hazo_auth 7.0.1 → 7.0.2

package/dist/lib/cookies_config.server.js

@@ -14,10 +14,10 @@ export const BASE_COOKIE_NAMES = {
     USER_ID: "hazo_auth_user_id",
     USER_EMAIL: "hazo_auth_user_email",
     SESSION: "hazo_auth_session",
-    SESSION_KIND: "hazo_auth_session_kind", // v6.1: marks OTP-issued sessions so /me can apply sliding expiry
     DEV_LOCK: "hazo_auth_dev_lock",
     SCOPE_ID: "hazo_auth_scope_id", // v5.2: Tenant context cookie for multi-tenancy
     ANON_ID: "hazo_auth_anon_id", // v5.2: Stable opaque per-visitor ID for anonymous flows (e.g. hazo_feedback)
+    SESSION_KIND: "hazo_auth_session_kind", // v5.4: Sign-in method identifier (e.g. "otp", "google", "password")
 };
 // section: main_function
 /**

package/dist/lib/email_verification_config.server.d.ts

@@ -5,6 +5,9 @@ export type EmailVerificationConfig = {
     showReturnHomeButton: boolean;
     returnHomeButtonLabel: string;
     returnHomePath: string;
+    imageSrc: string;
+    imageAlt: string;
+    imageBackgroundColor: string;
 };
 /**
  * Reads email verification layout configuration from hazo_auth_config.ini file

package/dist/lib/email_verification_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"email_verification_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/email_verification_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,uBAAuB,GAAG;IACpC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,6BAA6B,IAAI,uBAAuB,CAWvE"}
+{"version":3,"file":"email_verification_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/email_verification_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,uBAAuB,GAAG;IACpC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,6BAA6B,IAAI,uBAAuB,CAoCvE"}

package/dist/lib/email_verification_config.server.js

@@ -3,6 +3,11 @@
 import "server-only";
 // section: imports
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
+import { get_config_value } from "./config/config_loader.server.js";
+// Default image path - consuming apps should either:
+// 1. Configure their own image_src in hazo_auth_config.ini
+// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
+const DEFAULT_VERIFY_EMAIL_IMAGE_PATH = "/hazo_auth/images/verify_email_default.jpg";
 // section: helpers
 /**
  * Reads email verification layout configuration from hazo_auth_config.ini file
@@ -10,13 +15,23 @@ import { get_already_logged_in_config } from "./already_logged_in_config.server.
  * @returns Email verification configuration options
  */
 export function get_email_verification_config() {
+    const section = "hazo_auth__email_verification_layout";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
+    // Read image configuration
+    // If not set in config, falls back to default path-based image
+    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
+    const imageSrc = get_config_value(section, "image_src", DEFAULT_VERIFY_EMAIL_IMAGE_PATH);
+    const imageAlt = get_config_value(section, "image_alt", "Email verification illustration");
+    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         alreadyLoggedInMessage: alreadyLoggedInConfig.message,
         showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
         showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
         returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
     };
 }

package/dist/lib/forgot_password_config.server.d.ts

@@ -5,6 +5,9 @@ export type ForgotPasswordConfig = {
     showReturnHomeButton: boolean;
     returnHomeButtonLabel: string;
     returnHomePath: string;
+    imageSrc: string;
+    imageAlt: string;
+    imageBackgroundColor: string;
 };
 /**
  * Reads forgot password layout configuration from hazo_auth_config.ini file

package/dist/lib/forgot_password_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/forgot_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CAWjE"}
+{"version":3,"file":"forgot_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/forgot_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CAoCjE"}

package/dist/lib/forgot_password_config.server.js

@@ -3,6 +3,11 @@
 import "server-only";
 // section: imports
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
+import { get_config_value } from "./config/config_loader.server.js";
+// Default image path - consuming apps should either:
+// 1. Configure their own image_src in hazo_auth_config.ini
+// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
+const DEFAULT_FORGOT_PASSWORD_IMAGE_PATH = "/hazo_auth/images/forgot_password_default.jpg";
 // section: helpers
 /**
  * Reads forgot password layout configuration from hazo_auth_config.ini file
@@ -10,13 +15,23 @@ import { get_already_logged_in_config } from "./already_logged_in_config.server.
  * @returns Forgot password configuration options
  */
 export function get_forgot_password_config() {
+    const section = "hazo_auth__forgot_password_layout";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
+    // Read image configuration
+    // If not set in config, falls back to default path-based image
+    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
+    const imageSrc = get_config_value(section, "image_src", DEFAULT_FORGOT_PASSWORD_IMAGE_PATH);
+    const imageAlt = get_config_value(section, "image_alt", "Password recovery illustration");
+    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         alreadyLoggedInMessage: alreadyLoggedInConfig.message,
         showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
         showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
         returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
     };
 }

package/dist/lib/login_config.server.d.ts

@@ -13,14 +13,11 @@ export type LoginConfig = {
     createAccountPath: string;
     createAccountLabel: string;
     showCreateAccountLink: boolean;
+    imageSrc: string;
+    imageAlt: string;
+    imageBackgroundColor: string;
     /** OAuth configuration */
     oauth: OAuthConfig;
-    /** Whether the OTP sign-in link is shown below the login form */
-    otpSigninEnabled: boolean;
-    /** Label for the OTP sign-in link */
-    otpSigninLabel: string;
-    /** href for the OTP sign-in link */
-    otpSigninHref: string;
 };
 /**
  * Reads login layout configuration from hazo_auth_config.ini file

package/dist/lib/login_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAG3E,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;IACnB,iEAAiE;IACjE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CA0D9C"}
+{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAM3E,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;CACpB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAyE9C"}

package/dist/lib/login_config.server.js

@@ -5,6 +5,8 @@ import "server-only";
 import { get_config_value, get_config_value_allow_empty } from "./config/config_loader.server.js";
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
 import { get_oauth_config } from "./oauth_config.server.js";
+// Assets served via the package's own API route — no manual copy needed.
+const DEFAULT_LOGIN_IMAGE_PATH = "/api/hazo_auth/assets/login_default.jpg";
 // section: helpers
 /**
  * Reads login layout configuration from hazo_auth_config.ini file
@@ -26,12 +28,14 @@ export function get_login_config() {
     const showCreateAccountLink = get_config_value(section, "show_create_account_link", "true") === "true";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
+    // Read image configuration
+    // If not set in config, falls back to default path-based image
+    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
+    const imageSrc = get_config_value(section, "image_src", DEFAULT_LOGIN_IMAGE_PATH);
+    const imageAlt = get_config_value(section, "image_alt", "Secure login illustration");
+    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     // Get OAuth configuration
     const oauth = get_oauth_config();
-    // OTP sign-in link
-    const otpSigninEnabled = get_config_value(section, "otp_signin_enabled", "false") === "true";
-    const otpSigninLabel = get_config_value(section, "otp_signin_label", "Sign in with email code");
-    const otpSigninHref = get_config_value(section, "otp_signin_href", "/hazo_auth/otp");
     return {
         redirectRoute,
         successMessage,
@@ -45,9 +49,9 @@ export function get_login_config() {
         createAccountPath,
         createAccountLabel,
         showCreateAccountLink,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
         oauth,
-        otpSigninEnabled,
-        otpSigninLabel,
-        otpSigninHref,
     };
 }

package/dist/lib/my_settings_config.server.d.ts

@@ -21,6 +21,7 @@ export type MySettingsConfig = {
         user_photo_default_priority2?: "library" | "gravatar";
         library_photo_path: string;
     };
+    heading?: string;
     subHeading?: string;
     profilePhotoLabel?: string;
     profilePhotoRecommendation?: string;

package/dist/lib/my_settings_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"my_settings_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/my_settings_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE;QACV,eAAe,EAAE,OAAO,CAAC;QACzB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;KAC9B,CAAC;IACF,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,cAAc,EAAE;QACd,kBAAkB,EAAE,OAAO,CAAC;QAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,4BAA4B,EAAE,UAAU,GAAG,SAAS,CAAC;QACrD,4BAA4B,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;QACtD,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE;QACR,6BAA6B,EAAE,MAAM,CAAC;QACtC,sBAAsB,EAAE,MAAM,CAAC;QAC/B,2BAA2B,EAAE,MAAM,CAAC;QACpC,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,yBAAyB,EAAE,MAAM,CAAC;QAClC,uBAAuB,EAAE,MAAM,CAAC;QAChC,0BAA0B,EAAE,MAAM,CAAC;QACnC,0BAA0B,EAAE,MAAM,CAAC;QACnC,+BAA+B,EAAE,MAAM,CAAC;QACxC,4BAA4B,EAAE,MAAM,CAAC;KACtC,CAAC;IACF,SAAS,EAAE;QACT,wBAAwB,EAAE,MAAM,EAAE,CAAC;QACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;KACpC,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,gBAAgB,CAuDzD"}
+{"version":3,"file":"my_settings_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/my_settings_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE;QACV,eAAe,EAAE,OAAO,CAAC;QACzB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;KAC9B,CAAC;IACF,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,cAAc,EAAE;QACd,kBAAkB,EAAE,OAAO,CAAC;QAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,4BAA4B,EAAE,UAAU,GAAG,SAAS,CAAC;QACrD,4BAA4B,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;QACtD,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE;QACR,6BAA6B,EAAE,MAAM,CAAC;QACtC,sBAAsB,EAAE,MAAM,CAAC;QAC/B,2BAA2B,EAAE,MAAM,CAAC;QACpC,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,yBAAyB,EAAE,MAAM,CAAC;QAClC,uBAAuB,EAAE,MAAM,CAAC;QAChC,0BAA0B,EAAE,MAAM,CAAC;QACnC,0BAA0B,EAAE,MAAM,CAAC;QACnC,+BAA+B,EAAE,MAAM,CAAC;QACxC,4BAA4B,EAAE,MAAM,CAAC;KACtC,CAAC;IACF,SAAS,EAAE;QACT,wBAAwB,EAAE,MAAM,EAAE,CAAC;QACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;KACpC,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,gBAAgB,CAyDzD"}

package/dist/lib/my_settings_config.server.js

@@ -28,6 +28,7 @@ export function get_my_settings_config() {
     const uiSizes = get_ui_sizes_config();
     const fileTypes = get_file_types_config();
     // Read optional labels with defaults
+    const heading = get_config_value(section, "heading", "Account Settings");
     const subHeading = get_config_value(section, "sub_heading", "Manage your profile, password, and email preferences.");
     const profilePhotoLabel = get_config_value(section, "profile_photo_label", "Profile Photo");
     const profilePhotoRecommendation = get_config_value(section, "profile_photo_recommendation", "Recommended size: 200x200px. JPG, PNG.");
@@ -46,6 +47,7 @@ export function get_my_settings_config() {
         userFields,
         passwordRequirements,
         profilePicture,
+        heading,
         subHeading,
         profilePhotoLabel,
         profilePhotoRecommendation,

package/dist/lib/oauth_config.server.d.ts

@@ -2,20 +2,12 @@ import "server-only";
 export type OAuthConfig = {
     /** Enable Google OAuth login */
     enable_google: boolean;
-    /** Enable Facebook OAuth login */
-    enable_facebook: boolean;
     /** Enable traditional email/password login */
     enable_email_password: boolean;
     /** Auto-link Google login to existing unverified email/password accounts */
     auto_link_unverified_accounts: boolean;
-    /** Auto-link Google login to existing unverified email/password accounts (per-provider override) */
-    auto_link_unverified_accounts_google: boolean;
-    /** Auto-link Facebook login to existing unverified email/password accounts */
-    auto_link_unverified_accounts_facebook: boolean;
     /** Text displayed on the Google sign-in button */
     google_button_text: string;
-    /** Text displayed on the Facebook sign-in button */
-    facebook_button_text: string;
     /** Text displayed on the divider between OAuth and email/password form */
     oauth_divider_text: string;
     /** NextAuth signIn page path */
@@ -30,10 +22,14 @@ export type OAuthConfig = {
     skip_invitation_check: boolean;
     /** Redirect when skip_invitation_check=true and user has no scope */
     no_scope_redirect: string;
-    /** Facebook App ID from env HAZO_AUTH_FACEBOOK_APP_ID */
-    facebook_client_id: string | undefined;
-    /** Facebook App Secret from env HAZO_AUTH_FACEBOOK_APP_SECRET */
-    facebook_client_secret: string | undefined;
+    /** Enable Facebook OAuth login */
+    enable_facebook_oauth: boolean;
+    /** Facebook App ID (env: HAZO_AUTH_FACEBOOK_APP_ID overrides config) */
+    facebook_app_id: string;
+    /** Facebook App Secret (env: HAZO_AUTH_FACEBOOK_APP_SECRET overrides config) */
+    facebook_app_secret: string;
+    /** Text displayed on the Facebook sign-in button */
+    facebook_button_text: string;
 };
 /**
  * Reads OAuth configuration from hazo_auth_config.ini file
@@ -51,9 +47,4 @@ export declare function is_google_oauth_enabled(): boolean;
  * @returns true if email/password login is enabled in config
  */
 export declare function is_email_password_enabled(): boolean;
-/**
- * Helper to check if Facebook OAuth is enabled and credentials are present
- * @returns true if Facebook OAuth is enabled and env vars are set
- */
-export declare function is_facebook_oauth_enabled(): boolean;
 //# sourceMappingURL=oauth_config.server.d.ts.map

package/dist/lib/oauth_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/oauth_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GAAG;IACxB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,kCAAkC;IAClC,eAAe,EAAE,OAAO,CAAC;IACzB,8CAA8C;IAC9C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,4EAA4E;IAC5E,6BAA6B,EAAE,OAAO,CAAC;IACvC,oGAAoG;IACpG,oCAAoC,EAAE,OAAO,CAAC;IAC9C,8EAA8E;IAC9E,sCAAsC,EAAE,OAAO,CAAC;IAChD,kDAAkD;IAClD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oDAAoD;IACpD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0EAA0E;IAC1E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,MAAM,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,qBAAqB,EAAE,OAAO,CAAC;IAC/B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,yDAAyD;IACzD,kBAAkB,EAAE,MAAM,GAAG,SAAS,CAAC;IACvC,iEAAiE;IACjE,sBAAsB,EAAE,MAAM,GAAG,SAAS,CAAC;CAC5C,CAAC;AAMF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAoH9C;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAEjD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAMnD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAInD"}
+{"version":3,"file":"oauth_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/oauth_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GAAG;IACxB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,8CAA8C;IAC9C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,4EAA4E;IAC5E,6BAA6B,EAAE,OAAO,CAAC;IACvC,kDAAkD;IAClD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,0EAA0E;IAC1E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,MAAM,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,qBAAqB,EAAE,OAAO,CAAC;IAC/B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kCAAkC;IAClC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,wEAAwE;IACxE,eAAe,EAAE,MAAM,CAAC;IACxB,gFAAgF;IAChF,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oDAAoD;IACpD,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAMF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAwG9C;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAEjD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAMnD"}

package/dist/lib/oauth_config.server.js

@@ -14,16 +14,9 @@ const SECTION_NAME = "hazo_auth__oauth";
  */
 export function get_oauth_config() {
     const enable_google = get_config_boolean(SECTION_NAME, "enable_google", DEFAULT_OAUTH.enable_google);
-    const enable_facebook = get_config_boolean(SECTION_NAME, "enable_facebook", false);
     const enable_email_password = get_config_boolean(SECTION_NAME, "enable_email_password", DEFAULT_OAUTH.enable_email_password);
-    // Generic key (backward compat)
     const auto_link_unverified_accounts = get_config_boolean(SECTION_NAME, "auto_link_unverified_accounts", DEFAULT_OAUTH.auto_link_unverified_accounts);
-    // Per-provider Google key (falls back to generic)
-    const auto_link_unverified_accounts_google = get_config_boolean(SECTION_NAME, "auto_link_unverified_accounts_google", auto_link_unverified_accounts);
-    // Per-provider Facebook key (defaults to false — don't auto-link Facebook unverified)
-    const auto_link_unverified_accounts_facebook = get_config_boolean(SECTION_NAME, "auto_link_unverified_accounts_facebook", false);
     const google_button_text = get_config_value(SECTION_NAME, "google_button_text", DEFAULT_OAUTH.google_button_text);
-    const facebook_button_text = get_config_value(SECTION_NAME, "facebook_button_text", "Continue with Facebook");
     const oauth_divider_text = get_config_value(SECTION_NAME, "oauth_divider_text", DEFAULT_OAUTH.oauth_divider_text);
     const sign_in_page = get_config_value(SECTION_NAME, "sign_in_page", DEFAULT_OAUTH.sign_in_page);
     const error_page = get_config_value(SECTION_NAME, "error_page", DEFAULT_OAUTH.error_page);
@@ -31,17 +24,17 @@ export function get_oauth_config() {
     const default_redirect = get_config_value(SECTION_NAME, "default_redirect", DEFAULT_OAUTH.default_redirect);
     const skip_invitation_check = get_config_boolean(SECTION_NAME, "skip_invitation_check", DEFAULT_OAUTH.skip_invitation_check);
     const no_scope_redirect = get_config_value(SECTION_NAME, "no_scope_redirect", DEFAULT_OAUTH.no_scope_redirect);
-    const facebook_client_id = process.env.HAZO_AUTH_FACEBOOK_APP_ID;
-    const facebook_client_secret = process.env.HAZO_AUTH_FACEBOOK_APP_SECRET;
+    const enable_facebook_oauth = get_config_boolean(SECTION_NAME, "enable_facebook_oauth", false);
+    const facebook_app_id = process.env.HAZO_AUTH_FACEBOOK_APP_ID ||
+        get_config_value(SECTION_NAME, "facebook_app_id", "");
+    const facebook_app_secret = process.env.HAZO_AUTH_FACEBOOK_APP_SECRET ||
+        get_config_value(SECTION_NAME, "facebook_app_secret", "");
+    const facebook_button_text = get_config_value(SECTION_NAME, "facebook_button_text", "Continue with Facebook");
     return {
         enable_google,
-        enable_facebook,
         enable_email_password,
         auto_link_unverified_accounts,
-        auto_link_unverified_accounts_google,
-        auto_link_unverified_accounts_facebook,
         google_button_text,
-        facebook_button_text,
         oauth_divider_text,
         sign_in_page,
         error_page,
@@ -49,8 +42,10 @@ export function get_oauth_config() {
         default_redirect,
         skip_invitation_check,
         no_scope_redirect,
-        facebook_client_id,
-        facebook_client_secret,
+        enable_facebook_oauth,
+        facebook_app_id,
+        facebook_app_secret,
+        facebook_button_text,
     };
 }
 /**
@@ -67,13 +62,3 @@ export function is_google_oauth_enabled() {
 export function is_email_password_enabled() {
     return get_config_boolean(SECTION_NAME, "enable_email_password", DEFAULT_OAUTH.enable_email_password);
 }
-/**
- * Helper to check if Facebook OAuth is enabled and credentials are present
- * @returns true if Facebook OAuth is enabled and env vars are set
- */
-export function is_facebook_oauth_enabled() {
-    const enabled = get_config_boolean(SECTION_NAME, "enable_facebook", false);
-    if (!enabled)
-        return false;
-    return !!(process.env.HAZO_AUTH_FACEBOOK_APP_ID && process.env.HAZO_AUTH_FACEBOOK_APP_SECRET);
-}

package/dist/lib/register_config.server.d.ts

@@ -15,14 +15,17 @@ export type RegisterConfig = {
     returnHomePath: string;
     signInPath: string;
     signInLabel: string;
+    imageSrc: string;
+    imageAlt: string;
+    imageBackgroundColor: string;
     /** OAuth configuration */
     oauth: {
         enable_google: boolean;
-        enable_facebook: boolean;
         enable_email_password: boolean;
         google_button_text: string;
-        facebook_button_text: string;
         oauth_divider_text: string;
+        enable_facebook_oauth: boolean;
+        facebook_button_text: string;
     };
 };
 /**

package/dist/lib/register_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"register_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/register_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAUrB,MAAM,MAAM,cAAc,GAAG;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,KAAK,EAAE;QACL,aAAa,EAAE,OAAO,CAAC;QACvB,eAAe,EAAE,OAAO,CAAC;QACzB,qBAAqB,EAAE,OAAO,CAAC;QAC/B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,oBAAoB,EAAE,MAAM,CAAC;QAC7B,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,cAAc,CAgEpD"}
+{"version":3,"file":"register_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/register_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAerB,MAAM,MAAM,cAAc,GAAG;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0BAA0B;IAC1B,KAAK,EAAE;QACL,aAAa,EAAE,OAAO,CAAC;QACvB,qBAAqB,EAAE,OAAO,CAAC;QAC/B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,qBAAqB,EAAE,OAAO,CAAC;QAC/B,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,cAAc,CAgFpD"}

package/dist/lib/register_config.server.js

@@ -7,6 +7,10 @@ import { get_password_requirements_config } from "./password_requirements_config
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
 import { get_user_fields_config } from "./user_fields_config.server.js";
 import { get_oauth_config } from "./oauth_config.server.js";
+// Default image path - consuming apps should either:
+// 1. Configure their own image_src in hazo_auth_config.ini
+// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
+const DEFAULT_REGISTER_IMAGE_PATH = "/hazo_auth/images/register_default.jpg";
 // section: helpers
 /**
  * Reads register layout configuration from hazo_auth_config.ini file
@@ -28,12 +32,16 @@ export function get_register_config() {
     // Read sign in link configuration
     const signInPath = get_config_value("hazo_auth__register_layout", "sign_in_path", "/hazo_auth/login");
     const signInLabel = get_config_value("hazo_auth__register_layout", "sign_in_label", "Sign in");
+    // Read image configuration
+    // If not set in config, falls back to default path-based image
+    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
+    const imageSrc = get_config_value("hazo_auth__register_layout", "image_src", DEFAULT_REGISTER_IMAGE_PATH);
+    const imageAlt = get_config_value("hazo_auth__register_layout", "image_alt", "Modern building representing user registration");
+    const imageBackgroundColor = get_config_value("hazo_auth__register_layout", "image_background_color", "#e2e8f0");
     // Get OAuth configuration (shared with login)
     const oauthConfig = get_oauth_config();
     // For the register page, default button text to "Sign up with Google" unless overridden
     const registerGoogleButtonText = get_config_value("hazo_auth__oauth", "google_button_text_register", "Sign up with Google");
-    // For the register page, default Facebook button text to "Sign up with Facebook" unless overridden
-    const registerFacebookButtonText = get_config_value("hazo_auth__oauth", "facebook_button_text_register", "Sign up with Facebook");
     return {
         showNameField,
         passwordRequirements,
@@ -44,13 +52,16 @@ export function get_register_config() {
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
         signInPath,
         signInLabel,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
         oauth: {
             enable_google: oauthConfig.enable_google,
-            enable_facebook: oauthConfig.enable_facebook,
             enable_email_password: oauthConfig.enable_email_password,
             google_button_text: registerGoogleButtonText,
-            facebook_button_text: registerFacebookButtonText,
             oauth_divider_text: oauthConfig.oauth_divider_text,
+            enable_facebook_oauth: oauthConfig.enable_facebook_oauth,
+            facebook_button_text: oauthConfig.facebook_button_text,
         },
     };
 }

package/dist/lib/reset_password_config.server.d.ts

@@ -16,6 +16,9 @@ export type ResetPasswordConfig = {
         require_number: boolean;
         require_special: boolean;
     };
+    imageSrc: string;
+    imageAlt: string;
+    imageBackgroundColor: string;
 };
 /**
  * Reads reset password layout configuration from hazo_auth_config.ini file

package/dist/lib/reset_password_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"reset_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/reset_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAQrB,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,yBAAyB,IAAI,mBAAmB,CAyC/D"}
+{"version":3,"file":"reset_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/reset_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAarB,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,yBAAyB,IAAI,mBAAmB,CAgE/D"}

package/dist/lib/reset_password_config.server.js

@@ -5,6 +5,10 @@ import "server-only";
 import { get_config_value } from "./config/config_loader.server.js";
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
 import { get_password_requirements_config } from "./password_requirements_config.server.js";
+// Default image path - consuming apps should either:
+// 1. Configure their own image_src in hazo_auth_config.ini
+// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
+const DEFAULT_RESET_PASSWORD_IMAGE_PATH = "/hazo_auth/images/reset_password_default.jpg";
 // section: helpers
 /**
  * Reads reset password layout configuration from hazo_auth_config.ini file
@@ -25,6 +29,12 @@ export function get_reset_password_config() {
     const forgotPasswordPath = get_config_value(section, "forgot_password_path", "/hazo_auth/forgot_password");
     // Get shared password requirements
     const passwordRequirements = get_password_requirements_config();
+    // Read image configuration
+    // If not set in config, falls back to default path-based image
+    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
+    const imageSrc = get_config_value(section, "image_src", DEFAULT_RESET_PASSWORD_IMAGE_PATH);
+    const imageAlt = get_config_value(section, "image_alt", "Reset password illustration");
+    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         errorMessage,
         successMessage,
@@ -36,5 +46,8 @@ export function get_reset_password_config() {
         returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
         passwordRequirements,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
     };
 }

package/dist/lib/services/email_template_manifest.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"email_template_manifest.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_template_manifest.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAiB3E;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,EAAE,sBAAsB,EAwF/D,CAAC"}
+{"version":3,"file":"email_template_manifest.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_template_manifest.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAiB3E;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,EAAE,sBAAsB,EAuE/D,CAAC"}

package/dist/lib/services/email_template_manifest.js

@@ -92,21 +92,4 @@ export const hazo_auth_template_manifest = [
             },
         ],
     },
-    {
-        template_name: "otp_signin_code",
-        template_label: "OTP sign-in code",
-        category: SYSTEM_CATEGORY,
-        html: read_template("otp_signin_code", "html"),
-        text: read_template("otp_signin_code", "txt"),
-        variables: [
-            {
-                variable_name: "otp_code",
-                variable_description: "6-digit OTP code for email sign-in (v6.1.0+)",
-            },
-            {
-                variable_name: "expires_in_minutes",
-                variable_description: "Number of minutes until the OTP code expires",
-            },
-        ],
-    },
 ];

package/dist/lib/services/index.d.ts

@@ -18,6 +18,4 @@ export * from "./scope_service.js";
 export * from "./user_scope_service.js";
 export * from "./oauth_service.js";
 export * from "./branding_service.js";
-export { request_email_otp, verify_email_otp, generate_otp_code, hash_otp_code, verify_otp_code, } from "./otp_service.js";
-export type { RequestEmailOTPResult, VerifyEmailOTPResult } from "./otp_service";
 //# sourceMappingURL=index.d.ts.map

package/dist/lib/services/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/services/index.ts"],"names":[],"mappings":"AAEA,cAAc,iBAAiB,CAAC;AAChC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,iBAAiB,CAAC;AAChC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,eAAe,GAChB,MAAM,eAAe,CAAC;AACvB,YAAY,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/services/index.ts"],"names":[],"mappings":"AAEA,cAAc,iBAAiB,CAAC;AAChC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,iBAAiB,CAAC;AAChC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC"}

package/dist/lib/services/index.js

@@ -20,4 +20,3 @@ export * from "./scope_service.js";
 export * from "./user_scope_service.js";
 export * from "./oauth_service.js";
 export * from "./branding_service.js";
-export { request_email_otp, verify_email_otp, generate_otp_code, hash_otp_code, verify_otp_code, } from "./otp_service.js";

package/dist/lib/services/oauth_service.d.ts

@@ -11,6 +11,14 @@ export type GoogleOAuthData = {
     /** Whether Google has verified this email */
     email_verified: boolean;
 };
+export type FacebookOAuthData = {
+    facebook_id: string;
+    email: string;
+    name?: string;
+    profile_picture_url?: string;
+    /** Facebook does not always verify emails — only link when hazo user is verified */
+    email_verified: boolean;
+};
 export type OAuthLoginResult = {
     success: boolean;
     user_id?: string;
@@ -24,16 +32,6 @@ export type OAuthLoginResult = {
     name?: string;
     error?: string;
 };
-export type FacebookOAuthData = {
-    /** Facebook's unique user ID */
-    facebook_id: string;
-    /** User's email address from Facebook (may be null if user denied email permission) */
-    email: string | null;
-    /** User's full name from Facebook profile */
-    name?: string;
-    /** User's profile picture URL from Facebook */
-    profile_picture_url?: string;
-};
 export type LinkGoogleResult = {
     success: boolean;
     error?: string;
@@ -56,19 +54,10 @@ export type AuthProvidersResult = {
  */
 export declare function handle_google_oauth_login(adapter: HazoConnectAdapter, data: GoogleOAuthData): Promise<OAuthLoginResult>;
 /**
- * Handles Facebook OAuth login/registration flow
- * 1. Check if user exists with facebook_id -> login
- * 2. Check if user exists with email -> link Facebook account (respects auto_link_unverified)
- * 3. Create new user with Facebook data (email_verified always false — never trust Facebook)
- *
- * @param adapter - The hazo_connect adapter instance
- * @param data - Facebook OAuth user data
- * @param opts - Options (auto_link_unverified: whether to link unverified accounts)
- * @returns OAuth login result with user_id and status flags
+ * Handles Facebook OAuth login: find-by-facebook_id → find-by-email+link → create new.
+ * Mirrors handle_google_oauth_login exactly. Uses auto_link_unverified_accounts gate.
  */
-export declare function handle_facebook_oauth_login(adapter: HazoConnectAdapter, data: FacebookOAuthData, opts?: {
-    auto_link_unverified?: boolean;
-}): Promise<OAuthLoginResult>;
+export declare function handle_facebook_oauth_login(adapter: HazoConnectAdapter, data: FacebookOAuthData): Promise<OAuthLoginResult>;
 /**
  * Links a Google account to an existing user
  * @param adapter - The hazo_connect adapter instance

package/dist/lib/services/oauth_service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/oauth_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AASvD,MAAM,MAAM,eAAe,GAAG;IAC5B,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6CAA6C;IAC7C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,6CAA6C;IAC7C,cAAc,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uDAAuD;IACvD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,uFAAuF;IACvF,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,6CAA6C;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAE9B,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;;;GASG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,eAAe,GACpB,OAAO,CAAC,gBAAgB,CAAC,CAiL3B;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,iBAAiB,EACvB,IAAI,CAAC,EAAE;IAAE,oBAAoB,CAAC,EAAE,OAAO,CAAA;CAAE,GACxC,OAAO,CAAC,gBAAgB,CAAC,CAwK3B;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,CAAC,CAgE3B;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,kBAAkB,EAC3B,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CA2C9B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA0D/C"}
+{"version":3,"file":"oauth_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/oauth_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AASvD,MAAM,MAAM,eAAe,GAAG;IAC5B,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6CAA6C;IAC7C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,6CAA6C;IAC7C,cAAc,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,oFAAoF;IACpF,cAAc,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uDAAuD;IACvD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;;;GASG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,eAAe,GACpB,OAAO,CAAC,gBAAgB,CAAC,CAiL3B;AAED;;;GAGG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC,gBAAgB,CAAC,CA6H3B;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,CAAC,CAgE3B;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,kBAAkB,EAC3B,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CA2C9B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA0D/C"}