const n = i.join(process.cwd(), r);
+  a.existsSync(n) && (console.error(`❌ Project "${r}" already exists.`), process.exit(1));
   let t;
   e.template ? (["local", "cloudflare", "aws-sst"].includes(e.template) || (console.error(`❌ Invalid template: ${e.template}`), console.error("Valid options: local, cloudflare, aws-sst"), process.exit(1)), t = e.template, console.log(`Using template: ${p[t].name}`)) : t = (await m.prompt([
     {
@@ -936,7 +1013,7 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
     }
   ])).setupType;
   let c;
-  e.multiTenant !== void 0 ? c = e.multiTenant : n ? c = !1 : c = (await m.prompt([
+  e.multiTenant !== void 0 ? c = e.multiTenant : o ? c = !1 : c = (await m.prompt([
     {
       type: "confirm",
       name: "multiTenant",
@@ -945,7 +1022,7 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
     }
   ])).multiTenant, c && console.log("Multi-tenant mode: enabled");
   let d = !1;
-  (t === "local" || t === "cloudflare") && (e.adminUi !== void 0 ? d = e.adminUi : n ? d = !0 : d = (await m.prompt([
+  (t === "local" || t === "cloudflare") && (e.adminUi !== void 0 ? d = e.adminUi : o ? d = !0 : d = (await m.prompt([
     {
       type: "confirm",
       name: "adminUi",
@@ -960,8 +1037,8 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
   const C = e.workspace || !1;
   C && console.log("Workspace mode: enabled (using workspace:* dependencies)");
   const y = p[t];
-  s.mkdirSync(o, { recursive: !0 }), s.writeFileSync(
-    i.join(o, "package.json"),
+  a.mkdirSync(n, { recursive: !0 }), a.writeFileSync(
+    i.join(n, "package.json"),
     JSON.stringify(
       y.packageJson(
         r,
@@ -974,38 +1051,38 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
       2
     )
   );
-  const S = y.templateDir, I = i.join(
+  const b = y.templateDir, S = i.join(
     import.meta.url.replace("file://", "").replace("/create-authhero.js", ""),
-    S
+    b
   );
-  if (s.existsSync(I) ? N(I, o) : (console.error(`❌ Template directory not found: ${I}`), process.exit(1)), t === "cloudflare" && W(o, c, d), t === "cloudflare") {
-    const l = i.join(o, "wrangler.toml"), u = i.join(o, "wrangler.local.toml");
-    s.existsSync(l) && s.copyFileSync(l, u);
-    const g = i.join(o, ".dev.vars.example"), w = i.join(o, ".dev.vars");
-    s.existsSync(g) && s.copyFileSync(g, w), console.log(
+  if (a.existsSync(S) ? N(S, n) : (console.error(`❌ Template directory not found: ${S}`), process.exit(1)), t === "cloudflare" && W(n, c, d), t === "cloudflare") {
+    const l = i.join(n, "wrangler.toml"), u = i.join(n, "wrangler.local.toml");
+    a.existsSync(l) && a.copyFileSync(l, u);
+    const g = i.join(n, ".dev.vars.example"), w = i.join(n, ".dev.vars");
+    a.existsSync(g) && a.copyFileSync(g, w), console.log(
       "📁 Created wrangler.local.toml and .dev.vars for local development"
     );
   }
   let A = !1;
-  if (t === "cloudflare" && (e.githubCi !== void 0 ? (A = e.githubCi, A && console.log("Including GitHub CI workflows with semantic versioning")) : n || (A = (await m.prompt([
+  if (t === "cloudflare" && (e.githubCi !== void 0 ? (A = e.githubCi, A && console.log("Including GitHub CI workflows with semantic versioning")) : o || (A = (await m.prompt([
     {
       type: "confirm",
       name: "includeGithubCi",
       message: "Would you like to include GitHub CI with semantic versioning?",
       default: !1
     }
-  ])).includeGithubCi), A && (M(o), F(o))), t === "local") {
+  ])).includeGithubCi), A && (F(n), M(n))), t === "local") {
     const l = R(
       c,
       f,
       h,
       d
     );
-    s.writeFileSync(i.join(o, "src/seed.ts"), l);
-    const u = U(c, d);
-    s.writeFileSync(i.join(o, "src/app.ts"), u);
+    a.writeFileSync(i.join(n, "src/seed.ts"), l);
+    const u = O(c, d);
+    a.writeFileSync(i.join(n, "src/app.ts"), u);
   }
-  if (t === "aws-sst" && H(o, c), f) {
+  if (t === "aws-sst" && H(n, c), f) {
     const l = {
       alias: h,
       description: "AuthHero Conformance Test",
@@ -1024,8 +1101,8 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
         resourceUrl: "http://host.docker.internal:3000/userinfo"
       }
     };
-    s.writeFileSync(
-      i.join(o, "conformance-config.json"),
+    a.writeFileSync(
+      i.join(n, "conformance-config.json"),
       JSON.stringify(l, null, 2)
     ), console.log(
       "📝 Created conformance-config.json for OpenID Conformance Suite"
@@ -1038,7 +1115,7 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
 `
   );
   let v;
-  if (e.skipInstall ? v = !1 : n ? v = !0 : v = (await m.prompt([
+  if (e.skipInstall ? v = !1 : o ? v = !0 : v = (await m.prompt([
     {
       type: "confirm",
       name: "shouldInstall",
@@ -1049,7 +1126,7 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
     let l;
     e.packageManager ? (["npm", "yarn", "pnpm", "bun"].includes(e.packageManager) || (console.error(
       `❌ Invalid package manager: ${e.packageManager}`
-    ), console.error("Valid options: npm, yarn, pnpm, bun"), process.exit(1)), l = e.packageManager) : n ? l = "pnpm" : l = (await m.prompt([
+    ), console.error("Valid options: npm, yarn, pnpm, bun"), process.exit(1)), l = e.packageManager) : o ? l = "pnpm" : l = (await m.prompt([
       {
         type: "list",
         name: "packageManager",
@@ -1067,13 +1144,13 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
 `);
     try {
       const u = l === "pnpm" ? "pnpm install --ignore-workspace" : `${l} install`;
-      if (await b(u, o), t === "local" && (console.log(`
+      if (await _(u, n), t === "local" && (console.log(`
 🔧 Building native modules...
-`), await b("npm rebuild better-sqlite3", o)), console.log(`
+`), await _("npm rebuild better-sqlite3", n)), console.log(`
 ✅ Dependencies installed successfully!
 `), (t === "local" || t === "cloudflare") && !e.skipMigrate) {
         let w;
-        n ? w = !0 : w = (await m.prompt([
+        o ? w = !0 : w = (await m.prompt([
           {
             type: "confirm",
             name: "shouldMigrate",
@@ -1082,20 +1159,20 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
           }
         ])).shouldMigrate, w && (console.log(`
 🔄 Running migrations...
-`), await b(`${l} run migrate`, o));
+`), await _(`${l} run migrate`, n));
       }
       let g;
-      e.skipStart || n ? g = !1 : g = (await m.prompt([
+      e.skipStart || o ? g = !1 : g = (await m.prompt([
         {
           type: "confirm",
           name: "shouldStart",
           message: "Would you like to start the development server?",
           default: !0
         }
-      ])).shouldStart, g && (t === "cloudflare" ? _() : t === "aws-sst" ? x() : k(), console.log(`🚀 Starting development server...
-`), await b(`${l} run dev`, o)), n && !g && (console.log(`
+      ])).shouldStart, g && (t === "cloudflare" ? I() : t === "aws-sst" ? x() : k(), console.log(`🚀 Starting development server...
+`), await _(`${l} run dev`, n)), o && !g && (console.log(`
 ✅ Setup complete!`), console.log(`
-To start the development server:`), console.log(`  cd ${r}`), console.log("  npm run dev"), t === "cloudflare" ? _() : t === "aws-sst" ? x() : k());
+To start the development server:`), console.log(`  cd ${r}`), console.log("  npm run dev"), t === "cloudflare" ? I() : t === "aws-sst" ? x() : k());
     } catch (u) {
       console.error(`
 ❌ An error occurred:`, u), process.exit(1);
@@ -1103,7 +1180,7 @@ To start the development server:`), console.log(`  cd ${r}`), console.log("  npm
   }
   v || (console.log("Next steps:"), console.log(`  cd ${r}`), t === "local" ? (console.log("  npm install"), console.log("  npm run migrate"), console.log("  npm run dev"), console.log(
     `
-Open https://localhost:3000/setup to complete initial setup`
+Open http://localhost:3000/setup to complete initial setup`
   )) : t === "cloudflare" ? (console.log("  npm install"), console.log(
     "  npm run migrate  # or npm run db:migrate:remote for production"
   ), console.log("  npm run dev  # or npm run dev:remote for production"), console.log(
@@ -1111,7 +1188,7 @@ Open https://localhost:3000/setup to complete initial setup`
 Open https://localhost:3000/setup to complete initial setup`
   )) : t === "aws-sst" && (console.log("  npm install"), console.log("  npm run dev  # Deploys to AWS in development mode"), console.log(`
 Open your server URL /setup to complete initial setup`)), console.log(`
-Server will be available at: https://localhost:3000`), console.log("Portal available at: https://local.authhero.net"), f && (console.log(`
+Server will be available at: http://localhost:3000`), f && (console.log(`
 🧪 OpenID Conformance Suite Testing:`), console.log(
     "  1. Clone and start the conformance suite (if not already running):"
   ), console.log(

package/dist/local/src/app.ts

@@ -33,7 +33,7 @@ export default function createApp(config: AuthHeroConfig) {
   // Add admin UI handler if the package is installed
   if (fs.existsSync(adminIndexPath)) {
     const issuer =
-      process.env.ISSUER || `https://localhost:${process.env.PORT || 3000}/`;
+      process.env.ISSUER || `http://localhost:${process.env.PORT || 3000}/`;
     const rawHtml = fs
       .readFileSync(adminIndexPath, "utf-8")
       .replace(/src="\.\/assets\//g, 'src="/admin/assets/')

package/package.json

@@ -5,7 +5,7 @@
     "type": "git",
     "url": "https://github.com/markusahlstrand/authhero"
   },
-  "version": "0.38.0",
+  "version": "0.40.0",
   "type": "module",
   "main": "dist/create-authhero.js",
   "bin": {