feat: logout callback with 'take me to I was' functionality

README.md

@@ -4,54 +4,97 @@ Astro integration that injects OIDC login/callback/logout routes, a middleware t
 
 ## Install
 
+```sh
 npm install @resuely/astro-oidc-rp
+```
 
 ## Usage (astro.config.mjs)
 
+```js
 import { defineConfig } from "astro/config";
 import resuelyOidc from "@resuely/astro-oidc-rp";
 
 export default defineConfig({
   integrations: [
     resuelyOidc({
-      issuer: "https://your-idp",
-      clientId: "YOUR_CLIENT_ID",
-      cookie: { signingSecret: process.env.OIDC_SIGNING_SECRET! },
+      issuer: { env: "OIDC_ISSUER", fallback: "https://your-idp" },
+      clientId: { env: "OIDC_CLIENT_ID" },
+      cookie: { signingSecret: { env: "OIDC_SIGNING_SECRET" } },
       protected: ["/app/*", "/me"],
     }),
   ],
 });
+```
 
-- Injected routes:
-  - Login: /login
-  - Callback: /oidc/callback
-  - Logout: /logout
+Injected routes (defaults):
+
+- Login: `/login`
+- Callback: `/oidc/callback`
+- Logout: `/logout`
+- Logout callback: `/logout/callback`
 
 ## Options
-- issuer: string (required)
-- clientId: string (required)
-- scopes?: string (default: "openid email profile")
-- routes?: { login?: string; callback?: string; logout?: string }
-- redirectUri?: { mode: "infer-from-request" } | { absolute: string }
-- cookie?: { name?: string; sameSite?: "Lax"|"Strict"|"None"; secure?: boolean; domain?: string; path?: string; signingSecret: string; maxAgeSec?: number }
-- protected?: string[] patterns
+
+```ts
+issuer: { env: string; fallback?: string }; // required
+clientId: { env: string; fallback?: string }; // required
+scopes?: string; // default: "openid email profile"
+routes?: {
+  login?: string;
+  callback?: string;
+  logout?: string;
+  logoutCallback?: string;
+};
+redirectUri?: { mode: "infer-from-request" } | { absolute: string };
+cookie: {
+  name?: string;
+  sameSite?: "Lax" | "Strict" | "None";
+  secure?: boolean;
+  domain?: string;
+  path?: string;
+  signingSecret: { env: string };
+  maxAgeSec?: number;
+};
+protected?: string[]; // path patterns
+```
 
 ## Types: Astro.locals
 Enable type augmentation by referencing the package export:
 
-- Add to your tsconfig.json: { "compilerOptions": { "types": ["@resuely/astro-oidc-rp/astro-locals"] } }
+Add to your `tsconfig.json`:
 
-Then `locals.user` is typed as `{ sub: string; email?: string } | null | undefined`.
+```json
+{
+  "compilerOptions": {
+    "types": ["@resuely/astro-oidc-rp/astro-locals"]
+  }
+}
+```
+
+Then `Astro.locals.user` is typed as:
+
+```ts
+{ sub: string; email?: string } | null | undefined
+```
 
 ## Security notes
 - Always provide a strong `cookie.signingSecret`.
-- In production, cookies are `Secure` by default.
+- Cookies are `Secure` by default; for local HTTP development you may need `cookie.secure: false`.
 - The init cookie used during login is short-lived (5 minutes) and set `HttpOnly` + `SameSite=Lax`.
 
 ## Build & Publish
 
-- Build: npm run build
-- Publish to npm: npm publish --access public
+Build:
+
+```sh
+npm run build
+```
+
+Publish:
+
+```sh
+npm publish --access public
+```
 
 ## License
 MIT