hazo_auth 6.1.1 → 7.0.1

package/dist/server/routes/oauth_facebook_callback.js

@@ -0,0 +1,157 @@
+// file_description: Custom OAuth callback handler that creates hazo_auth session after Facebook sign-in
+// section: imports
+import { NextResponse } from "next/server";
+import { getToken } from "next-auth/jwt";
+import { create_app_logger } from "../../lib/app_logger.js";
+import { create_session_token } from "../../lib/services/session_token_service.js";
+import { get_filename, get_line_number } from "../../lib/utils/api_route_helpers.js";
+import { get_login_config } from "../../lib/login_config.server.js";
+import { get_cookie_name, get_cookie_options, BASE_COOKIE_NAMES } from "../../lib/cookies_config.server.js";
+import { get_hazo_connect_instance } from "../../lib/hazo_connect_instance.server.js";
+import { get_post_login_redirect } from "../../lib/services/post_verification_service.js";
+import { get_oauth_config } from "../../lib/oauth_config.server.js";
+import { rewrite_request_for_proxy } from "../../lib/utils/proxy_request.js";
+// section: api_handler
+/**
+ * Handles the OAuth callback after Facebook sign-in
+ * The user creation/linking is done in NextAuth signIn callback
+ * This route just sets the hazo_auth session cookies
+ */
+export async function facebookCallbackGET(original_request) {
+    // Rewrite request.url to public origin when behind a reverse proxy.
+    const request = rewrite_request_for_proxy(original_request);
+    const logger = create_app_logger();
+    // Detect if request came through HTTPS proxy (Cloudflare tunnel, etc.)
+    const is_secure = original_request.headers.get("x-forwarded-proto") === "https" ||
+        request.url.startsWith("https://");
+    // Resolve the configured sign-in page up-front so early error redirects
+    // honour [hazo_auth__oauth] sign_in_page just like the success path.
+    const sign_in_page = get_oauth_config().sign_in_page;
+    try {
+        // Get the NextAuth token from the session
+        const token = (await getToken({
+            req: request,
+            secureCookie: is_secure,
+        }));
+        logger.debug("facebook_callback_token_received", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            has_token: !!token,
+            has_email: !!(token === null || token === void 0 ? void 0 : token.email),
+            has_hazo_user_id: !!(token === null || token === void 0 ? void 0 : token.hazo_user_id),
+        });
+        if (!token) {
+            logger.warn("facebook_callback_no_token", {
+                filename: get_filename(),
+                line_number: get_line_number(),
+                note: "No NextAuth token found - user may not have completed Facebook sign-in",
+            });
+            const login_url = new URL(sign_in_page, request.url);
+            login_url.searchParams.set("error", "oauth_failed");
+            return NextResponse.redirect(login_url.toString());
+        }
+        // Validate we have the required data
+        if (!token.email || !token.hazo_user_id) {
+            logger.warn("facebook_callback_missing_data", {
+                filename: get_filename(),
+                line_number: get_line_number(),
+                has_email: !!token.email,
+                has_hazo_user_id: !!token.hazo_user_id,
+            });
+            const login_url = new URL(sign_in_page, request.url);
+            login_url.searchParams.set("error", "oauth_incomplete");
+            return NextResponse.redirect(login_url.toString());
+        }
+        const user_id = token.hazo_user_id;
+        const email = token.email;
+        logger.debug("facebook_callback_success", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+            email,
+        });
+        // Get redirect URL based on user's scope/invitation status
+        const loginConfig = get_login_config();
+        const oauthConfig = get_oauth_config();
+        // Per-request override: same `?next=` pattern as Google callback.
+        const raw_next = request.nextUrl.searchParams.get("next");
+        const safe_next = raw_next &&
+            raw_next.startsWith("/") &&
+            !raw_next.startsWith("//") &&
+            !/^[a-z][a-z0-9+.\-]*:/i.test(raw_next)
+            ? raw_next
+            : null;
+        // Check if user needs onboarding
+        const hazoConnect = get_hazo_connect_instance();
+        const { redirect_url: determined_redirect, needs_onboarding, invitation_check_skipped, invitation_table_error, } = await get_post_login_redirect(hazoConnect, user_id, email, {
+            default_redirect: safe_next || oauthConfig.default_redirect || loginConfig.redirectRoute || "/",
+            create_firm_url: oauthConfig.create_firm_url,
+            skip_invitation_check: oauthConfig.skip_invitation_check,
+            no_scope_redirect: safe_next || oauthConfig.no_scope_redirect,
+        });
+        // Log warning if invitation table is missing
+        if (invitation_table_error) {
+            logger.warn("invitation_table_missing", {
+                filename: get_filename(),
+                line_number: get_line_number(),
+                user_id,
+                email,
+                note: "hazo_invitations table does not exist - run migration or set skip_invitation_check=true in [hazo_auth__oauth]",
+            });
+        }
+        logger.debug("facebook_callback_post_login_redirect", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+            email,
+            redirect_url: determined_redirect,
+            needs_onboarding,
+            invitation_check_skipped,
+            invitation_table_error,
+        });
+        // Create redirect response
+        const redirect_url = new URL(determined_redirect, request.url);
+        const response = NextResponse.redirect(redirect_url.toString());
+        // Set authentication cookies
+        const base_cookie_options = {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === "production" || is_secure,
+            sameSite: "lax",
+            path: "/",
+            maxAge: 60 * 60 * 24 * 30, // 30 days
+        };
+        const cookie_options = get_cookie_options(base_cookie_options);
+        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.USER_ID), user_id, cookie_options);
+        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.USER_EMAIL), email, cookie_options);
+        // Create and set JWT session token
+        try {
+            const session_token = await create_session_token(user_id, email);
+            response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.SESSION), session_token, cookie_options);
+        }
+        catch (token_error) {
+            const token_error_message = token_error instanceof Error ? token_error.message : "Unknown error";
+            logger.warn("facebook_callback_session_token_creation_failed", {
+                filename: get_filename(),
+                line_number: get_line_number(),
+                user_id,
+                email,
+                error: token_error_message,
+                note: "OAuth login succeeded but session token creation failed - using legacy cookies",
+            });
+        }
+        return response;
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        const error_stack = error instanceof Error ? error.stack : undefined;
+        logger.error("facebook_callback_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+            error_stack,
+        });
+        const login_url = new URL(sign_in_page, request.url);
+        login_url.searchParams.set("error", "oauth_error");
+        return NextResponse.redirect(login_url.toString());
+    }
+}

package/dist/server/routes/oauth_google_callback.js

@@ -172,7 +172,7 @@ export async function GET(original_request) {
             error_message,
             error_stack,
         });
-        const login_url = new URL("/hazo_auth/login", request.url);
+        const login_url = new URL(sign_in_page, request.url);
         login_url.searchParams.set("error", "oauth_error");
         return NextResponse.redirect(login_url.toString());
     }

package/dist/server_pages/forgot_password.d.ts

@@ -1,21 +1,5 @@
 import "server-only";
-import type { StaticImageData } from "next/image";
 export type ForgotPasswordPageProps = {
-    /**
-     * Optional image source for the visual panel
-     * Defaults from hazo_auth_config.ini or package default image
-     */
-    image_src?: string | StaticImageData;
-    /**
-     * Optional image alt text
-     * Defaults to "Password recovery illustration"
-     */
-    image_alt?: string;
-    /**
-     * Optional image background color
-     * Defaults to "#f1f5f9"
-     */
-    image_background_color?: string;
     /**
      * Optional sign in path
      * Defaults from DEFAULT_FORGOT_PASSWORD.loginPath
@@ -26,6 +10,18 @@ export type ForgotPasswordPageProps = {
      * Defaults from DEFAULT_FORGOT_PASSWORD.loginLabel
      */
     sign_in_label?: string;
+    /**
+     * Optional theme that controls visual appearance and layout mode.
+     * When `theme.layout` is `"split"`, activates the two-column split layout
+     * with the brand panel on the left.
+     */
+    theme?: import("../theme/theme_types").HazoAuthTheme;
+    /** Override the page heading. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    title?: string;
+    /** Override the page subtitle. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    subtitle?: string;
+    /** Override the submit button label. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    ctaText?: string;
 };
 /**
  * Zero-config ForgotPasswordPage server component
@@ -47,7 +43,7 @@ export type ForgotPasswordPageProps = {
  *
  * Zero configuration required - works out of the box!
  *
- * @param props - Optional visual and navigation customization props
+ * @param props - Optional navigation customization props
  * @returns Server-rendered forgot password page
  */
 export default function ForgotPasswordPage(props: ForgotPasswordPageProps): import("react/jsx-runtime").JSX.Element;

package/dist/server_pages/forgot_password.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAQrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG;IACpC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,kBAAkB,CAAC,KAAK,EAAE,uBAAuB,2CAiCxE;AAGD,OAAO,EAAE,kBAAkB,EAAE,CAAC"}
+{"version":3,"file":"forgot_password.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAUrB,MAAM,MAAM,uBAAuB,GAAG;IACpC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,sBAAsB,EAAE,aAAa,CAAC;IACrD,0FAA0F;IAC1F,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2FAA2F;IAC3F,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iGAAiG;IACjG,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,kBAAkB,CAAC,KAAK,EAAE,uBAAuB,2CAoCxE;AAGD,OAAO,EAAE,kBAAkB,EAAE,CAAC"}

package/dist/server_pages/forgot_password.js

@@ -7,6 +7,7 @@ import { get_forgot_password_config } from "../lib/forgot_password_config.server
 import { ForgotPasswordClientWrapper } from "./forgot_password_client_wrapper.js";
 import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
 import { DEFAULT_FORGOT_PASSWORD } from "../lib/config/default_config.js";
+import { DEFAULT_STRINGS, readStrings } from "../strings.js";
 // section: component
 /**
  * Zero-config ForgotPasswordPage server component
@@ -28,19 +29,22 @@ import { DEFAULT_FORGOT_PASSWORD } from "../lib/config/default_config.js";
  *
  * Zero configuration required - works out of the box!
  *
- * @param props - Optional visual and navigation customization props
+ * @param props - Optional navigation customization props
  * @returns Server-rendered forgot password page
  */
 export default function ForgotPasswordPage(props) {
-    const { image_src, image_alt, image_background_color, sign_in_path = DEFAULT_FORGOT_PASSWORD.loginPath, sign_in_label = DEFAULT_FORGOT_PASSWORD.loginLabel, } = props !== null && props !== void 0 ? props : {};
-    // Load configuration from INI file (with defaults including asset images)
+    var _a, _b, _c;
+    const { sign_in_path = DEFAULT_FORGOT_PASSWORD.loginPath, sign_in_label = DEFAULT_FORGOT_PASSWORD.loginLabel, theme, title, subtitle, ctaText, } = props !== null && props !== void 0 ? props : {};
+    // Resolve strings: prop > HazoAuthStringsProvider > DEFAULT_STRINGS
+    const strings = readStrings();
+    const fp_strings = strings.forgot_password;
+    const resolved_title = (_a = title !== null && title !== void 0 ? title : fp_strings.title) !== null && _a !== void 0 ? _a : DEFAULT_STRINGS.forgot_password.title;
+    const resolved_subtitle = (_b = subtitle !== null && subtitle !== void 0 ? subtitle : fp_strings.subtitle) !== null && _b !== void 0 ? _b : DEFAULT_STRINGS.forgot_password.subtitle;
+    const resolved_cta = (_c = ctaText !== null && ctaText !== void 0 ? ctaText : fp_strings.ctaText) !== null && _c !== void 0 ? _c : DEFAULT_STRINGS.forgot_password.ctaText;
+    // Load configuration from INI file (with defaults)
     const config = get_forgot_password_config();
-    // Use props if provided, otherwise fall back to config (which includes default asset image)
-    const finalImageSrc = image_src || config.imageSrc;
-    const finalImageAlt = image_alt || config.imageAlt;
-    const finalImageBackgroundColor = image_background_color || config.imageBackgroundColor;
     // Pass serializable config to client wrapper, wrapped in AuthPageShell for navbar support
-    return (_jsx(AuthPageShell, { children: _jsx(ForgotPasswordClientWrapper, { image_src: finalImageSrc, image_alt: finalImageAlt, image_background_color: finalImageBackgroundColor, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath }) }));
+    return (_jsx(AuthPageShell, { children: _jsx(ForgotPasswordClientWrapper, { sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, theme: theme, labels: { heading: resolved_title, subHeading: resolved_subtitle, submitButton: resolved_cta } }) }));
 }
 // Named export for direct imports
 export { ForgotPasswordPage };

package/dist/server_pages/forgot_password_client_wrapper.d.ts

@@ -1,15 +1,16 @@
 import type { ForgotPasswordConfig } from "../lib/forgot_password_config.server";
-import type { StaticImageData } from "next/image";
-export type ForgotPasswordClientWrapperProps = Omit<ForgotPasswordConfig, 'imageSrc' | 'imageAlt' | 'imageBackgroundColor'> & {
-    image_src: string | StaticImageData;
-    image_alt: string;
-    image_background_color: string;
+import type { HazoAuthTheme } from "../theme/theme_types";
+export type ForgotPasswordClientWrapperProps = ForgotPasswordConfig & {
     sign_in_path: string;
     sign_in_label: string;
+    /** Optional theme passed through to ForgotPasswordLayout → TwoColumnAuthLayout. */
+    theme?: HazoAuthTheme;
+    /** Optional label overrides (heading, subHeading, submitButton) */
+    labels?: import("../components/layouts/shared/config/layout_customization").LayoutLabelOverrides;
 };
 /**
  * Client wrapper for ForgotPasswordLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export declare function ForgotPasswordClientWrapper({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, }: ForgotPasswordClientWrapperProps): import("react/jsx-runtime").JSX.Element;
+export declare function ForgotPasswordClientWrapper({ sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, theme, labels, }: ForgotPasswordClientWrapperProps): import("react/jsx-runtime").JSX.Element;
 //# sourceMappingURL=forgot_password_client_wrapper.d.ts.map

package/dist/server_pages/forgot_password_client_wrapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAGjF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,gCAAgC,GAAG,IAAI,CAAC,oBAAoB,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,CAAC,GAAG;IAC5H,SAAS,EAAE,MAAM,GAAG,eAAe,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAGF;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,GACf,EAAE,gCAAgC,2CAmClC"}
+{"version":3,"file":"forgot_password_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAG1D,MAAM,MAAM,gCAAgC,GAAG,oBAAoB,GAAG;IACpE,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,mFAAmF;IACnF,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,mEAAmE;IACnE,MAAM,CAAC,EAAE,OAAO,0DAA0D,EAAE,oBAAoB,CAAC;CAClG,CAAC;AAGF;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,YAAY,EACZ,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,KAAK,EACL,MAAM,GACP,EAAE,gCAAgC,2CAkClC"}

package/dist/server_pages/forgot_password_client_wrapper.js

@@ -11,7 +11,7 @@ import { create_sqlite_hazo_connect } from "../lib/hazo_connect_setup.js";
  * Client wrapper for ForgotPasswordLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export function ForgotPasswordClientWrapper({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, }) {
+export function ForgotPasswordClientWrapper({ sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, theme, labels, }) {
     const [dataClient, setDataClient] = useState(null);
     useEffect(() => {
         // Initialize hazo_connect on client side
@@ -23,5 +23,5 @@ export function ForgotPasswordClientWrapper({ image_src, image_alt, image_backgr
     if (!dataClient) {
         return (_jsx("div", { className: "cls_forgot_password_page_loading flex items-center justify-center min-h-screen", children: _jsx("div", { className: "text-slate-600 animate-pulse", children: "Loading..." }) }));
     }
-    return (_jsx(ForgotPasswordLayout, { image_src: image_src, image_alt: image_alt, image_background_color: image_background_color, data_client: dataClient, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath }));
+    return (_jsx(ForgotPasswordLayout, { data_client: dataClient, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, theme: theme, labels: labels }));
 }

package/dist/server_pages/login.d.ts

@@ -1,33 +1,34 @@
 import "server-only";
-import type { StaticImageData } from "next/image";
+import type React from "react";
 export type LoginPageProps = {
-    /**
-     * Optional image source for the visual panel
-     * Defaults from hazo_auth_config.ini or package default image
-     */
-    image_src?: string | StaticImageData;
-    /**
-     * Optional image alt text
-     * Defaults to "Secure login illustration"
-     */
-    image_alt?: string;
-    /**
-     * Optional image background color
-     * Defaults to "#f1f5f9"
-     */
-    image_background_color?: string;
     /**
      * Layout mode (default: `"two_column"`).
      * - `"two_column"` — full server-rendered page with the package's
-     *   TwoColumnAuthLayout (image on the left, form on the right) wrapped in
-     *   the standalone AuthPageShell. Backwards-compatible.
+     *   TwoColumnAuthLayout wrapped in the standalone AuthPageShell.
+     *   Layout appearance is now controlled by the theme (split or centered).
      * - `"form_only"` — emits just the form content (no AuthPageShell, no
      *   TwoColumnAuthLayout). Use when wrapping the form in your own brand
-     *   chrome (e.g. a custom split-panel layout or an existing app shell).
-     *   `image_src` / `image_alt` / `image_background_color` are ignored in
-     *   this mode.
+     *   chrome.
      */
     layout?: "two_column" | "form_only";
+    /**
+     * Optional theme that controls visual appearance and layout mode.
+     * When `theme.layout` is `"split"`, activates the two-column split layout
+     * with the brand panel on the left.
+     */
+    theme?: import("../theme/theme_types").HazoAuthTheme;
+    /** Override the page heading. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    title?: string;
+    /** Override the page subtitle. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    subtitle?: string;
+    /** Override the submit button label. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    ctaText?: string;
+    /**
+     * Optional legal text rendered below the form.
+     * Accepts a string or JSX (e.g. `<a href="/tos">Terms of Service</a>`).
+     * Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
+     */
+    legalText?: React.ReactNode;
 };
 /**
  * Zero-config LoginPage server component

package/dist/server_pages/login.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/server_pages/login.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AASrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,cAAc,GAAG;IAC3B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC;;;;;;;;;;OAUG;IACH,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;CACrC,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,KAAK,EAAE,cAAc,2CAoEtD;AAGD,OAAO,EAAE,SAAS,EAAE,CAAC"}
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/server_pages/login.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAIrB,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAQ/B,MAAM,MAAM,cAAc,GAAG;IAC3B;;;;;;;;OAQG;IACH,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;IACpC;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,sBAAsB,EAAE,aAAa,CAAC;IACrD,0FAA0F;IAC1F,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2FAA2F;IAC3F,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iGAAiG;IACjG,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,SAAS,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC7B,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,KAAK,EAAE,cAAc,2CAkEtD;AAGD,OAAO,EAAE,SAAS,EAAE,CAAC"}

package/dist/server_pages/login.js

@@ -2,12 +2,12 @@ import { jsx as _jsx, Fragment as _Fragment, jsxs as _jsxs } from "react/jsx-run
 // file_description: Zero-config LoginPage server component - drop in and use with no configuration required
 // section: server-only-guard
 import "server-only";
-// section: imports
 import { get_login_config } from "../lib/login_config.server.js";
 import { get_navbar_config } from "../lib/navbar_config.server.js";
 import { LoginClientWrapper } from "./login_client_wrapper.js";
 import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
 import { FloatingHomeLink } from "../components/layouts/shared/components/floating_home_link.js";
+import { DEFAULT_STRINGS, readStrings } from "../strings.js";
 // section: component
 /**
  * Zero-config LoginPage server component
@@ -33,29 +33,25 @@ import { FloatingHomeLink } from "../components/layouts/shared/components/floati
  * @returns Server-rendered login page
  */
 export default function LoginPage(props) {
-    const { image_src, image_alt, image_background_color, layout = "two_column", } = props !== null && props !== void 0 ? props : {};
-    // Load configuration from INI file (with defaults including asset images)
+    var _a, _b, _c;
+    const { layout = "two_column", theme, title, subtitle, ctaText, legalText, } = props !== null && props !== void 0 ? props : {};
+    // Resolve strings: prop > HazoAuthStringsProvider > DEFAULT_STRINGS
+    const strings = readStrings();
+    const login_strings = strings.login;
+    const resolved_title = (_a = title !== null && title !== void 0 ? title : login_strings.title) !== null && _a !== void 0 ? _a : DEFAULT_STRINGS.login.title;
+    const resolved_subtitle = (_b = subtitle !== null && subtitle !== void 0 ? subtitle : login_strings.subtitle) !== null && _b !== void 0 ? _b : DEFAULT_STRINGS.login.subtitle;
+    const resolved_cta = (_c = ctaText !== null && ctaText !== void 0 ? ctaText : login_strings.ctaText) !== null && _c !== void 0 ? _c : DEFAULT_STRINGS.login.ctaText;
+    const resolved_legal = legalText !== undefined ? legalText : (login_strings.legalText || undefined);
+    // Load configuration from INI file (with defaults)
     const config = get_login_config();
-    // Use props if provided, otherwise fall back to config (which includes default asset image)
-    const finalImageSrc = image_src || config.imageSrc;
-    const finalImageAlt = image_alt || config.imageAlt;
-    const finalImageBackgroundColor = image_background_color || config.imageBackgroundColor;
-    const wrapper = (_jsx(LoginClientWrapper, { image_src: finalImageSrc, image_alt: finalImageAlt, image_background_color: finalImageBackgroundColor, redirectRoute: config.redirectRoute, successMessage: config.successMessage, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, forgotPasswordPath: config.forgotPasswordPath, forgotPasswordLabel: config.forgotPasswordLabel, createAccountPath: config.createAccountPath, createAccountLabel: config.createAccountLabel, showCreateAccountLink: config.showCreateAccountLink, oauth: {
+    const wrapper = (_jsx(LoginClientWrapper, { redirectRoute: config.redirectRoute, successMessage: config.successMessage, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, forgotPasswordPath: config.forgotPasswordPath, forgotPasswordLabel: config.forgotPasswordLabel, createAccountPath: config.createAccountPath, createAccountLabel: config.createAccountLabel, showCreateAccountLink: config.showCreateAccountLink, oauth: {
             enable_google: config.oauth.enable_google,
             enable_email_password: config.oauth.enable_email_password,
             google_button_text: config.oauth.google_button_text,
             oauth_divider_text: config.oauth.oauth_divider_text,
-        }, otpSigninEnabled: config.otpSigninEnabled, otpSigninLabel: config.otpSigninLabel, otpSigninHref: config.otpSigninHref, layout: layout }));
-    // form_only mode: skip AuthPageShell so the consumer's own page chrome
-    // (e.g. a split-panel AuthLayout) hosts the form without our standalone
-    // wrapper interfering. Two-column mode keeps the existing AuthPageShell
-    // wrap for navbar/centering support.
-    //
-    // The navbar config's home_link is also surfaced here in form_only mode
-    // so users mid-auth-flow always have a way out — without this, the only
-    // exit is the browser back button. Rendered as a fixed-position "Back to
-    // home" pill (top-left). Disabled by setting `[hazo_auth__navbar]
-    // show_home_link = false` or by hiding it CSS-side at the consumer.
+            enable_facebook: config.oauth.enable_facebook,
+            facebook_button_text: config.oauth.facebook_button_text,
+        }, otpSigninEnabled: config.otpSigninEnabled, otpSigninLabel: config.otpSigninLabel, otpSigninHref: config.otpSigninHref, layout: layout, theme: theme, labels: { heading: resolved_title, subHeading: resolved_subtitle, submitButton: resolved_cta }, legalText: resolved_legal }));
     if (layout === "form_only") {
         const navbar = get_navbar_config();
         return (_jsxs(_Fragment, { children: [navbar.show_home_link && (_jsx(FloatingHomeLink, { path: navbar.home_path, label: navbar.home_label })), wrapper] }));

package/dist/server_pages/login_client_wrapper.d.ts

@@ -1,20 +1,24 @@
+import React from "react";
 import type { LoginConfig } from "../lib/login_config.server";
 import type { OAuthLayoutConfig } from "../components/layouts/login/index";
-import type { StaticImageData } from "next/image";
-export type LoginClientWrapperProps = Omit<LoginConfig, 'imageSrc' | 'imageAlt' | 'imageBackgroundColor' | 'oauth' | 'showCreateAccountLink'> & {
-    image_src?: string | StaticImageData;
-    image_alt?: string;
-    image_background_color?: string;
+import type { HazoAuthTheme } from "../theme/theme_types";
+export type LoginClientWrapperProps = Omit<LoginConfig, 'oauth' | 'showCreateAccountLink'> & {
     /** Show/hide "Create account" link (default: true) */
     showCreateAccountLink?: boolean;
     /** OAuth configuration */
     oauth?: OAuthLayoutConfig;
     /** Layout mode — see LoginLayoutProps.layout. Default `"two_column"`. */
     layout?: "two_column" | "form_only";
+    /** Optional theme passed through to LoginLayout → TwoColumnAuthLayout. */
+    theme?: HazoAuthTheme;
+    /** Optional label overrides (heading, subHeading, submitButton) */
+    labels?: import("../components/layouts/shared/config/layout_customization").LayoutLabelOverrides;
+    /** Optional legal text rendered below the form (accepts ReactNode for links/JSX) */
+    legalText?: React.ReactNode;
 };
 /**
  * Client wrapper for LoginLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export declare function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink, oauth, otpSigninEnabled, otpSigninLabel, otpSigninHref, layout, }: LoginClientWrapperProps): import("react/jsx-runtime").JSX.Element;
+export declare function LoginClientWrapper({ redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink, oauth, otpSigninEnabled, otpSigninLabel, otpSigninHref, layout, theme, labels, legalText, }: LoginClientWrapperProps): import("react/jsx-runtime").JSX.Element;
 //# sourceMappingURL=login_client_wrapper.d.ts.map

package/dist/server_pages/login_client_wrapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/login_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAG3E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,GAAG,OAAO,GAAG,uBAAuB,CAAC,GAAG;IAC9I,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,0BAA0B;IAC1B,KAAK,CAAC,EAAE,iBAAiB,CAAC;IAC1B,yEAAyE;IACzE,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;CACrC,CAAC;AAGF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EACjC,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,aAAa,EACb,cAAc,EACd,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,qBAA4B,EAC5B,KAAK,EACL,gBAAwB,EACxB,cAA0C,EAC1C,aAAgC,EAChC,MAAqB,GACtB,EAAE,uBAAuB,2CA6CzB"}
+{"version":3,"file":"login_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/login_client_wrapper.tsx"],"names":[],"mappings":"AAIA,OAAO,KAA8B,MAAM,OAAO,CAAC;AAKnD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAG1D,MAAM,MAAM,uBAAuB,GAAG,IAAI,CAAC,WAAW,EAAE,OAAO,GAAG,uBAAuB,CAAC,GAAG;IAC3F,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,0BAA0B;IAC1B,KAAK,CAAC,EAAE,iBAAiB,CAAC;IAC1B,yEAAyE;IACzE,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;IACpC,0EAA0E;IAC1E,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,mEAAmE;IACnE,MAAM,CAAC,EAAE,OAAO,0DAA0D,EAAE,oBAAoB,CAAC;IACjG,oFAAoF;IACpF,SAAS,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC7B,CAAC;AAGF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EACjC,aAAa,EACb,cAAc,EACd,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,qBAA4B,EAC5B,KAAK,EACL,gBAAwB,EACxB,cAA0C,EAC1C,aAAgC,EAChC,MAAqB,EACrB,KAAK,EACL,MAAM,EACN,SAAS,GACV,EAAE,uBAAuB,2CA6CzB"}

package/dist/server_pages/login_client_wrapper.js

@@ -11,7 +11,7 @@ import { create_sqlite_hazo_connect } from "../lib/hazo_connect_setup.js";
  * Client wrapper for LoginLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink = true, oauth, otpSigninEnabled = false, otpSigninLabel = "Sign in with email code", otpSigninHref = "/hazo_auth/otp", layout = "two_column", }) {
+export function LoginClientWrapper({ redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink = true, oauth, otpSigninEnabled = false, otpSigninLabel = "Sign in with email code", otpSigninHref = "/hazo_auth/otp", layout = "two_column", theme, labels, legalText, }) {
     const [dataClient, setDataClient] = useState(null);
     useEffect(() => {
         // Initialize hazo_connect on client side
@@ -23,5 +23,5 @@ export function LoginClientWrapper({ image_src, image_alt, image_background_colo
     if (!dataClient) {
         return (_jsx("div", { className: "cls_login_page_loading flex items-center justify-center min-h-screen", children: _jsx("div", { className: "text-slate-600 animate-pulse", children: "Loading..." }) }));
     }
-    return (_jsx(LoginLayout, { image_src: image_src, image_alt: image_alt, image_background_color: image_background_color, data_client: dataClient, redirectRoute: redirectRoute, successMessage: successMessage, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, forgot_password_path: forgotPasswordPath, forgot_password_label: forgotPasswordLabel, create_account_path: createAccountPath, create_account_label: createAccountLabel, show_create_account_link: showCreateAccountLink, oauth: oauth, otp_signin_enabled: otpSigninEnabled, otp_signin_label: otpSigninLabel, otp_signin_href: otpSigninHref, layout: layout }));
+    return (_jsx(LoginLayout, { data_client: dataClient, redirectRoute: redirectRoute, successMessage: successMessage, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, forgot_password_path: forgotPasswordPath, forgot_password_label: forgotPasswordLabel, create_account_path: createAccountPath, create_account_label: createAccountLabel, show_create_account_link: showCreateAccountLink, oauth: oauth, otp_signin_enabled: otpSigninEnabled, otp_signin_label: otpSigninLabel, otp_signin_href: otpSigninHref, layout: layout, theme: theme, labels: labels, legalText: legalText }));
 }

package/dist/server_pages/my_settings.d.ts

@@ -4,6 +4,8 @@ export type MySettingsPageProps = {
      * Optional className for custom styling
      */
     className?: string;
+    /** Override the page heading. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    title?: string;
 };
 /**
  * Zero-config MySettingsPage server component

package/dist/server_pages/my_settings.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"my_settings.d.ts","sourceRoot":"","sources":["../../src/server_pages/my_settings.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAQrB,MAAM,MAAM,mBAAmB,GAAG;IAChC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AACH,MAAM,CAAC,OAAO,UAAU,cAAc,CAAC,KAAK,EAAE,mBAAmB,2CAiChE;AAGD,OAAO,EAAE,cAAc,EAAE,CAAC"}
+{"version":3,"file":"my_settings.d.ts","sourceRoot":"","sources":["../../src/server_pages/my_settings.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AASrB,MAAM,MAAM,mBAAmB,GAAG;IAChC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0FAA0F;IAC1F,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AACH,MAAM,CAAC,OAAO,UAAU,cAAc,CAAC,KAAK,EAAE,mBAAmB,2CAuChE;AAGD,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/server_pages/my_settings.js

@@ -6,6 +6,7 @@ import "server-only";
 import { get_my_settings_config } from "../lib/my_settings_config.server.js";
 import MySettingsLayout from "../components/layouts/my_settings/index.js";
 import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
+import { DEFAULT_STRINGS, readStrings } from "../strings.js";
 // section: component
 /**
  * Zero-config MySettingsPage server component
@@ -53,11 +54,16 @@ import { AuthPageShell } from "../components/layouts/shared/components/auth_page
  * @returns Server-rendered my settings component
  */
 export default function MySettingsPage(props) {
-    const { className } = props !== null && props !== void 0 ? props : {};
+    var _a;
+    const { className, title } = props !== null && props !== void 0 ? props : {};
+    // Resolve strings: prop > HazoAuthStringsProvider > DEFAULT_STRINGS
+    const strings = readStrings();
+    const ms_strings = strings.my_settings;
+    const resolved_title = (_a = title !== null && title !== void 0 ? title : ms_strings.title) !== null && _a !== void 0 ? _a : DEFAULT_STRINGS.my_settings.title;
     // Load configuration from INI file (with defaults)
     const config = get_my_settings_config();
     // Render layout with all server-initialized configuration, wrapped in AuthPageShell for navbar support
-    return (_jsx(AuthPageShell, { children: _jsx(MySettingsLayout, { className: className, password_requirements: config.passwordRequirements, profilePicture: config.profilePicture, userFields: config.userFields, unauthorizedMessage: config.unauthorizedMessage, loginButtonLabel: config.loginButtonLabel, loginPath: config.loginPath, heading: config.heading, subHeading: config.subHeading, profilePhotoLabel: config.profilePhotoLabel, profilePhotoRecommendation: config.profilePhotoRecommendation, uploadPhotoButtonLabel: config.uploadPhotoButtonLabel, removePhotoButtonLabel: config.removePhotoButtonLabel, profileInformationLabel: config.profileInformationLabel, passwordLabel: config.passwordLabel, currentPasswordLabel: config.currentPasswordLabel, newPasswordLabel: config.newPasswordLabel, confirmPasswordLabel: config.confirmPasswordLabel, messages: config.messages, uiSizes: config.uiSizes, fileTypes: config.fileTypes }) }));
+    return (_jsx(AuthPageShell, { children: _jsx(MySettingsLayout, { className: className, password_requirements: config.passwordRequirements, profilePicture: config.profilePicture, userFields: config.userFields, unauthorizedMessage: config.unauthorizedMessage, loginButtonLabel: config.loginButtonLabel, loginPath: config.loginPath, heading: resolved_title, subHeading: config.subHeading, profilePhotoLabel: config.profilePhotoLabel, profilePhotoRecommendation: config.profilePhotoRecommendation, uploadPhotoButtonLabel: config.uploadPhotoButtonLabel, removePhotoButtonLabel: config.removePhotoButtonLabel, profileInformationLabel: config.profileInformationLabel, passwordLabel: config.passwordLabel, currentPasswordLabel: config.currentPasswordLabel, newPasswordLabel: config.newPasswordLabel, confirmPasswordLabel: config.confirmPasswordLabel, messages: config.messages, uiSizes: config.uiSizes, fileTypes: config.fileTypes }) }));
 }
 // Named export for direct imports
 export { MySettingsPage };

package/dist/server_pages/otp.d.ts

@@ -12,9 +12,23 @@ export type OTPPageProps = {
     };
     /**
      * Page heading passed through to OTPLayout.
-     * Defaults to "Sign in with email code".
+     * Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
      */
     title?: string;
+    /**
+     * Page subtitle. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
+     */
+    subtitle?: string;
+    /**
+     * Submit button label. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
+     */
+    ctaText?: string;
+    /**
+     * Optional theme that controls visual appearance and layout mode.
+     * When `theme.layout` is `"split"`, activates the two-column split layout
+     * with the brand panel on the left.
+     */
+    theme?: import("../theme/theme_types").HazoAuthTheme;
 };
 /**
  * Zero-config OTPPage server component
@@ -37,6 +51,6 @@ export type OTPPageProps = {
  * @param props - Optional searchParams and title
  * @returns Server-rendered OTP sign-in page
  */
-export default function OTPPage({ searchParams, title, }?: OTPPageProps): Promise<React.ReactElement>;
+export default function OTPPage({ searchParams, title, subtitle, ctaText, theme, }?: OTPPageProps): Promise<React.ReactElement>;
 export { OTPPage };
 //# sourceMappingURL=otp.d.ts.map

package/dist/server_pages/otp.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"otp.d.ts","sourceRoot":"","sources":["../../src/server_pages/otp.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAK/B,MAAM,MAAM,YAAY,GAAG;IACzB;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAEtE;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAA8B,OAAO,CAAC,EACpC,YAAY,EACZ,KAAK,GACN,GAAE,YAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAYjD;AAGD,OAAO,EAAE,OAAO,EAAE,CAAC"}
+{"version":3,"file":"otp.d.ts","sourceRoot":"","sources":["../../src/server_pages/otp.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAM/B,MAAM,MAAM,YAAY,GAAG;IACzB;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAEtE;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,sBAAsB,EAAE,aAAa,CAAC;CACtD,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAA8B,OAAO,CAAC,EACpC,YAAY,EACZ,KAAK,EACL,QAAQ,EACR,OAAO,EACP,KAAK,GACN,GAAE,YAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAyBjD;AAGD,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/server_pages/otp.js

@@ -4,6 +4,7 @@ import { jsx as _jsx } from "react/jsx-runtime";
 import "server-only";
 import { OTPLayout } from "../components/layouts/otp.js";
 import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
+import { DEFAULT_STRINGS, readStrings } from "../strings.js";
 // section: component
 /**
  * Zero-config OTPPage server component
@@ -26,13 +27,19 @@ import { AuthPageShell } from "../components/layouts/shared/components/auth_page
  * @param props - Optional searchParams and title
  * @returns Server-rendered OTP sign-in page
  */
-export default async function OTPPage({ searchParams, title, } = {}) {
-    var _a;
+export default async function OTPPage({ searchParams, title, subtitle, ctaText, theme, } = {}) {
+    var _a, _b, _c, _d;
     const params = searchParams instanceof Promise
         ? await searchParams
         : (searchParams !== null && searchParams !== void 0 ? searchParams : {});
     const redirect_url = (_a = params.redirect) !== null && _a !== void 0 ? _a : "/";
-    return (_jsx(AuthPageShell, { children: _jsx(OTPLayout, { redirect_url: redirect_url, title: title }) }));
+    // Resolve strings: prop > HazoAuthStringsProvider > DEFAULT_STRINGS
+    const strings = readStrings();
+    const otp_strings = strings.otp;
+    const resolved_title = (_b = title !== null && title !== void 0 ? title : otp_strings.title) !== null && _b !== void 0 ? _b : DEFAULT_STRINGS.otp.title;
+    const resolved_subtitle = (_c = subtitle !== null && subtitle !== void 0 ? subtitle : otp_strings.subtitle) !== null && _c !== void 0 ? _c : DEFAULT_STRINGS.otp.subtitle;
+    const resolved_cta = (_d = ctaText !== null && ctaText !== void 0 ? ctaText : otp_strings.ctaText) !== null && _d !== void 0 ? _d : DEFAULT_STRINGS.otp.ctaText;
+    return (_jsx(AuthPageShell, { children: _jsx(OTPLayout, { redirect_url: redirect_url, title: resolved_title, subtitle: resolved_subtitle, ctaText: resolved_cta, theme: theme }) }));
 }
 // Named export for direct imports
 export { OTPPage };