fix: Properly configure SDK to be distributed as ESM

package.json

@@ -2,6 +2,7 @@
   "name": "@auth0/nextjs-auth0",
   "version": "4.6.1",
   "description": "Auth0 Next.js SDK",
+  "type": "module",
   "scripts": {
     "build": "tsc",
     "build:watch": "tsc -w",
@@ -63,19 +64,19 @@
   },
   "exports": {
     ".": {
-      "import": "./dist/client/index.js"
+      "default": "./dist/client/index.js"
     },
     "./server": {
-      "import": "./dist/server/index.js"
+      "default": "./dist/server/index.js"
     },
     "./errors": {
-      "import": "./dist/errors/index.js"
+      "default": "./dist/errors/index.js"
     },
     "./types": {
-      "import": "./dist/types/index.d.ts"
+      "default": "./dist/types/index.d.ts"
     },
     "./testing": {
-      "import": "./dist/testing/index.js"
+      "default": "./dist/testing/index.js"
     }
   },
   "dependencies": {

src/client/helpers/get-access-token.ts

@@ -1,5 +1,5 @@
-import { AccessTokenError } from "../../errors";
-import { normalizeWithBasePath } from "../../utils/pathUtils";
+import { normalizeWithBasePath } from "../../utils/pathUtils.js";
+import { AccessTokenError } from "../../errors/index.js";
 
 type AccessTokenResponse = {
   token: string;

src/client/hooks/use-user.ts

@@ -2,8 +2,8 @@
 
 import useSWR from "swr";
 
-import type { User } from "../../types";
-import { normalizeWithBasePath } from "../../utils/pathUtils";
+import { normalizeWithBasePath } from "../../utils/pathUtils.js";
+import type { User } from "../../types/index.js";
 
 export function useUser() {
   const { data, error, isLoading, mutate } = useSWR<User, Error, string>(

src/client/index.ts

@@ -1,3 +1,3 @@
-export { useUser } from "./hooks/use-user";
-export { getAccessToken } from "./helpers/get-access-token";
-export { Auth0Provider } from "./providers/auth0-provider";
+export { useUser } from "./hooks/use-user.js";
+export { getAccessToken } from "./helpers/get-access-token.js";
+export { Auth0Provider } from "./providers/auth0-provider.js";

src/client/providers/auth0-provider.tsx

@@ -3,7 +3,7 @@
 import React from "react";
 import { SWRConfig } from "swr";
 
-import { User } from "../../types";
+import { User } from "../../types/index.js";
 
 export function Auth0Provider({
   user,

src/server/auth-client.test.ts

@@ -1,15 +1,15 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest, NextResponse } from "next/server.js";
 import * as jose from "jose";
 import * as oauth from "oauth4webapi";
 import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
 
-import { generateSecret } from "../test/utils";
-import { SessionData } from "../types";
-import { AuthClient } from "./auth-client";
-import { decrypt, encrypt } from "./cookies";
-import { StatefulSessionStore } from "./session/stateful-session-store";
-import { StatelessSessionStore } from "./session/stateless-session-store";
-import { TransactionState, TransactionStore } from "./transaction-store";
+import { generateSecret } from "../test/utils.js";
+import { SessionData } from "../types/index.js";
+import { AuthClient } from "./auth-client.js";
+import { decrypt, encrypt } from "./cookies.js";
+import { StatefulSessionStore } from "./session/stateful-session-store.js";
+import { StatelessSessionStore } from "./session/stateless-session-store.js";
+import { TransactionState, TransactionStore } from "./transaction-store.js";
 
 describe("Authentication Client", async () => {
   const DEFAULT = {

src/server/auth-client.ts

@@ -1,8 +1,8 @@
-import { NextResponse, type NextRequest } from "next/server";
+import { NextResponse, type NextRequest } from "next/server.js";
 import * as jose from "jose";
 import * as oauth from "oauth4webapi";
 
-import packageJson from "../../package.json";
+import packageJson from "../../package.json" with { type: "json" };
 import {
   AccessTokenError,
   AccessTokenErrorCode,
@@ -16,7 +16,7 @@ import {
   MissingStateError,
   OAuth2Error,
   SdkError
-} from "../errors";
+} from "../errors/index.js";
 import {
   AccessTokenForConnectionOptions,
   AuthorizationParameters,
@@ -25,18 +25,19 @@ import {
   SessionData,
   StartInteractiveLoginOptions,
   TokenSet
-} from "../types";
+} from "../types/index.js";
 import {
   ensureNoLeadingSlash,
   ensureTrailingSlash,
   normalizeWithBasePath,
   removeTrailingSlash
-} from "../utils/pathUtils";
-import { toSafeRedirect } from "../utils/url-helpers";
-import { addCacheControlHeadersForSession } from "./cookies";
-import { AbstractSessionStore } from "./session/abstract-session-store";
-import { TransactionState, TransactionStore } from "./transaction-store";
-import { filterDefaultIdTokenClaims } from "./user";
+} from "../utils/pathUtils.js";
+import { toSafeRedirect } from "../utils/url-helpers.js";
+import { addCacheControlHeadersForSession } from "./cookies.js";
+import { AbstractSessionStore } from "./session/abstract-session-store.js";
+import { TransactionState, TransactionStore } from "./transaction-store.js";
+import { filterDefaultIdTokenClaims } from "./user.js";
+
 
 export type BeforeSessionSavedHook = (
   session: SessionData,

src/server/chunked-cookies.test.ts

@@ -7,7 +7,7 @@ import {
   RequestCookies,
   ResponseCookies,
   setChunkedCookie
-} from "./cookies";
+} from "./cookies.js";
 
 // Create mock implementation for RequestCookies and ResponseCookies
 const createMocks = () => {

src/server/client.test.ts

@@ -1,9 +1,9 @@
-import { NextResponse, type NextRequest } from "next/server";
+import { NextResponse, type NextRequest } from "next/server.js";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 
-import { AccessTokenError, AccessTokenErrorCode } from "../errors";
-import { SessionData } from "../types";
-import { AuthClient } from "./auth-client"; // Import the actual class for spyOn
+import { AccessTokenError, AccessTokenErrorCode } from "../errors/index.js";
+import { SessionData } from "../types/index.js";
+import { AuthClient } from "./auth-client.js"; // Import the actual class for spyOn
 import { Auth0Client } from "./client.js";
 
 // Define ENV_VARS at the top level for broader scope

src/server/client.ts

@@ -1,39 +1,40 @@
 import type { IncomingMessage, ServerResponse } from "node:http";
-import { cookies } from "next/headers";
-import { NextRequest, NextResponse } from "next/server";
-import { NextApiRequest, NextApiResponse } from "next/types";
+import { cookies } from "next/headers.js";
+import { NextRequest, NextResponse } from "next/server.js";
+import { NextApiRequest, NextApiResponse } from "next/types.js";
 
 import {
   AccessTokenError,
   AccessTokenErrorCode,
   AccessTokenForConnectionError,
-  AccessTokenForConnectionErrorCode
-} from "../errors";
+  AccessTokenForConnectionErrorCode,
+} from "../errors/index.js";
+
 import {
   AccessTokenForConnectionOptions,
   AuthorizationParameters,
   SessionData,
   SessionDataStore,
   StartInteractiveLoginOptions
-} from "../types";
+} from "../types/index.js";
 import {
   AuthClient,
   BeforeSessionSavedHook,
   OnCallbackHook,
   RoutesOptions
-} from "./auth-client";
-import { RequestCookies, ResponseCookies } from "./cookies";
+} from "./auth-client.js";
+import { RequestCookies, ResponseCookies } from "./cookies.js";
 import {
   AbstractSessionStore,
   SessionConfiguration,
   SessionCookieOptions
-} from "./session/abstract-session-store";
-import { StatefulSessionStore } from "./session/stateful-session-store";
-import { StatelessSessionStore } from "./session/stateless-session-store";
+} from "./session/abstract-session-store.js";
+import { StatefulSessionStore } from "./session/stateful-session-store.js";
+import { StatelessSessionStore } from "./session/stateless-session-store.js";
 import {
   TransactionCookieOptions,
   TransactionStore
-} from "./transaction-store";
+} from "./transaction-store.js";
 
 export interface Auth0ClientOptions {
   // authorization server configuration

src/server/cookies.test.ts

@@ -1,8 +1,8 @@
-import { NextResponse } from "next/server";
+import { NextResponse } from "next/server.js";
 import { describe, expect, it } from "vitest";
 
-import { generateSecret } from "../test/utils";
-import { addCacheControlHeadersForSession, decrypt, encrypt } from "./cookies";
+import { generateSecret } from "../test/utils.js";
+import { addCacheControlHeadersForSession, decrypt, encrypt } from "./cookies.js";
 
 describe("encrypt/decrypt", async () => {
   const secret = await generateSecret(32);

src/server/cookies.ts

@@ -1,10 +1,10 @@
-import { NextResponse } from "next/server";
+import { NextResponse } from "next/server.js";
 import {
   RequestCookie,
   RequestCookies,
   ResponseCookies
 } from "@edge-runtime/cookies";
-import hkdf from "@panva/hkdf";
+import { hkdf } from "@panva/hkdf";
 import * as jose from "jose";
 
 const ENC = "A256GCM";

src/server/get-access-token.test.ts

@@ -1,4 +1,4 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest, NextResponse } from "next/server.js";
 import * as jose from "jose";
 import { http, HttpResponse } from "msw";
 import { setupServer } from "msw/node";
@@ -13,8 +13,8 @@ import {
   vi
 } from "vitest";
 
-import { SessionData, TokenSet } from "../types";
-import { Auth0Client } from "./client";
+import { SessionData, TokenSet } from "../types/index.js";
+import { Auth0Client } from "./client.js";
 
 // Basic constants for testing
 const DEFAULT = {

src/server/index.ts

@@ -1,9 +1,9 @@
-export { Auth0Client } from "./client";
+export { Auth0Client } from "./client.js";
 
-export { AuthClient } from "./auth-client";
+export { AuthClient } from "./auth-client.js";
 
-export { TransactionStore } from "./transaction-store";
+export { TransactionStore } from "./transaction-store.js";
 
-export { AbstractSessionStore } from "./session/abstract-session-store";
+export { AbstractSessionStore } from "./session/abstract-session-store.js";
 
-export { filterDefaultIdTokenClaims, DEFAULT_ID_TOKEN_CLAIMS } from "./user";
+export { filterDefaultIdTokenClaims, DEFAULT_ID_TOKEN_CLAIMS } from "./user.js";

src/server/redundant-txn-cookie-deletion.test.ts

@@ -1,21 +1,21 @@
 /* eslint-disable @typescript-eslint/no-unused-vars */
-import { NextRequest } from "next/server";
+import { NextRequest } from "next/server.js";
 import * as oauth from "oauth4webapi";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 
-import { InvalidStateError, MissingStateError } from "../errors";
-import { SessionData } from "../types";
-import { AuthClient, AuthClientOptions } from "./auth-client";
+import { InvalidStateError, MissingStateError } from "../errors/index.js";
+import { SessionData } from "../types/index.js";
+import { AuthClient, AuthClientOptions } from "./auth-client.js";
 import {
   ReadonlyRequestCookies,
   RequestCookies,
   ResponseCookies
-} from "./cookies";
+} from "./cookies.js";
 import {
   AbstractSessionStore,
   SessionStoreOptions
-} from "./session/abstract-session-store";
-import { TransactionStore } from "./transaction-store";
+} from "./session/abstract-session-store.js";
+import { TransactionStore } from "./transaction-store.js";
 
 vi.mock("./transaction-store");
 vi.mock("oauth4webapi");

src/server/session/abstract-session-store.ts

@@ -1,10 +1,10 @@
-import type { SessionData, SessionDataStore } from "../../types";
+import type { SessionData, SessionDataStore } from "../../types/index.js";
 import {
   CookieOptions,
   ReadonlyRequestCookies,
   RequestCookies,
   ResponseCookies
-} from "../cookies";
+} from "../cookies.js";
 
 export interface SessionCookieOptions {
   /**

src/server/session/normalize-session.ts

@@ -1,6 +1,6 @@
 import { JWTDecryptResult } from "jose";
 
-import { SessionData } from "../../types";
+import { SessionData } from "../../types/index.js";
 
 export const LEGACY_COOKIE_NAME = "appSession";
 

src/server/session/stateful-session-store.test.ts

@@ -1,16 +1,17 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 
-import { generateSecret } from "../../test/utils";
-import { SessionData } from "../../types";
+import { generateSecret } from "../../test/utils.js";
+import { SessionData } from "../../types/index.js";
 import {
   decrypt,
   encrypt,
   RequestCookies,
   ResponseCookies,
   sign
-} from "../cookies";
-import { LEGACY_COOKIE_NAME, LegacySessionPayload } from "./normalize-session";
-import { StatefulSessionStore } from "./stateful-session-store";
+} from "../cookies.js";
+import { LEGACY_COOKIE_NAME, LegacySessionPayload } from "./normalize-session.js";
+import { StatefulSessionStore } from "./stateful-session-store.js";
+
 
 describe("Stateful Session Store", async () => {
   describe("get", async () => {

src/server/session/stateful-session-store.ts

@@ -1,13 +1,13 @@
-import { SessionData, SessionDataStore } from "../../types";
-import * as cookies from "../cookies";
+import { SessionData, SessionDataStore } from "../../types/index.js";
+import * as cookies from "../cookies.js";
 import {
   AbstractSessionStore,
   SessionCookieOptions
-} from "./abstract-session-store";
+} from "./abstract-session-store.js";
 import {
   LEGACY_COOKIE_NAME,
   normalizeStatefulSession
-} from "./normalize-session";
+} from "./normalize-session.js";
 
 // the value of the stateful session cookie containing a unique session ID to identify
 // the current session

src/server/session/stateless-session-store.test.ts

@@ -1,11 +1,11 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 
-import { generateSecret } from "../../test/utils";
-import { CookieOptions, SessionData } from "../../types";
-import { decrypt, encrypt, RequestCookies, ResponseCookies } from "../cookies";
-import * as cookies from "../cookies";
-import { LEGACY_COOKIE_NAME, LegacySession } from "./normalize-session";
-import { StatelessSessionStore } from "./stateless-session-store";
+import { generateSecret } from "../../test/utils.js";
+import { CookieOptions, SessionData } from "../../types/index.js";
+import { decrypt, encrypt, RequestCookies, ResponseCookies } from "../cookies.js";
+import * as cookies from "../cookies.js";
+import { LEGACY_COOKIE_NAME, LegacySession } from "./normalize-session.js";
+import { StatelessSessionStore } from "./stateless-session-store.js";
 
 describe("Stateless Session Store", async () => {
   const baseCookieOptions: CookieOptions = {