hazo_auth 6.1.1 → 7.0.1

package/dist/lib/auth/nextauth_config.js

@@ -1,8 +1,10 @@
 // ESM/CJS interop: next-auth providers are CommonJS, handle both export scenarios
 import GoogleProviderImport from "next-auth/providers/google";
 const GoogleProvider = GoogleProviderImport.default || GoogleProviderImport;
+import FacebookProviderImport from "next-auth/providers/facebook";
+const FacebookProvider = FacebookProviderImport.default || FacebookProviderImport;
 import { get_oauth_config } from "../oauth_config.server.js";
-import { handle_google_oauth_login } from "../services/oauth_service.js";
+import { handle_google_oauth_login, handle_facebook_oauth_login } from "../services/oauth_service.js";
 import { get_hazo_connect_instance } from "../hazo_connect_instance.server.js";
 import { create_app_logger } from "../app_logger.js";
 // section: config
@@ -32,6 +34,18 @@ export function get_nextauth_config() {
             }));
         }
     }
+    // Add Facebook provider if enabled and credentials are present
+    if (oauth_config.enable_facebook && oauth_config.facebook_client_id && oauth_config.facebook_client_secret) {
+        providers.push(FacebookProvider({
+            clientId: oauth_config.facebook_client_id,
+            clientSecret: oauth_config.facebook_client_secret,
+            authorization: {
+                params: {
+                    scope: "email,public_profile",
+                },
+            },
+        }));
+    }
     return {
         providers,
         pages: {
@@ -52,6 +66,9 @@ export function get_nextauth_config() {
                 if (url.includes("/api/hazo_auth/oauth/google/callback")) {
                     return url;
                 }
+                if (url.includes("/api/hazo_auth/oauth/facebook/callback")) {
+                    return url;
+                }
                 // If URL is relative or same origin, allow it
                 if (url.startsWith("/")) {
                     return `${baseUrl}${url}`;
@@ -66,7 +83,7 @@ export function get_nextauth_config() {
              * Sign-in callback - handle user creation/linking for Google OAuth
              */
             async signIn({ account, profile, user, }) {
-                var _a;
+                var _a, _b, _c, _d, _e, _f;
                 const logger = create_app_logger();
                 if ((account === null || account === void 0 ? void 0 : account.provider) === "google" && profile) {
                     try {
@@ -111,6 +128,64 @@ export function get_nextauth_config() {
                         return false;
                     }
                 }
+                if ((account === null || account === void 0 ? void 0 : account.provider) === "facebook" && profile) {
+                    try {
+                        const fbProfile = profile;
+                        const hazoConnect = get_hazo_connect_instance();
+                        const current_oauth_config = get_oauth_config();
+                        // Resolve profile picture URL from Facebook's nested structure
+                        let fb_picture_url;
+                        if (fbProfile.picture) {
+                            if (typeof fbProfile.picture === "string") {
+                                fb_picture_url = fbProfile.picture;
+                            }
+                            else if ((_c = (_b = fbProfile.picture) === null || _b === void 0 ? void 0 : _b.data) === null || _c === void 0 ? void 0 : _c.url) {
+                                fb_picture_url = fbProfile.picture.data.url;
+                            }
+                        }
+                        if (!fb_picture_url && user.image) {
+                            fb_picture_url = (_d = user.image) !== null && _d !== void 0 ? _d : undefined;
+                        }
+                        logger.info("nextauth_facebook_signin_attempt", {
+                            email: user.email,
+                            facebook_id: fbProfile.id,
+                            name: user.name,
+                        });
+                        const result = await handle_facebook_oauth_login(hazoConnect, {
+                            facebook_id: fbProfile.id || account.providerAccountId,
+                            email: (_f = (_e = user.email) !== null && _e !== void 0 ? _e : fbProfile.email) !== null && _f !== void 0 ? _f : null,
+                            name: user.name || fbProfile.name || undefined,
+                            profile_picture_url: fb_picture_url,
+                        }, { auto_link_unverified: current_oauth_config.auto_link_unverified_accounts_facebook });
+                        if (!result.success) {
+                            logger.error("nextauth_facebook_signin_failed", {
+                                email: user.email,
+                                error: result.error,
+                            });
+                            if (result.error === "link_blocked_unverified") {
+                                return `/hazo_auth/login?error=link_blocked_unverified`;
+                            }
+                            return false;
+                        }
+                        logger.info("nextauth_facebook_signin_success", {
+                            user_id: result.user_id,
+                            email: result.email,
+                            is_new_user: result.is_new_user,
+                            was_linked: result.was_linked,
+                        });
+                        // Store user_id in account for the JWT callback to pick up
+                        account.hazo_user_id = result.user_id;
+                        return true;
+                    }
+                    catch (error) {
+                        const errorMessage = error instanceof Error ? error.message : "Unknown error";
+                        logger.error("nextauth_facebook_signin_exception", {
+                            email: user.email,
+                            error: errorMessage,
+                        });
+                        return false;
+                    }
+                }
                 return true;
             },
             /**
@@ -169,5 +244,8 @@ export function has_oauth_providers() {
         if (has_google_credentials)
             return true;
     }
+    if (oauth_config.enable_facebook && oauth_config.facebook_client_id && oauth_config.facebook_client_secret) {
+        return true;
+    }
     return false;
 }

package/dist/lib/email_verification_config.server.d.ts

@@ -5,9 +5,6 @@ export type EmailVerificationConfig = {
     showReturnHomeButton: boolean;
     returnHomeButtonLabel: string;
     returnHomePath: string;
-    imageSrc: string;
-    imageAlt: string;
-    imageBackgroundColor: string;
 };
 /**
  * Reads email verification layout configuration from hazo_auth_config.ini file

package/dist/lib/email_verification_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"email_verification_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/email_verification_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,uBAAuB,GAAG;IACpC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,6BAA6B,IAAI,uBAAuB,CAoCvE"}
+{"version":3,"file":"email_verification_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/email_verification_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,uBAAuB,GAAG;IACpC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,6BAA6B,IAAI,uBAAuB,CAWvE"}

package/dist/lib/email_verification_config.server.js

@@ -3,11 +3,6 @@
 import "server-only";
 // section: imports
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
-import { get_config_value } from "./config/config_loader.server.js";
-// Default image path - consuming apps should either:
-// 1. Configure their own image_src in hazo_auth_config.ini
-// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
-const DEFAULT_VERIFY_EMAIL_IMAGE_PATH = "/hazo_auth/images/verify_email_default.jpg";
 // section: helpers
 /**
  * Reads email verification layout configuration from hazo_auth_config.ini file
@@ -15,23 +10,13 @@ const DEFAULT_VERIFY_EMAIL_IMAGE_PATH = "/hazo_auth/images/verify_email_default.
  * @returns Email verification configuration options
  */
 export function get_email_verification_config() {
-    const section = "hazo_auth__email_verification_layout";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
-    // Read image configuration
-    // If not set in config, falls back to default path-based image
-    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
-    const imageSrc = get_config_value(section, "image_src", DEFAULT_VERIFY_EMAIL_IMAGE_PATH);
-    const imageAlt = get_config_value(section, "image_alt", "Email verification illustration");
-    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         alreadyLoggedInMessage: alreadyLoggedInConfig.message,
         showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
         showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
         returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
-        imageSrc,
-        imageAlt,
-        imageBackgroundColor,
     };
 }

package/dist/lib/forgot_password_config.server.d.ts

@@ -5,9 +5,6 @@ export type ForgotPasswordConfig = {
     showReturnHomeButton: boolean;
     returnHomeButtonLabel: string;
     returnHomePath: string;
-    imageSrc: string;
-    imageAlt: string;
-    imageBackgroundColor: string;
 };
 /**
  * Reads forgot password layout configuration from hazo_auth_config.ini file

package/dist/lib/forgot_password_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/forgot_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CAoCjE"}
+{"version":3,"file":"forgot_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/forgot_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CAWjE"}

package/dist/lib/forgot_password_config.server.js

@@ -3,11 +3,6 @@
 import "server-only";
 // section: imports
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
-import { get_config_value } from "./config/config_loader.server.js";
-// Default image path - consuming apps should either:
-// 1. Configure their own image_src in hazo_auth_config.ini
-// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
-const DEFAULT_FORGOT_PASSWORD_IMAGE_PATH = "/hazo_auth/images/forgot_password_default.jpg";
 // section: helpers
 /**
  * Reads forgot password layout configuration from hazo_auth_config.ini file
@@ -15,23 +10,13 @@ const DEFAULT_FORGOT_PASSWORD_IMAGE_PATH = "/hazo_auth/images/forgot_password_de
  * @returns Forgot password configuration options
  */
 export function get_forgot_password_config() {
-    const section = "hazo_auth__forgot_password_layout";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
-    // Read image configuration
-    // If not set in config, falls back to default path-based image
-    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
-    const imageSrc = get_config_value(section, "image_src", DEFAULT_FORGOT_PASSWORD_IMAGE_PATH);
-    const imageAlt = get_config_value(section, "image_alt", "Password recovery illustration");
-    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         alreadyLoggedInMessage: alreadyLoggedInConfig.message,
         showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
         showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
         returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
-        imageSrc,
-        imageAlt,
-        imageBackgroundColor,
     };
 }

package/dist/lib/login_config.server.d.ts

@@ -13,9 +13,6 @@ export type LoginConfig = {
     createAccountPath: string;
     createAccountLabel: string;
     showCreateAccountLink: boolean;
-    imageSrc: string;
-    imageAlt: string;
-    imageBackgroundColor: string;
     /** OAuth configuration */
     oauth: OAuthConfig;
     /** Whether the OTP sign-in link is shown below the login form */

package/dist/lib/login_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAQ3E,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;IACnB,iEAAiE;IACjE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAiF9C"}
+{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAG3E,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;IACnB,iEAAiE;IACjE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CA0D9C"}

package/dist/lib/login_config.server.js

@@ -5,10 +5,6 @@ import "server-only";
 import { get_config_value, get_config_value_allow_empty } from "./config/config_loader.server.js";
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
 import { get_oauth_config } from "./oauth_config.server.js";
-// Default image path - consuming apps should either:
-// 1. Configure their own image_src in hazo_auth_config.ini
-// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
-const DEFAULT_LOGIN_IMAGE_PATH = "/hazo_auth/images/login_default.jpg";
 // section: helpers
 /**
  * Reads login layout configuration from hazo_auth_config.ini file
@@ -30,12 +26,6 @@ export function get_login_config() {
     const showCreateAccountLink = get_config_value(section, "show_create_account_link", "true") === "true";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
-    // Read image configuration
-    // If not set in config, falls back to default path-based image
-    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
-    const imageSrc = get_config_value(section, "image_src", DEFAULT_LOGIN_IMAGE_PATH);
-    const imageAlt = get_config_value(section, "image_alt", "Secure login illustration");
-    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     // Get OAuth configuration
     const oauth = get_oauth_config();
     // OTP sign-in link
@@ -55,9 +45,6 @@ export function get_login_config() {
         createAccountPath,
         createAccountLabel,
         showCreateAccountLink,
-        imageSrc,
-        imageAlt,
-        imageBackgroundColor,
         oauth,
         otpSigninEnabled,
         otpSigninLabel,

package/dist/lib/my_settings_config.server.d.ts

@@ -21,7 +21,6 @@ export type MySettingsConfig = {
         user_photo_default_priority2?: "library" | "gravatar";
         library_photo_path: string;
     };
-    heading?: string;
     subHeading?: string;
     profilePhotoLabel?: string;
     profilePhotoRecommendation?: string;

package/dist/lib/my_settings_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"my_settings_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/my_settings_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE;QACV,eAAe,EAAE,OAAO,CAAC;QACzB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;KAC9B,CAAC;IACF,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,cAAc,EAAE;QACd,kBAAkB,EAAE,OAAO,CAAC;QAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,4BAA4B,EAAE,UAAU,GAAG,SAAS,CAAC;QACrD,4BAA4B,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;QACtD,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE;QACR,6BAA6B,EAAE,MAAM,CAAC;QACtC,sBAAsB,EAAE,MAAM,CAAC;QAC/B,2BAA2B,EAAE,MAAM,CAAC;QACpC,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,yBAAyB,EAAE,MAAM,CAAC;QAClC,uBAAuB,EAAE,MAAM,CAAC;QAChC,0BAA0B,EAAE,MAAM,CAAC;QACnC,0BAA0B,EAAE,MAAM,CAAC;QACnC,+BAA+B,EAAE,MAAM,CAAC;QACxC,4BAA4B,EAAE,MAAM,CAAC;KACtC,CAAC;IACF,SAAS,EAAE;QACT,wBAAwB,EAAE,MAAM,EAAE,CAAC;QACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;KACpC,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,gBAAgB,CAyDzD"}
+{"version":3,"file":"my_settings_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/my_settings_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE;QACV,eAAe,EAAE,OAAO,CAAC;QACzB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;KAC9B,CAAC;IACF,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,cAAc,EAAE;QACd,kBAAkB,EAAE,OAAO,CAAC;QAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,4BAA4B,EAAE,UAAU,GAAG,SAAS,CAAC;QACrD,4BAA4B,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;QACtD,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE;QACR,6BAA6B,EAAE,MAAM,CAAC;QACtC,sBAAsB,EAAE,MAAM,CAAC;QAC/B,2BAA2B,EAAE,MAAM,CAAC;QACpC,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,yBAAyB,EAAE,MAAM,CAAC;QAClC,uBAAuB,EAAE,MAAM,CAAC;QAChC,0BAA0B,EAAE,MAAM,CAAC;QACnC,0BAA0B,EAAE,MAAM,CAAC;QACnC,+BAA+B,EAAE,MAAM,CAAC;QACxC,4BAA4B,EAAE,MAAM,CAAC;KACtC,CAAC;IACF,SAAS,EAAE;QACT,wBAAwB,EAAE,MAAM,EAAE,CAAC;QACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;KACpC,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,gBAAgB,CAuDzD"}

package/dist/lib/my_settings_config.server.js

@@ -28,7 +28,6 @@ export function get_my_settings_config() {
     const uiSizes = get_ui_sizes_config();
     const fileTypes = get_file_types_config();
     // Read optional labels with defaults
-    const heading = get_config_value(section, "heading", "Account Settings");
     const subHeading = get_config_value(section, "sub_heading", "Manage your profile, password, and email preferences.");
     const profilePhotoLabel = get_config_value(section, "profile_photo_label", "Profile Photo");
     const profilePhotoRecommendation = get_config_value(section, "profile_photo_recommendation", "Recommended size: 200x200px. JPG, PNG.");
@@ -47,7 +46,6 @@ export function get_my_settings_config() {
         userFields,
         passwordRequirements,
         profilePicture,
-        heading,
         subHeading,
         profilePhotoLabel,
         profilePhotoRecommendation,

package/dist/lib/oauth_config.server.d.ts

@@ -2,12 +2,20 @@ import "server-only";
 export type OAuthConfig = {
     /** Enable Google OAuth login */
     enable_google: boolean;
+    /** Enable Facebook OAuth login */
+    enable_facebook: boolean;
     /** Enable traditional email/password login */
     enable_email_password: boolean;
     /** Auto-link Google login to existing unverified email/password accounts */
     auto_link_unverified_accounts: boolean;
+    /** Auto-link Google login to existing unverified email/password accounts (per-provider override) */
+    auto_link_unverified_accounts_google: boolean;
+    /** Auto-link Facebook login to existing unverified email/password accounts */
+    auto_link_unverified_accounts_facebook: boolean;
     /** Text displayed on the Google sign-in button */
     google_button_text: string;
+    /** Text displayed on the Facebook sign-in button */
+    facebook_button_text: string;
     /** Text displayed on the divider between OAuth and email/password form */
     oauth_divider_text: string;
     /** NextAuth signIn page path */
@@ -22,6 +30,10 @@ export type OAuthConfig = {
     skip_invitation_check: boolean;
     /** Redirect when skip_invitation_check=true and user has no scope */
     no_scope_redirect: string;
+    /** Facebook App ID from env HAZO_AUTH_FACEBOOK_APP_ID */
+    facebook_client_id: string | undefined;
+    /** Facebook App Secret from env HAZO_AUTH_FACEBOOK_APP_SECRET */
+    facebook_client_secret: string | undefined;
 };
 /**
  * Reads OAuth configuration from hazo_auth_config.ini file
@@ -39,4 +51,9 @@ export declare function is_google_oauth_enabled(): boolean;
  * @returns true if email/password login is enabled in config
  */
 export declare function is_email_password_enabled(): boolean;
+/**
+ * Helper to check if Facebook OAuth is enabled and credentials are present
+ * @returns true if Facebook OAuth is enabled and env vars are set
+ */
+export declare function is_facebook_oauth_enabled(): boolean;
 //# sourceMappingURL=oauth_config.server.d.ts.map

package/dist/lib/oauth_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/oauth_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GAAG;IACxB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,8CAA8C;IAC9C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,4EAA4E;IAC5E,6BAA6B,EAAE,OAAO,CAAC;IACvC,kDAAkD;IAClD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,0EAA0E;IAC1E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,MAAM,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,qBAAqB,EAAE,OAAO,CAAC;IAC/B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;CAC3B,CAAC;AAMF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAgF9C;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAEjD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAMnD"}
+{"version":3,"file":"oauth_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/oauth_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GAAG;IACxB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,kCAAkC;IAClC,eAAe,EAAE,OAAO,CAAC;IACzB,8CAA8C;IAC9C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,4EAA4E;IAC5E,6BAA6B,EAAE,OAAO,CAAC;IACvC,oGAAoG;IACpG,oCAAoC,EAAE,OAAO,CAAC;IAC9C,8EAA8E;IAC9E,sCAAsC,EAAE,OAAO,CAAC;IAChD,kDAAkD;IAClD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oDAAoD;IACpD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0EAA0E;IAC1E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,MAAM,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,qBAAqB,EAAE,OAAO,CAAC;IAC/B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,yDAAyD;IACzD,kBAAkB,EAAE,MAAM,GAAG,SAAS,CAAC;IACvC,iEAAiE;IACjE,sBAAsB,EAAE,MAAM,GAAG,SAAS,CAAC;CAC5C,CAAC;AAMF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAoH9C;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAEjD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAMnD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAInD"}

package/dist/lib/oauth_config.server.js

@@ -14,9 +14,16 @@ const SECTION_NAME = "hazo_auth__oauth";
  */
 export function get_oauth_config() {
     const enable_google = get_config_boolean(SECTION_NAME, "enable_google", DEFAULT_OAUTH.enable_google);
+    const enable_facebook = get_config_boolean(SECTION_NAME, "enable_facebook", false);
     const enable_email_password = get_config_boolean(SECTION_NAME, "enable_email_password", DEFAULT_OAUTH.enable_email_password);
+    // Generic key (backward compat)
     const auto_link_unverified_accounts = get_config_boolean(SECTION_NAME, "auto_link_unverified_accounts", DEFAULT_OAUTH.auto_link_unverified_accounts);
+    // Per-provider Google key (falls back to generic)
+    const auto_link_unverified_accounts_google = get_config_boolean(SECTION_NAME, "auto_link_unverified_accounts_google", auto_link_unverified_accounts);
+    // Per-provider Facebook key (defaults to false — don't auto-link Facebook unverified)
+    const auto_link_unverified_accounts_facebook = get_config_boolean(SECTION_NAME, "auto_link_unverified_accounts_facebook", false);
     const google_button_text = get_config_value(SECTION_NAME, "google_button_text", DEFAULT_OAUTH.google_button_text);
+    const facebook_button_text = get_config_value(SECTION_NAME, "facebook_button_text", "Continue with Facebook");
     const oauth_divider_text = get_config_value(SECTION_NAME, "oauth_divider_text", DEFAULT_OAUTH.oauth_divider_text);
     const sign_in_page = get_config_value(SECTION_NAME, "sign_in_page", DEFAULT_OAUTH.sign_in_page);
     const error_page = get_config_value(SECTION_NAME, "error_page", DEFAULT_OAUTH.error_page);
@@ -24,11 +31,17 @@ export function get_oauth_config() {
     const default_redirect = get_config_value(SECTION_NAME, "default_redirect", DEFAULT_OAUTH.default_redirect);
     const skip_invitation_check = get_config_boolean(SECTION_NAME, "skip_invitation_check", DEFAULT_OAUTH.skip_invitation_check);
     const no_scope_redirect = get_config_value(SECTION_NAME, "no_scope_redirect", DEFAULT_OAUTH.no_scope_redirect);
+    const facebook_client_id = process.env.HAZO_AUTH_FACEBOOK_APP_ID;
+    const facebook_client_secret = process.env.HAZO_AUTH_FACEBOOK_APP_SECRET;
     return {
         enable_google,
+        enable_facebook,
         enable_email_password,
         auto_link_unverified_accounts,
+        auto_link_unverified_accounts_google,
+        auto_link_unverified_accounts_facebook,
         google_button_text,
+        facebook_button_text,
         oauth_divider_text,
         sign_in_page,
         error_page,
@@ -36,6 +49,8 @@ export function get_oauth_config() {
         default_redirect,
         skip_invitation_check,
         no_scope_redirect,
+        facebook_client_id,
+        facebook_client_secret,
     };
 }
 /**
@@ -52,3 +67,13 @@ export function is_google_oauth_enabled() {
 export function is_email_password_enabled() {
     return get_config_boolean(SECTION_NAME, "enable_email_password", DEFAULT_OAUTH.enable_email_password);
 }
+/**
+ * Helper to check if Facebook OAuth is enabled and credentials are present
+ * @returns true if Facebook OAuth is enabled and env vars are set
+ */
+export function is_facebook_oauth_enabled() {
+    const enabled = get_config_boolean(SECTION_NAME, "enable_facebook", false);
+    if (!enabled)
+        return false;
+    return !!(process.env.HAZO_AUTH_FACEBOOK_APP_ID && process.env.HAZO_AUTH_FACEBOOK_APP_SECRET);
+}

package/dist/lib/register_config.server.d.ts

@@ -15,14 +15,13 @@ export type RegisterConfig = {
     returnHomePath: string;
     signInPath: string;
     signInLabel: string;
-    imageSrc: string;
-    imageAlt: string;
-    imageBackgroundColor: string;
     /** OAuth configuration */
     oauth: {
         enable_google: boolean;
+        enable_facebook: boolean;
         enable_email_password: boolean;
         google_button_text: string;
+        facebook_button_text: string;
         oauth_divider_text: string;
     };
 };

package/dist/lib/register_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"register_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/register_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAerB,MAAM,MAAM,cAAc,GAAG;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0BAA0B;IAC1B,KAAK,EAAE;QACL,aAAa,EAAE,OAAO,CAAC;QACvB,qBAAqB,EAAE,OAAO,CAAC;QAC/B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,cAAc,CA8EpD"}
+{"version":3,"file":"register_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/register_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAUrB,MAAM,MAAM,cAAc,GAAG;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,KAAK,EAAE;QACL,aAAa,EAAE,OAAO,CAAC;QACvB,eAAe,EAAE,OAAO,CAAC;QACzB,qBAAqB,EAAE,OAAO,CAAC;QAC/B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,oBAAoB,EAAE,MAAM,CAAC;QAC7B,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,cAAc,CAgEpD"}

package/dist/lib/register_config.server.js

@@ -7,10 +7,6 @@ import { get_password_requirements_config } from "./password_requirements_config
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
 import { get_user_fields_config } from "./user_fields_config.server.js";
 import { get_oauth_config } from "./oauth_config.server.js";
-// Default image path - consuming apps should either:
-// 1. Configure their own image_src in hazo_auth_config.ini
-// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
-const DEFAULT_REGISTER_IMAGE_PATH = "/hazo_auth/images/register_default.jpg";
 // section: helpers
 /**
  * Reads register layout configuration from hazo_auth_config.ini file
@@ -32,16 +28,12 @@ export function get_register_config() {
     // Read sign in link configuration
     const signInPath = get_config_value("hazo_auth__register_layout", "sign_in_path", "/hazo_auth/login");
     const signInLabel = get_config_value("hazo_auth__register_layout", "sign_in_label", "Sign in");
-    // Read image configuration
-    // If not set in config, falls back to default path-based image
-    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
-    const imageSrc = get_config_value("hazo_auth__register_layout", "image_src", DEFAULT_REGISTER_IMAGE_PATH);
-    const imageAlt = get_config_value("hazo_auth__register_layout", "image_alt", "Modern building representing user registration");
-    const imageBackgroundColor = get_config_value("hazo_auth__register_layout", "image_background_color", "#e2e8f0");
     // Get OAuth configuration (shared with login)
     const oauthConfig = get_oauth_config();
     // For the register page, default button text to "Sign up with Google" unless overridden
     const registerGoogleButtonText = get_config_value("hazo_auth__oauth", "google_button_text_register", "Sign up with Google");
+    // For the register page, default Facebook button text to "Sign up with Facebook" unless overridden
+    const registerFacebookButtonText = get_config_value("hazo_auth__oauth", "facebook_button_text_register", "Sign up with Facebook");
     return {
         showNameField,
         passwordRequirements,
@@ -52,13 +44,12 @@ export function get_register_config() {
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
         signInPath,
         signInLabel,
-        imageSrc,
-        imageAlt,
-        imageBackgroundColor,
         oauth: {
             enable_google: oauthConfig.enable_google,
+            enable_facebook: oauthConfig.enable_facebook,
             enable_email_password: oauthConfig.enable_email_password,
             google_button_text: registerGoogleButtonText,
+            facebook_button_text: registerFacebookButtonText,
             oauth_divider_text: oauthConfig.oauth_divider_text,
         },
     };

package/dist/lib/reset_password_config.server.d.ts

@@ -16,9 +16,6 @@ export type ResetPasswordConfig = {
         require_number: boolean;
         require_special: boolean;
     };
-    imageSrc: string;
-    imageAlt: string;
-    imageBackgroundColor: string;
 };
 /**
  * Reads reset password layout configuration from hazo_auth_config.ini file

package/dist/lib/reset_password_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"reset_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/reset_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAarB,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,yBAAyB,IAAI,mBAAmB,CAgE/D"}
+{"version":3,"file":"reset_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/reset_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAQrB,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,yBAAyB,IAAI,mBAAmB,CAyC/D"}

package/dist/lib/reset_password_config.server.js

@@ -5,10 +5,6 @@ import "server-only";
 import { get_config_value } from "./config/config_loader.server.js";
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
 import { get_password_requirements_config } from "./password_requirements_config.server.js";
-// Default image path - consuming apps should either:
-// 1. Configure their own image_src in hazo_auth_config.ini
-// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
-const DEFAULT_RESET_PASSWORD_IMAGE_PATH = "/hazo_auth/images/reset_password_default.jpg";
 // section: helpers
 /**
  * Reads reset password layout configuration from hazo_auth_config.ini file
@@ -29,12 +25,6 @@ export function get_reset_password_config() {
     const forgotPasswordPath = get_config_value(section, "forgot_password_path", "/hazo_auth/forgot_password");
     // Get shared password requirements
     const passwordRequirements = get_password_requirements_config();
-    // Read image configuration
-    // If not set in config, falls back to default path-based image
-    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
-    const imageSrc = get_config_value(section, "image_src", DEFAULT_RESET_PASSWORD_IMAGE_PATH);
-    const imageAlt = get_config_value(section, "image_alt", "Reset password illustration");
-    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         errorMessage,
         successMessage,
@@ -46,8 +36,5 @@ export function get_reset_password_config() {
         returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
         passwordRequirements,
-        imageSrc,
-        imageAlt,
-        imageBackgroundColor,
     };
 }

package/dist/lib/services/oauth_service.d.ts

@@ -24,6 +24,16 @@ export type OAuthLoginResult = {
     name?: string;
     error?: string;
 };
+export type FacebookOAuthData = {
+    /** Facebook's unique user ID */
+    facebook_id: string;
+    /** User's email address from Facebook (may be null if user denied email permission) */
+    email: string | null;
+    /** User's full name from Facebook profile */
+    name?: string;
+    /** User's profile picture URL from Facebook */
+    profile_picture_url?: string;
+};
 export type LinkGoogleResult = {
     success: boolean;
     error?: string;
@@ -45,6 +55,20 @@ export type AuthProvidersResult = {
  * @returns OAuth login result with user_id and status flags
  */
 export declare function handle_google_oauth_login(adapter: HazoConnectAdapter, data: GoogleOAuthData): Promise<OAuthLoginResult>;
+/**
+ * Handles Facebook OAuth login/registration flow
+ * 1. Check if user exists with facebook_id -> login
+ * 2. Check if user exists with email -> link Facebook account (respects auto_link_unverified)
+ * 3. Create new user with Facebook data (email_verified always false — never trust Facebook)
+ *
+ * @param adapter - The hazo_connect adapter instance
+ * @param data - Facebook OAuth user data
+ * @param opts - Options (auto_link_unverified: whether to link unverified accounts)
+ * @returns OAuth login result with user_id and status flags
+ */
+export declare function handle_facebook_oauth_login(adapter: HazoConnectAdapter, data: FacebookOAuthData, opts?: {
+    auto_link_unverified?: boolean;
+}): Promise<OAuthLoginResult>;
 /**
  * Links a Google account to an existing user
  * @param adapter - The hazo_connect adapter instance

package/dist/lib/services/oauth_service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/oauth_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AASvD,MAAM,MAAM,eAAe,GAAG;IAC5B,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6CAA6C;IAC7C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,6CAA6C;IAC7C,cAAc,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uDAAuD;IACvD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;;;GASG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,eAAe,GACpB,OAAO,CAAC,gBAAgB,CAAC,CAiL3B;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,CAAC,CAgE3B;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,kBAAkB,EAC3B,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CA2C9B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA0D/C"}
+{"version":3,"file":"oauth_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/oauth_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AASvD,MAAM,MAAM,eAAe,GAAG;IAC5B,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6CAA6C;IAC7C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,6CAA6C;IAC7C,cAAc,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uDAAuD;IACvD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,uFAAuF;IACvF,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,6CAA6C;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAE9B,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;;;GASG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,eAAe,GACpB,OAAO,CAAC,gBAAgB,CAAC,CAiL3B;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,iBAAiB,EACvB,IAAI,CAAC,EAAE;IAAE,oBAAoB,CAAC,EAAE,OAAO,CAAA;CAAE,GACxC,OAAO,CAAC,gBAAgB,CAAC,CAwK3B;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,CAAC,CAgE3B;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,kBAAkB,EAC3B,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CA2C9B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA0D/C"}