npm - @chemmangat/msal-next - Versions diffs - 3.0.2 → 3.0.4 - Mend

@chemmangat/msal-next 3.0.2 → 3.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md CHANGED Viewed

@@ -7,6 +7,8 @@ Production-grade MSAL authentication library for Next.js App Router with minimal
 > **v3.0.0 is here!** 🎉 New CLI tool, enhanced debugging, and better DX. [See what's new](#whats-new-in-v30)
+> **Having issues?** Check the [Troubleshooting Guide](./TROUBLESHOOTING.md) for common problems and solutions.
 ## Features
 ✨ **CLI Setup** - Get started in under 2 minutes with `npx @chemmangat/msal-next init`
@@ -85,19 +87,24 @@ npm install @chemmangat/msal-next@3.0.0 @azure/msal-browser@^4.0.0 @azure/msal-r
 ## Quick Start
-### 1. Wrap your app with MsalAuthProvider
+> **Important:** Use `MSALProvider` (not `MsalAuthProvider`) in your layout.tsx to avoid the "createContext only works in Client Components" error.
+### 1. Wrap your app with MSALProvider
 ```tsx
 // app/layout.tsx
-import { MsalAuthProvider } from '@chemmangat/msal-next';
+import { MSALProvider } from '@chemmangat/msal-next';
 export default function RootLayout({ children }) {
   return (
     <html>
       <body>
-        <MsalAuthProvider clientId="YOUR_CLIENT_ID">
+        <MSALProvider
+          clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
+          tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
+        >
           {children}
-        </MsalAuthProvider>
+        </MSALProvider>
       </body>
     </html>
   );
@@ -127,19 +134,52 @@ That's it! 🎉
 ## Components
-### MsalAuthProvider
+### MSALProvider (Recommended for App Router)
-The root provider that initializes MSAL.
+Pre-configured wrapper component that's already marked as `'use client'`. Use this in your server-side layout.tsx.
 ```tsx
-<MsalAuthProvider
-  clientId="YOUR_CLIENT_ID"
-  tenantId="YOUR_TENANT_ID" // Optional
-  scopes={['User.Read', 'Mail.Read']} // Optional
-  enableLogging={true} // Optional
->
-  {children}
-</MsalAuthProvider>
+// app/layout.tsx (Server Component)
+import { MSALProvider } from '@chemmangat/msal-next';
+export default function RootLayout({ children }) {
+  return (
+    <html>
+      <body>
+        <MSALProvider
+          clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
+          tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
+          scopes={['User.Read', 'Mail.Read']} // Optional
+          enableLogging={true} // Optional
+        >
+          {children}
+        </MSALProvider>
+      </body>
+    </html>
+  );
+}
+```
+### MsalAuthProvider (Advanced Usage)
+The underlying provider component. Only use this if you're creating your own client component wrapper.
+```tsx
+// app/providers.tsx
+'use client'
+import { MsalAuthProvider } from '@chemmangat/msal-next';
+export function MyProviders({ children }) {
+  return (
+    <MsalAuthProvider
+      clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
+      tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
+    >
+      {children}
+    </MsalAuthProvider>
+  );
+}
 ```
 ### MicrosoftSignInButton

package/TROUBLESHOOTING.md ADDED Viewed

@@ -0,0 +1,294 @@
+# Troubleshooting Guide
+Common issues and their solutions for @chemmangat/msal-next.
+## "createContext only works in Client Components"
+### Error Message
+```
+createContext only works in Client Components. Add the "use client" directive at the top of the file to use it.
+```
+### Solution
+Use `MSALProvider` instead of `MsalAuthProvider` in your layout.tsx:
+**❌ Wrong:**
+```tsx
+// app/layout.tsx
+import { MsalAuthProvider } from '@chemmangat/msal-next';
+export default function RootLayout({ children }) {
+  return (
+    <html>
+      <body>
+        <MsalAuthProvider clientId="...">
+          {children}
+        </MsalAuthProvider>
+      </body>
+    </html>
+  );
+}
+```
+**✅ Correct:**
+```tsx
+// app/layout.tsx
+import { MSALProvider } from '@chemmangat/msal-next';
+export default function RootLayout({ children }) {
+  return (
+    <html>
+      <body>
+        <MSALProvider
+          clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
+          tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
+        >
+          {children}
+        </MSALProvider>
+      </body>
+    </html>
+  );
+}
+```
+### Why?
+- Next.js App Router layouts are Server Components by default
+- `MsalAuthProvider` uses React Context, which requires client-side rendering
+- `MSALProvider` is a pre-configured wrapper that's already marked as `'use client'`
+---
+## "no_token_request_cache_error"
+### Error Message
+```
+BrowserAuthError: no_token_request_cache_error
+```
+### Solution
+This error is now handled automatically in v3.0.2+. If you're still seeing it:
+1. **Update to the latest version:**
+   ```bash
+   npm install @chemmangat/msal-next@latest
+   ```
+2. **Clear your browser cache and cookies** for your app's domain
+3. **Ensure you're using the correct redirect URI** in Azure AD:
+   - Development: `http://localhost:3000`
+   - Production: `https://yourdomain.com`
+### Why?
+This error occurs when:
+- User refreshes the page during authentication flow
+- There's a mismatch between cached auth state and current request
+- The package now handles this gracefully (v3.0.2+)
+---
+## "User cancelled" or Popup Closed
+### Error Message
+```
+user_cancelled: User cancelled the flow
+```
+### Solution
+This is expected behavior when users close the popup. The package handles this gracefully.
+If you want to show a message to users:
+```tsx
+<MicrosoftSignInButton
+  onError={(error) => {
+    if (error.message.includes('user_cancelled')) {
+      console.log('User closed the login popup');
+      // Show a friendly message
+    }
+  }}
+/>
+```
+---
+## Environment Variables Not Working
+### Symptoms
+- `undefined` values for clientId or tenantId
+- Authentication not initializing
+### Solution
+1. **Check your .env.local file exists:**
+   ```bash
+   # .env.local
+   NEXT_PUBLIC_AZURE_AD_CLIENT_ID=your-client-id
+   NEXT_PUBLIC_AZURE_AD_TENANT_ID=your-tenant-id
+   ```
+2. **Restart your dev server** after adding environment variables:
+   ```bash
+   # Stop the server (Ctrl+C)
+   npm run dev
+   ```
+3. **Verify the variables are prefixed with `NEXT_PUBLIC_`:**
+   - ✅ `NEXT_PUBLIC_AZURE_AD_CLIENT_ID`
+   - ❌ `AZURE_AD_CLIENT_ID` (won't work in client components)
+---
+## "Interaction already in progress"
+### Error Message
+```
+Interaction already in progress
+```
+### Solution
+This is a safety feature to prevent multiple concurrent login attempts. Wait for the current interaction to complete.
+The package automatically prevents this in v3.0.2+, but if you're manually calling login methods:
+```tsx
+const { loginPopup, inProgress } = useMsalAuth();
+const handleLogin = async () => {
+  // Check if interaction is in progress
+  if (inProgress) {
+    console.log('Please wait for current login to complete');
+    return;
+  }
+  await loginPopup();
+};
+```
+---
+## Token Acquisition Fails
+### Symptoms
+- `acquireToken()` throws errors
+- Silent token acquisition fails
+### Solution
+1. **Ensure user is logged in:**
+   ```tsx
+   const { isAuthenticated, acquireToken } = useMsalAuth();
+   if (!isAuthenticated) {
+     // User needs to login first
+     await loginPopup();
+   }
+   const token = await acquireToken(['User.Read']);
+   ```
+2. **Check the scopes are granted in Azure AD:**
+   - Go to Azure Portal → App Registrations → Your App → API Permissions
+   - Ensure the scopes you're requesting are listed and granted
+3. **Use the fallback pattern:**
+   ```tsx
+   // acquireToken automatically falls back to popup if silent fails
+   const token = await acquireToken(['User.Read']);
+   ```
+---
+## Build Errors with package.json
+### Error Message
+```
+Error parsing package.json file
+```
+### Solution
+This was fixed in v3.0.1. Update to the latest version:
+```bash
+npm install @chemmangat/msal-next@latest
+```
+If you're still having issues:
+1. Delete `node_modules` and `package-lock.json`
+2. Run `npm install` again
+3. Clear Next.js cache: `rm -rf .next`
+---
+## TypeScript Errors
+### Symptoms
+- Type errors with MSAL types
+- Missing type definitions
+### Solution
+1. **Ensure peer dependencies are installed:**
+   ```bash
+   npm install @azure/msal-browser@^4.0.0 @azure/msal-react@^3.0.0
+   ```
+2. **Check your tsconfig.json includes:**
+   ```json
+   {
+     "compilerOptions": {
+       "moduleResolution": "bundler",
+       "jsx": "preserve",
+       "lib": ["dom", "dom.iterable", "esnext"]
+     }
+   }
+   ```
+---
+## Still Having Issues?
+1. **Enable debug logging:**
+   ```tsx
+   <MSALProvider
+     clientId="..."
+     enableLogging={true}
+   >
+     {children}
+   </MSALProvider>
+   ```
+2. **Check the browser console** for detailed error messages
+3. **Verify Azure AD configuration:**
+   - Redirect URIs are correct
+   - App is not expired
+   - Required permissions are granted
+4. **Open an issue on GitHub:**
+   - Include error messages
+   - Include relevant code snippets
+   - Include package versions: `npm list @chemmangat/msal-next`
+---
+## Common Azure AD Configuration Issues
+### Redirect URI Mismatch
+- **Error:** `redirect_uri_mismatch`
+- **Solution:** Add your app's URL to Azure AD → App Registrations → Authentication → Redirect URIs
+### Missing Permissions
+- **Error:** `consent_required` or `invalid_grant`
+- **Solution:** Add required API permissions in Azure AD and grant admin consent if needed
+### Multi-tenant Issues
+- **Solution:** Use `authorityType: "common"` for multi-tenant apps:
+  ```tsx
+  <MSALProvider
+    clientId="..."
+    authorityType="common"
+  >
+    {children}
+  </MSALProvider>
+  ```

package/dist/chunk-AD43IVG7.mjs ADDED Viewed

@@ -0,0 +1,51 @@
+// src/utils/validation.ts
+function safeJsonParse(jsonString, validator) {
+  try {
+    const parsed = JSON.parse(jsonString);
+    if (validator(parsed)) {
+      return parsed;
+    }
+    console.warn("[Validation] JSON validation failed");
+    return null;
+  } catch (error) {
+    console.error("[Validation] JSON parse error:", error);
+    return null;
+  }
+}
+function isValidAccountData(data) {
+  return typeof data === "object" && data !== null && typeof data.homeAccountId === "string" && data.homeAccountId.length > 0 && typeof data.username === "string" && data.username.length > 0 && (data.name === void 0 || typeof data.name === "string");
+}
+function sanitizeError(error) {
+  if (error instanceof Error) {
+    const message = error.message;
+    const sanitized = message.replace(/[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}/g, "[TOKEN_REDACTED]").replace(/[a-f0-9]{32,}/gi, "[SECRET_REDACTED]").replace(/Bearer\s+[^\s]+/gi, "Bearer [REDACTED]");
+    return sanitized;
+  }
+  return "An unexpected error occurred";
+}
+function isValidRedirectUri(uri, allowedOrigins) {
+  try {
+    const url = new URL(uri);
+    return allowedOrigins.some((allowed) => {
+      const allowedUrl = new URL(allowed);
+      return url.origin === allowedUrl.origin;
+    });
+  } catch {
+    return false;
+  }
+}
+function isValidScope(scope) {
+  return /^[a-zA-Z0-9._-]+$/.test(scope);
+}
+function validateScopes(scopes) {
+  return Array.isArray(scopes) && scopes.every(isValidScope);
+}
+export {
+  safeJsonParse,
+  isValidAccountData,
+  sanitizeError,
+  isValidRedirectUri,
+  isValidScope,
+  validateScopes
+};

package/dist/index.d.mts CHANGED Viewed

@@ -3,6 +3,7 @@ import { Configuration, LogLevel, IPublicClientApplication, PublicClientApplicat
 export { AccountInfo } from '@azure/msal-browser';
 import { ReactNode, CSSProperties, Component, ErrorInfo, ComponentType } from 'react';
 import { NextRequest, NextResponse } from 'next/server';
+export { ServerSession } from './server.mjs';
 export { useAccount, useIsAuthenticated, useMsal } from '@azure/msal-react';
 /**
@@ -105,6 +106,34 @@ interface MsalAuthProviderProps extends MsalAuthConfig {
 declare function getMsalInstance(): PublicClientApplication | null;
 declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
+/**
+ * Pre-configured MSALProvider component for Next.js App Router layouts.
+ * This component is already marked as 'use client', so you can use it directly
+ * in your server-side layout.tsx without needing to create a separate client component.
+ *
+ * @example
+ * ```tsx
+ * // app/layout.tsx
+ * import { MSALProvider } from '@chemmangat/msal-next'
+ *
+ * export default function RootLayout({ children }) {
+ *   return (
+ *     <html lang="en">
+ *       <body>
+ *         <MSALProvider
+ *           clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
+ *           tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
+ *         >
+ *           {children}
+ *         </MSALProvider>
+ *       </body>
+ *     </html>
+ *   )
+ * }
+ * ```
+ */
+declare function MSALProvider({ children, ...props }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
 interface MicrosoftSignInButtonProps {
     /**
      * Button text
@@ -350,34 +379,6 @@ declare class ErrorBoundary extends Component<ErrorBoundaryProps, ErrorBoundaryS
     render(): ReactNode;
 }
-/**
- * Pre-configured Providers component for Next.js App Router layouts.
- * This component is already marked as 'use client', so you can use it directly
- * in your server-side layout.tsx without needing to create a separate client component.
- *
- * @example
- * ```tsx
- * // app/layout.tsx
- * import { Providers } from '@chemmangat/msal-next'
- *
- * export default function RootLayout({ children }) {
- *   return (
- *     <html lang="en">
- *       <body>
- *         <Providers
- *           clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
- *           tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
- *         >
- *           {children}
- *         </Providers>
- *       </body>
- *     </html>
- *   )
- * }
- * ```
- */
-declare function Providers({ children, ...props }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
 interface UseMsalAuthReturn {
     /**
      * Current authenticated account
@@ -911,24 +912,4 @@ interface AuthMiddlewareConfig {
  */
 declare function createAuthMiddleware(config?: AuthMiddlewareConfig): (request: NextRequest) => Promise<NextResponse<unknown>>;
-interface ServerSession {
-    /**
-     * Whether user is authenticated
-     */
-    isAuthenticated: boolean;
-    /**
-     * User's account ID from MSAL cache
-     */
-    accountId?: string;
-    /**
-     * User's username/email
-     */
-    username?: string;
-    /**
-     * Access token (if available in cookie)
-     * @deprecated Storing tokens in cookies is not recommended for security reasons
-     */
-    accessToken?: string;
-}
-export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, Providers, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };
+export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };

package/dist/index.d.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import { Configuration, LogLevel, IPublicClientApplication, PublicClientApplicat
 export { AccountInfo } from '@azure/msal-browser';
 import { ReactNode, CSSProperties, Component, ErrorInfo, ComponentType } from 'react';
 import { NextRequest, NextResponse } from 'next/server';
+export { ServerSession } from './server.js';
 export { useAccount, useIsAuthenticated, useMsal } from '@azure/msal-react';
 /**
@@ -105,6 +106,34 @@ interface MsalAuthProviderProps extends MsalAuthConfig {
 declare function getMsalInstance(): PublicClientApplication | null;
 declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
+/**
+ * Pre-configured MSALProvider component for Next.js App Router layouts.
+ * This component is already marked as 'use client', so you can use it directly
+ * in your server-side layout.tsx without needing to create a separate client component.
+ *
+ * @example
+ * ```tsx
+ * // app/layout.tsx
+ * import { MSALProvider } from '@chemmangat/msal-next'
+ *
+ * export default function RootLayout({ children }) {
+ *   return (
+ *     <html lang="en">
+ *       <body>
+ *         <MSALProvider
+ *           clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
+ *           tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
+ *         >
+ *           {children}
+ *         </MSALProvider>
+ *       </body>
+ *     </html>
+ *   )
+ * }
+ * ```
+ */
+declare function MSALProvider({ children, ...props }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
 interface MicrosoftSignInButtonProps {
     /**
      * Button text
@@ -350,34 +379,6 @@ declare class ErrorBoundary extends Component<ErrorBoundaryProps, ErrorBoundaryS
     render(): ReactNode;
 }
-/**
- * Pre-configured Providers component for Next.js App Router layouts.
- * This component is already marked as 'use client', so you can use it directly
- * in your server-side layout.tsx without needing to create a separate client component.
- *
- * @example
- * ```tsx
- * // app/layout.tsx
- * import { Providers } from '@chemmangat/msal-next'
- *
- * export default function RootLayout({ children }) {
- *   return (
- *     <html lang="en">
- *       <body>
- *         <Providers
- *           clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
- *           tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
- *         >
- *           {children}
- *         </Providers>
- *       </body>
- *     </html>
- *   )
- * }
- * ```
- */
-declare function Providers({ children, ...props }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
 interface UseMsalAuthReturn {
     /**
      * Current authenticated account
@@ -911,24 +912,4 @@ interface AuthMiddlewareConfig {
  */
 declare function createAuthMiddleware(config?: AuthMiddlewareConfig): (request: NextRequest) => Promise<NextResponse<unknown>>;
-interface ServerSession {
-    /**
-     * Whether user is authenticated
-     */
-    isAuthenticated: boolean;
-    /**
-     * User's account ID from MSAL cache
-     */
-    accountId?: string;
-    /**
-     * User's username/email
-     */
-    username?: string;
-    /**
-     * Access token (if available in cookie)
-     * @deprecated Storing tokens in cookies is not recommended for security reasons
-     */
-    accessToken?: string;
-}
-export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, Providers, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };
+export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };