@artatol-acp/auth-nextjs 0.5.4 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +28 -9
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -297,27 +297,46 @@ export function LoginForm() {
297
297
  }
298
298
  ```
299
299
 
300
- ## Middleware (Optional)
300
+ ## Middleware (REQUIRED)
301
301
 
302
- Create `middleware.ts` for route protection:
302
+ > **⚠️ IMPORTANT:** Middleware is **required** for automatic token refresh to work. Without it, users will be logged out when their access token expires (every 5 minutes).
303
+
304
+ The middleware handles:
305
+ - Automatic access token refresh using the refresh token
306
+ - Route protection (redirect to login if not authenticated)
307
+ - Token validation
308
+
309
+ Create `middleware.ts` in your project root:
303
310
 
304
311
  ```typescript
305
312
  import { createACPAuthMiddleware } from '@artatol-acp/auth-nextjs/middleware';
306
- import { readFileSync } from 'fs';
307
313
 
308
- const publicKey = readFileSync('./keys/public.pem', 'utf-8');
309
-
310
- export const middleware = createACPAuthMiddleware({
311
- jwtPublicKey: publicKey,
312
- publicPaths: ['/login', '/register', '/forgot-password'],
314
+ export default createACPAuthMiddleware({
315
+ baseUrl: process.env.ACP_AUTH_URL!,
316
+ jwtPublicKey: process.env.ACP_AUTH_JWT_PUBLIC_KEY!,
317
+ // Optional: customize public paths (defaults shown below)
318
+ publicPaths: ['/login', '/register', '/forgot-password', '/reset-password', '/verify-email', '/verify-2fa'],
313
319
  loginPath: '/login',
320
+ // Optional: cookie configuration for SSO
321
+ cookies: {
322
+ domain: process.env.NODE_ENV === 'production' ? '.yourdomain.com' : undefined,
323
+ },
314
324
  });
315
325
 
316
326
  export const config = {
317
- matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
327
+ matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
318
328
  };
319
329
  ```
320
330
 
331
+ ### Why is middleware required?
332
+
333
+ In Next.js App Router, cookies can only be modified in:
334
+ - Route Handlers (`app/api/...`)
335
+ - Server Actions
336
+ - Middleware
337
+
338
+ Server Components (pages) **cannot** set cookies. When a user's access token expires and they navigate to a page, the SDK cannot refresh the token from within the page render. The middleware intercepts the request **before** the page renders and handles the refresh.
339
+
321
340
  ## Environment Variables
322
341
 
323
342
  ```env
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@artatol-acp/auth-nextjs",
3
- "version": "0.5.4",
3
+ "version": "0.5.5",
4
4
  "description": "Next.js SDK for Artatol Cloud Platform Authentication with support for App Router, Server Actions, and Middleware",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",