@authaz/next 1.0.6 → 1.0.8

package/dist/index.d.ts

@@ -28,6 +28,12 @@ type AuthazNextConfig = AuthazConfig & {
    * Falls back to clientSecret if not provided.
    */
   apiKey?: string;
+  /**
+   * Domain for Universal Login (OAuth authorize, token, logout).
+   * Default: "https://identity.authaz.io".
+   * When set, the handler uses this for the login redirect; the core client uses it for OAuth flows.
+   */
+  authazIdentityDomain?: string;
   /**
    * Enable debug logging
    */
@@ -45,6 +51,7 @@ type AuthHandler = {
  * - POST /api/auth/callback - Handles OAuth callback (receives code via form POST)
  * - POST /api/auth/logout - Clears session and redirects to logout (POST-only for CSRF protection)
  * - GET /api/auth/me - Returns current user info (requires valid session)
+ * - GET /api/auth/oauth2/userinfo - Returns OIDC userinfo payload (same as backend /oauth2/userinfo)
  * - POST /api/auth/refresh - Refreshes the access token
  *
  * IMPORTANT: The OAuth callback from the identity provider arrives as GET.

package/dist/index.js

@@ -31,6 +31,7 @@ const toNextCookieOptions = (options) => {
 * - POST /api/auth/callback - Handles OAuth callback (receives code via form POST)
 * - POST /api/auth/logout - Clears session and redirects to logout (POST-only for CSRF protection)
 * - GET /api/auth/me - Returns current user info (requires valid session)
+* - GET /api/auth/oauth2/userinfo - Returns OIDC userinfo payload (same as backend /oauth2/userinfo)
 * - POST /api/auth/refresh - Refreshes the access token
 *
 * IMPORTANT: The OAuth callback from the identity provider arrives as GET.
@@ -94,7 +95,8 @@ const createAuthazHandler = (config) => {
 	};
 	const afterLoginUrl = config.afterLoginUrl || "/";
 	const afterLogoutUrl = config.afterLogoutUrl || "/";
-	const authazDomain = config.authazDomain || "https://api.authaz.io";
+	config.authazDomain;
+	const authazIdentityDomain = config.authazIdentityDomain || "https://identity.authaz.io";
 	const fixedRedirectUri = config.redirectUri;
 	const isDebug = config.debug || false;
 	const apiKey = config.apiKey || config.clientSecret;
@@ -106,8 +108,14 @@ const createAuthazHandler = (config) => {
 	};
 	const getAction = (request) => {
 		const url = new URL(request.url);
-		const pathParts = url.pathname.split("/");
-		const action = pathParts[pathParts.length - 1];
+		const pathParts = url.pathname.split("/").filter(Boolean);
+		const last = pathParts[pathParts.length - 1];
+		const prev = pathParts[pathParts.length - 2];
+		if (last === "userinfo" && prev === "oauth2") {
+			log(`getAction: pathname=${url.pathname}, action=oauth2/userinfo`);
+			return "oauth2/userinfo";
+		}
+		const action = last ?? "";
 		log(`getAction: pathname=${url.pathname}, action=${action}`);
 		return action;
 	};
@@ -232,10 +240,8 @@ const createAuthazHandler = (config) => {
 		log("Getting current user");
 		const accessToken = (await getCookieStore()).get(COOKIE_NAMES.ACCESS_TOKEN)?.value;
 		if (!accessToken) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-		logError("authazDomain", authazDomain);
-		logError("accessToken", accessToken);
-		logError("apiKey", apiKey);
-		const userinfo = await fetchUserinfo(authazDomain, accessToken, apiKey);
+		logError("1 -- authazIdentityDomain", authazIdentityDomain);
+		const userinfo = await fetchUserinfo(authazIdentityDomain, accessToken, apiKey);
 		if (!userinfo) {
 			logError("Failed to fetch userinfo");
 			return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
@@ -246,6 +252,24 @@ const createAuthazHandler = (config) => {
 			user
 		});
 	};
+	const handleUserinfo = async () => {
+		log("Getting userinfo (OAuth2 userinfo endpoint)");
+		const accessToken = (await getCookieStore()).get(COOKIE_NAMES.ACCESS_TOKEN)?.value;
+		if (!accessToken) return NextResponse.json({ error: "Unauthorized" }, {
+			status: 401,
+			headers: { "WWW-Authenticate": "Bearer" }
+		});
+		logError("2 -- authazIdentityDomain", authazIdentityDomain);
+		const userinfo = await fetchUserinfo(authazIdentityDomain, accessToken, apiKey);
+		if (!userinfo) {
+			logError("Failed to fetch userinfo");
+			return NextResponse.json({ error: "Unauthorized" }, {
+				status: 401,
+				headers: { "WWW-Authenticate": "Bearer" }
+			});
+		}
+		return NextResponse.json(userinfo);
+	};
 	const handleRefresh = async (request) => {
 		log("Handling token refresh");
 		const refreshToken = (await getCookieStore()).get(COOKIE_NAMES.REFRESH_TOKEN)?.value;
@@ -273,6 +297,7 @@ const createAuthazHandler = (config) => {
 		switch (action) {
 			case "login": return handleLogin(request);
 			case "me": return handleMe();
+			case "oauth2/userinfo": return handleUserinfo();
 			case "callback":
 			case "logout":
 			case "refresh": return NextResponse.json({ error: "Method not allowed. Use POST." }, { status: 405 });
@@ -286,7 +311,8 @@ const createAuthazHandler = (config) => {
 			case "logout": return handleLogout(request);
 			case "refresh": return handleRefresh(request);
 			case "login":
-			case "me": return NextResponse.json({ error: "Method not allowed. Use GET." }, { status: 405 });
+			case "me":
+			case "oauth2/userinfo": return NextResponse.json({ error: "Method not allowed. Use GET." }, { status: 405 });
 			default: return NextResponse.json({ error: `Unknown action: ${action}` }, { status: 404 });
 		}
 	};

package/package.json

@@ -1,7 +1,7 @@
 {
   "author": "@authaz",
   "name": "@authaz/next",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "type": "module",
   "description": "NextJS authaz SDK",
   "license": "MIT",
@@ -39,7 +39,7 @@
   "peerDependencies": {
     "next": ">=15",
     "react": ">=17",
-    "@authaz/sdk": "^1.2.4"
+    "@authaz/sdk": "^1.2.6"
   },
   "devDependencies": {
     "@jest/globals": "30.2.0",