`@sumx/ssr-auth-core`

Server-side OIDC, session cookies, and Next.js API route factories.

Subpath exports

Subpath	Use
`auth-constants`	Storage keys, timeouts
`auth-session-types`	Shared TypeScript types
`return-path`	Safe redirect / return URL handling
`oidc-url-utils`	Strip OIDC query params
`next/auth-session-handler`	`createAuthSessionHandler()`
`next/auth-logout-handler`	`createAuthLogoutHandler()`
`next/oidc-well-known-handler`	Metadata proxy

Example: session API


// src/pages/api/auth/session.ts
import { createAuthSessionHandler } from '@sumx/ssr-auth-core/next/auth-session-handler';
import { getServerAuthOidcConfig } from '@/config/server-auth-oidc.config';
 
export default createAuthSessionHandler({
  getOidcConfig: getServerAuthOidcConfig,
  fetchPermissionsForReturnPathGate: async (req) => {
    // optional: call your BFF for permission gate
    return [];
  },
});

Example: server OIDC config


// src/config/server-auth-oidc.config.ts
import type { AuthOidcPublicConfig } from '@sumx/ssr-auth-core/auth-oidc-config';
 
export function getServerAuthOidcConfig(): AuthOidcPublicConfig {
  return {
    authority: process.env.NEXT_PUBLIC_AUTHORITY?.trim() || '',
    clientId: process.env.NEXT_PUBLIC_CLIENT_ID?.trim() || '',
  };
}

See Auth integration (advanced) for the full BFF flow.