@authaz/next 1.0.5 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.d.ts +7 -0
  2. package/dist/index.js +31 -4
  3. package/package.json +2 -2
package/dist/index.d.ts CHANGED
@@ -28,6 +28,12 @@ type AuthazNextConfig = AuthazConfig & {
28
28
  * Falls back to clientSecret if not provided.
29
29
  */
30
30
  apiKey?: string;
31
+ /**
32
+ * Domain for Universal Login (OAuth authorize, token, logout).
33
+ * Default: "https://identity.authaz.io".
34
+ * When set, the handler uses this for the login redirect; the core client uses it for OAuth flows.
35
+ */
36
+ authazIdentityDomain?: string;
31
37
  /**
32
38
  * Enable debug logging
33
39
  */
@@ -45,6 +51,7 @@ type AuthHandler = {
45
51
  * - POST /api/auth/callback - Handles OAuth callback (receives code via form POST)
46
52
  * - POST /api/auth/logout - Clears session and redirects to logout (POST-only for CSRF protection)
47
53
  * - GET /api/auth/me - Returns current user info (requires valid session)
54
+ * - GET /api/auth/oauth2/userinfo - Returns OIDC userinfo payload (same as backend /oauth2/userinfo)
48
55
  * - POST /api/auth/refresh - Refreshes the access token
49
56
  *
50
57
  * IMPORTANT: The OAuth callback from the identity provider arrives as GET.
package/dist/index.js CHANGED
@@ -31,6 +31,7 @@ const toNextCookieOptions = (options) => {
31
31
  * - POST /api/auth/callback - Handles OAuth callback (receives code via form POST)
32
32
  * - POST /api/auth/logout - Clears session and redirects to logout (POST-only for CSRF protection)
33
33
  * - GET /api/auth/me - Returns current user info (requires valid session)
34
+ * - GET /api/auth/oauth2/userinfo - Returns OIDC userinfo payload (same as backend /oauth2/userinfo)
34
35
  * - POST /api/auth/refresh - Refreshes the access token
35
36
  *
36
37
  * IMPORTANT: The OAuth callback from the identity provider arrives as GET.
@@ -94,7 +95,8 @@ const createAuthazHandler = (config) => {
94
95
  };
95
96
  const afterLoginUrl = config.afterLoginUrl || "/";
96
97
  const afterLogoutUrl = config.afterLogoutUrl || "/";
97
- const authazDomain = config.authazDomain || "https://authaz.io";
98
+ const authazDomain = config.authazDomain || "https://api.authaz.io";
99
+ const authazIdentityDomain = config.authazIdentityDomain || "https://identity.authaz.io";
98
100
  const fixedRedirectUri = config.redirectUri;
99
101
  const isDebug = config.debug || false;
100
102
  const apiKey = config.apiKey || config.clientSecret;
@@ -106,8 +108,14 @@ const createAuthazHandler = (config) => {
106
108
  };
107
109
  const getAction = (request) => {
108
110
  const url = new URL(request.url);
109
- const pathParts = url.pathname.split("/");
110
- const action = pathParts[pathParts.length - 1];
111
+ const pathParts = url.pathname.split("/").filter(Boolean);
112
+ const last = pathParts[pathParts.length - 1];
113
+ const prev = pathParts[pathParts.length - 2];
114
+ if (last === "userinfo" && prev === "oauth2") {
115
+ log(`getAction: pathname=${url.pathname}, action=oauth2/userinfo`);
116
+ return "oauth2/userinfo";
117
+ }
118
+ const action = last ?? "";
111
119
  log(`getAction: pathname=${url.pathname}, action=${action}`);
112
120
  return action;
113
121
  };
@@ -243,6 +251,23 @@ const createAuthazHandler = (config) => {
243
251
  user
244
252
  });
245
253
  };
254
+ const handleUserinfo = async () => {
255
+ log("Getting userinfo (OAuth2 userinfo endpoint)");
256
+ const accessToken = (await getCookieStore()).get(COOKIE_NAMES.ACCESS_TOKEN)?.value;
257
+ if (!accessToken) return NextResponse.json({ error: "Unauthorized" }, {
258
+ status: 401,
259
+ headers: { "WWW-Authenticate": "Bearer" }
260
+ });
261
+ const userinfo = await fetchUserinfo(authazIdentityDomain, accessToken, apiKey);
262
+ if (!userinfo) {
263
+ logError("Failed to fetch userinfo");
264
+ return NextResponse.json({ error: "Unauthorized" }, {
265
+ status: 401,
266
+ headers: { "WWW-Authenticate": "Bearer" }
267
+ });
268
+ }
269
+ return NextResponse.json(userinfo);
270
+ };
246
271
  const handleRefresh = async (request) => {
247
272
  log("Handling token refresh");
248
273
  const refreshToken = (await getCookieStore()).get(COOKIE_NAMES.REFRESH_TOKEN)?.value;
@@ -270,6 +295,7 @@ const createAuthazHandler = (config) => {
270
295
  switch (action) {
271
296
  case "login": return handleLogin(request);
272
297
  case "me": return handleMe();
298
+ case "oauth2/userinfo": return handleUserinfo();
273
299
  case "callback":
274
300
  case "logout":
275
301
  case "refresh": return NextResponse.json({ error: "Method not allowed. Use POST." }, { status: 405 });
@@ -283,7 +309,8 @@ const createAuthazHandler = (config) => {
283
309
  case "logout": return handleLogout(request);
284
310
  case "refresh": return handleRefresh(request);
285
311
  case "login":
286
- case "me": return NextResponse.json({ error: "Method not allowed. Use GET." }, { status: 405 });
312
+ case "me":
313
+ case "oauth2/userinfo": return NextResponse.json({ error: "Method not allowed. Use GET." }, { status: 405 });
287
314
  default: return NextResponse.json({ error: `Unknown action: ${action}` }, { status: 404 });
288
315
  }
289
316
  };
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "author": "@authaz",
3
3
  "name": "@authaz/next",
4
- "version": "1.0.5",
4
+ "version": "1.0.7",
5
5
  "type": "module",
6
6
  "description": "NextJS authaz SDK",
7
7
  "license": "MIT",
@@ -39,7 +39,7 @@
39
39
  "peerDependencies": {
40
40
  "next": ">=15",
41
41
  "react": ">=17",
42
- "@authaz/sdk": "^1.2.4"
42
+ "@authaz/sdk": "^1.2.5"
43
43
  },
44
44
  "devDependencies": {
45
45
  "@jest/globals": "30.2.0",