@civic/auth 0.0.1-beta.28 → 0.0.1-beta.29

package/dist/types-Bqm9OCZN.d.mts

@@ -0,0 +1,22 @@
+declare enum OAuthTokens {
+    ID_TOKEN = "id_token",
+    ACCESS_TOKEN = "access_token",
+    REFRESH_TOKEN = "refresh_token"
+}
+declare enum CodeVerifier {
+    COOKIE_NAME = "code_verifier"
+}
+declare enum UserStorage {
+    USER = "user"
+}
+interface CookieConfig {
+    secure?: boolean;
+    sameSite?: "strict" | "lax" | "none";
+    domain?: string;
+    path?: string;
+    maxAge?: number;
+    httpOnly?: boolean;
+}
+type TokensCookieConfig = Record<OAuthTokens | CodeVerifier, CookieConfig>;
+
+export { CodeVerifier as C, OAuthTokens as O, type TokensCookieConfig as T, UserStorage as U, type CookieConfig as a };

package/dist/types-Bqm9OCZN.d.ts

@@ -0,0 +1,22 @@
+declare enum OAuthTokens {
+    ID_TOKEN = "id_token",
+    ACCESS_TOKEN = "access_token",
+    REFRESH_TOKEN = "refresh_token"
+}
+declare enum CodeVerifier {
+    COOKIE_NAME = "code_verifier"
+}
+declare enum UserStorage {
+    USER = "user"
+}
+interface CookieConfig {
+    secure?: boolean;
+    sameSite?: "strict" | "lax" | "none";
+    domain?: string;
+    path?: string;
+    maxAge?: number;
+    httpOnly?: boolean;
+}
+type TokensCookieConfig = Record<OAuthTokens | CodeVerifier, CookieConfig>;
+
+export { CodeVerifier as C, OAuthTokens as O, type TokensCookieConfig as T, UserStorage as U, type CookieConfig as a };

package/dist/types-BxAubCqO.d.mts

@@ -0,0 +1,58 @@
+import { TokenResponseBody } from 'oslo/oauth2';
+
+type UnknownObject = Record<string, unknown>;
+type EmptyObject = Record<string, never>;
+type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
+type Endpoints = {
+    jwks: string;
+    auth: string;
+    token: string;
+    userinfo: string;
+    challenge?: string;
+};
+type Config = {
+    oauthServer: string;
+    endpoints?: Endpoints;
+};
+type SessionData = {
+    authenticated: boolean;
+    state?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    timestamp?: number;
+    expiresIn?: number;
+    codeVerifier?: string;
+    displayMode?: DisplayMode;
+    openerUrl?: string;
+};
+type OIDCTokenResponseBody = TokenResponseBody & {
+    id_token: string;
+};
+type ForwardedTokens = Record<string, {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}>;
+type Tokens = {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+    forwardedTokens: ForwardedTokens;
+};
+type BaseUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    updated_at?: Date;
+};
+type User<T extends UnknownObject = EmptyObject> = BaseUser & Partial<Tokens> & T;
+interface AuthStorage {
+    get(key: string): string | null;
+    set(key: string, value: string): void;
+}
+
+export type { AuthStorage as A, Config as C, DisplayMode as D, Endpoints as E, ForwardedTokens as F, OIDCTokenResponseBody as O, SessionData as S, Tokens as T, User as U, UnknownObject as a };

package/dist/types-BxAubCqO.d.ts

@@ -0,0 +1,58 @@
+import { TokenResponseBody } from 'oslo/oauth2';
+
+type UnknownObject = Record<string, unknown>;
+type EmptyObject = Record<string, never>;
+type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
+type Endpoints = {
+    jwks: string;
+    auth: string;
+    token: string;
+    userinfo: string;
+    challenge?: string;
+};
+type Config = {
+    oauthServer: string;
+    endpoints?: Endpoints;
+};
+type SessionData = {
+    authenticated: boolean;
+    state?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    timestamp?: number;
+    expiresIn?: number;
+    codeVerifier?: string;
+    displayMode?: DisplayMode;
+    openerUrl?: string;
+};
+type OIDCTokenResponseBody = TokenResponseBody & {
+    id_token: string;
+};
+type ForwardedTokens = Record<string, {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}>;
+type Tokens = {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+    forwardedTokens: ForwardedTokens;
+};
+type BaseUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    updated_at?: Date;
+};
+type User<T extends UnknownObject = EmptyObject> = BaseUser & Partial<Tokens> & T;
+interface AuthStorage {
+    get(key: string): string | null;
+    set(key: string, value: string): void;
+}
+
+export type { AuthStorage as A, Config as C, DisplayMode as D, Endpoints as E, ForwardedTokens as F, OIDCTokenResponseBody as O, SessionData as S, Tokens as T, User as U, UnknownObject as a };

package/dist/types-DOfl9w7j.d.mts

@@ -0,0 +1,23 @@
+declare enum OAuthTokens {
+    ID_TOKEN = "id_token",
+    ACCESS_TOKEN = "access_token",
+    REFRESH_TOKEN = "refresh_token"
+}
+declare enum CodeVerifier {
+    COOKIE_NAME = "code_verifier",
+    APP_URL = "app_url"
+}
+declare enum UserStorage {
+    USER = "user"
+}
+interface CookieConfig {
+    secure?: boolean;
+    sameSite?: "strict" | "lax" | "none";
+    domain?: string;
+    path?: string;
+    maxAge?: number;
+    httpOnly?: boolean;
+}
+type TokensCookieConfig = Record<OAuthTokens | CodeVerifier, CookieConfig>;
+
+export { CodeVerifier as C, OAuthTokens as O, type TokensCookieConfig as T, UserStorage as U, type CookieConfig as a };

package/dist/types-DOfl9w7j.d.ts

@@ -0,0 +1,23 @@
+declare enum OAuthTokens {
+    ID_TOKEN = "id_token",
+    ACCESS_TOKEN = "access_token",
+    REFRESH_TOKEN = "refresh_token"
+}
+declare enum CodeVerifier {
+    COOKIE_NAME = "code_verifier",
+    APP_URL = "app_url"
+}
+declare enum UserStorage {
+    USER = "user"
+}
+interface CookieConfig {
+    secure?: boolean;
+    sameSite?: "strict" | "lax" | "none";
+    domain?: string;
+    path?: string;
+    maxAge?: number;
+    httpOnly?: boolean;
+}
+type TokensCookieConfig = Record<OAuthTokens | CodeVerifier, CookieConfig>;
+
+export { CodeVerifier as C, OAuthTokens as O, type TokensCookieConfig as T, UserStorage as U, type CookieConfig as a };

package/dist/types-HdCjGldB.d.mts

@@ -0,0 +1,58 @@
+import { TokenResponseBody } from 'oslo/oauth2';
+
+type UnknownObject = Record<string, unknown>;
+type EmptyObject = Record<string, never>;
+type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
+type Endpoints = {
+    jwks: string;
+    auth: string;
+    token: string;
+    userinfo: string;
+    challenge?: string;
+};
+type Config = {
+    oauthServer: string;
+    endpoints?: Endpoints;
+};
+type SessionData = {
+    authenticated: boolean;
+    state?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    timestamp?: number;
+    expiresIn?: number;
+    codeVerifier?: string;
+    displayMode?: DisplayMode;
+    openerUrl?: string;
+};
+type OIDCTokenResponseBody = TokenResponseBody & {
+    id_token: string;
+};
+type ForwardedTokens = Record<string, {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}>;
+type Tokens = {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+    forwardedTokens: ForwardedTokens;
+};
+type BaseUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    updated_at?: Date;
+};
+type User<T extends UnknownObject = EmptyObject> = BaseUser & Partial<Tokens> & T;
+interface AuthStorage {
+    get(key: string): string | null;
+    set(key: string, value: string): void;
+}
+
+export type { AuthStorage as A, Config as C, DisplayMode as D, Endpoints as E, ForwardedTokens as F, OIDCTokenResponseBody as O, SessionData as S, Tokens as T, User as U, UnknownObject as a, EmptyObject as b };

package/dist/types-HdCjGldB.d.ts

@@ -0,0 +1,58 @@
+import { TokenResponseBody } from 'oslo/oauth2';
+
+type UnknownObject = Record<string, unknown>;
+type EmptyObject = Record<string, never>;
+type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
+type Endpoints = {
+    jwks: string;
+    auth: string;
+    token: string;
+    userinfo: string;
+    challenge?: string;
+};
+type Config = {
+    oauthServer: string;
+    endpoints?: Endpoints;
+};
+type SessionData = {
+    authenticated: boolean;
+    state?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    timestamp?: number;
+    expiresIn?: number;
+    codeVerifier?: string;
+    displayMode?: DisplayMode;
+    openerUrl?: string;
+};
+type OIDCTokenResponseBody = TokenResponseBody & {
+    id_token: string;
+};
+type ForwardedTokens = Record<string, {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}>;
+type Tokens = {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+    forwardedTokens: ForwardedTokens;
+};
+type BaseUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    updated_at?: Date;
+};
+type User<T extends UnknownObject = EmptyObject> = BaseUser & Partial<Tokens> & T;
+interface AuthStorage {
+    get(key: string): string | null;
+    set(key: string, value: string): void;
+}
+
+export type { AuthStorage as A, Config as C, DisplayMode as D, Endpoints as E, ForwardedTokens as F, OIDCTokenResponseBody as O, SessionData as S, Tokens as T, User as U, UnknownObject as a, EmptyObject as b };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@civic/auth",
-  "version": "0.0.1-beta.28",
+  "version": "0.0.1-beta.29",
   "type": "module",
   "module": "dist/index.js",
   "main": "dist/index.ts",

package/src/browser/storage.ts

@@ -1,11 +1,11 @@
 import type { AuthStorage } from "@/types.js";
 
 export class LocalStorageAdapter implements AuthStorage {
-  get(key: string): string {
-    return localStorage.getItem(key) || "";
+  async get(key: string): Promise<string> {
+    return Promise.resolve(localStorage.getItem(key) || "");
   }
 
-  set(key: string, value: string): void {
+  async set(key: string, value: string): Promise<void> {
     localStorage.setItem(key, value);
   }
 }

package/src/nextjs/GetUser.ts

@@ -6,11 +6,11 @@ import { GenericUserSession } from "@/shared/lib/UserSession.js";
 import { NextjsClientStorage } from "@/nextjs/cookies.js";
 import { retrieveTokens } from "@/shared/lib/util.js";
 
-export const getUser = (): User | null => {
+export const getUser = async (): Promise<User | null> => {
   const clientStorage = new NextjsClientStorage();
   const userSession = new GenericUserSession(clientStorage);
-  const tokens = retrieveTokens(clientStorage);
-  const user = userSession.get();
+  const tokens = await retrieveTokens(clientStorage);
+  const user = await userSession.get();
   if (!user || !tokens) return null;
 
   return {

package/src/nextjs/config.ts

@@ -33,11 +33,9 @@ export type AuthConfig = Partial<AuthConfigWithDefaults>;
 
 export type DefinedAuthConfig = AuthConfigWithDefaults;
 
-console.log(`process.env.NODE_ENV: ${process.env.NODE_ENV}`);
 const isDevelopment = process.env.NODE_ENV === "development";
 
 const defaultServerSecure = isDevelopment ? false : true;
-console.log(`defaultServerSecure: ${defaultServerSecure}`);
 /**
  * Default configuration values that will be used if not overridden
  */

package/src/nextjs/cookies.ts

@@ -102,12 +102,12 @@ const createUserInfoCookie = (
 const clearAuthCookies = async (config: AuthConfig) => {
   // clear session, and tokens
   const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens);
-  clearTokens(cookieStorage);
+  await clearTokens(cookieStorage);
 
   // clear user
   const clientStorage = new NextjsClientStorage();
   const userSession = new GenericUserSession(clientStorage);
-  userSession.set(null);
+  await userSession.set(null);
 };
 
 type KeySetter = OAuthTokens | CodeVerifier;
@@ -119,23 +119,17 @@ class NextjsCookieStorage extends CookieStorage {
     });
   }
 
-  get(key: string): string | null {
-    return cookies().get(key)?.value || null;
+  async get(key: string): Promise<string | null> {
+    const cookieStore = await cookies();
+    return cookieStore.get(key)?.value || null;
   }
 
-  set(key: KeySetter, value: string): void {
+  async set(key: KeySetter, value: string): Promise<void> {
+    const cookieStore = await cookies();
     const cookieSettings = this.config?.[key as KeySetter] || {
       ...this.settings,
     };
-    console.log(
-      "NextjsCookieStorage.set",
-      JSON.stringify(
-        { key, value, config: this.config, cookieSettings },
-        null,
-        2,
-      ),
-    );
-    cookies().set(key, value, cookieSettings);
+    cookieStore.set(key, value, cookieSettings);
   }
 }
 
@@ -148,12 +142,14 @@ class NextjsClientStorage extends CookieStorage {
     });
   }
 
-  get(key: string): string | null {
-    return cookies().get(key)?.value || null;
+  async get(key: string): Promise<string | null> {
+    const cookieStore = await cookies();
+    return cookieStore.get(key)?.value || null;
   }
 
-  set(key: string, value: string): void {
-    cookies().set(key, value, this.settings);
+  async set(key: string, value: string): Promise<void> {
+    const cookieStore = await cookies();
+    cookieStore.set(key, value, this.settings);
   }
 }
 

package/src/nextjs/routeHandler.ts

@@ -19,7 +19,6 @@ import {
   TOKEN_EXCHANGE_TRIGGER_TEXT,
 } from "@/constants.js";
 import { serverTokenExchangeFromState } from "@/lib/oauth.js";
-import { cookies } from "next/headers.js";
 import { CodeVerifier } from "@/shared/lib/types.js";
 
 const logger = loggers.nextjs.handlers.auth;
@@ -108,7 +107,6 @@ async function handleCallback(
   console.log("handleCallback", {
     code,
     state,
-    cookies: cookies(),
     appUrl,
   });
 
@@ -148,9 +146,7 @@ async function handleCallback(
                             const appUrl = globalThis.window?.location?.origin;
                             fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {
                                 response.json().then((jsonResponse) => {
-                                    console.log('fetch jsonResponse', jsonResponse);
                                     if (jsonResponse.redirectUrl) {
-                                        console.log('handleCallback serverTokenExchangeFromState, redirecting');
                                         window.location.href = jsonResponse.redirectUrl;
                                     }
                                 });
@@ -243,7 +239,7 @@ export async function handleLogout(
 
   const response = NextResponse.redirect(finalRedirectUrl);
 
-  clearAuthCookies(config);
+  await clearAuthCookies(config);
 
   try {
     revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);

package/src/reactjs/hooks/index.ts

@@ -3,5 +3,4 @@ export { useToken } from "@/shared/hooks/useToken.js";
 export { useAuth } from "@/shared/hooks/useAuth.js";
 export { useSession } from "@/shared/hooks/useSession.js";
 export { useConfig } from "@/shared/hooks/useConfig.js";
-export { useTokenCookie } from "@/nextjs/hooks/useTokenCookie.js";
 export { useIframe } from "@/shared/hooks/useIframe.js";

package/src/server/ServerAuthenticationResolver.ts

@@ -25,11 +25,6 @@ export class ServerAuthenticationResolver implements AuthenticationResolver {
     readonly storage: AuthStorage,
     readonly endpointOverrides?: Partial<Endpoints>,
   ) {
-    console.log("ServerAuthenticationResolver constructor", {
-      authConfig,
-      storage,
-      endpointOverrides,
-    });
     this.pkceProducer = new GenericPublicClientPKCEProducer(storage);
   }
   validateExistingSession(): Promise<SessionData> {
@@ -72,13 +67,13 @@ export class ServerAuthenticationResolver implements AuthenticationResolver {
       this.endpoints!, // clean up types here to avoid the ! operator
     );
 
-    storeTokens(this.storage, tokens);
+    await storeTokens(this.storage, tokens);
 
     return tokens;
   }
 
   async getSessionData(): Promise<SessionData | null> {
-    const storageData = retrieveTokens(this.storage);
+    const storageData = await retrieveTokens(this.storage);
 
     if (!storageData) return null;
 

package/src/server/login.ts

@@ -29,8 +29,8 @@ export async function resolveOAuthAccessCode(
   return authSessionService.tokenExchange(code, state);
 }
 
-export function isLoggedIn(storage: AuthStorage): boolean {
-  return !!storage.get("id_token");
+export async function isLoggedIn(storage: AuthStorage): Promise<boolean> {
+  return !!(await storage.get("id_token"));
 }
 
 export async function buildLoginUrl(

package/src/services/AuthenticationService.ts

@@ -74,7 +74,6 @@ export class BrowserAuthenticationInitiator implements AuthenticationInitiator {
 
   constructor(config: typeof this.config) {
     this.config = config;
-    console.log("BrowserAuthenticationInitiator constructor", this.config);
   }
 
   async handleLoginAppPopupFailed(redirectUrl: string) {
@@ -97,11 +96,9 @@ export class BrowserAuthenticationInitiator implements AuthenticationInitiator {
         thisURL.hostname === "localhost"
       ) {
         if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {
-          console.log("Received invalid message from login app", event.data);
           return;
         }
         const loginMessage = event.data as LoginPostMessage;
-        console.log("Received message from login app", event.data);
         this.handleLoginAppPopupFailed(loginMessage.data.url);
       }
     };
@@ -117,7 +114,6 @@ export class BrowserAuthenticationInitiator implements AuthenticationInitiator {
     if (this.config.displayMode === "new_tab") {
       try {
         const popupWindow = window.open(url.toString(), "_blank");
-        console.log("signIn", popupWindow);
         if (!popupWindow) {
           throw new PopupError("Failed to open popup window");
         }
@@ -133,8 +129,8 @@ export class BrowserAuthenticationInitiator implements AuthenticationInitiator {
 
   async signOut(): Promise<URL> {
     const localStorage = new LocalStorageAdapter();
-    clearTokens(localStorage);
-    clearUser(localStorage);
+    await clearTokens(localStorage);
+    await clearUser(localStorage);
     // TODO open the iframe or new tab etc: the logout URL is not currently
     // supported by on the oauth, so just clear state until then
     const url = await generateOauthLogoutUrl(this.config);
@@ -168,9 +164,6 @@ export class GenericAuthenticationInitiator implements AuthenticationInitiator {
 
   constructor(config: typeof this.config) {
     this.config = config;
-    console.log("GenericAuthenticationInitiator constructor", {
-      config,
-    });
   }
 
   // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url
@@ -207,9 +200,6 @@ export class BrowserAuthenticationService extends BrowserAuthenticationInitiator
     // Since we are running fully on the client, we produce as well as consume the PKCE challenge
     protected pkceProducer = new BrowserPublicClientPKCEProducer(),
   ) {
-    console.log("BrowserAuthenticationService constructor", {
-      config,
-    });
     super({
       ...config,
       state: generateState(config.displayMode),
@@ -260,7 +250,7 @@ export class BrowserAuthenticationService extends BrowserAuthenticationInitiator
       this.endpoints!, // clean up types here to avoid the ! operator
     );
 
-    storeTokens(new LocalStorageAdapter(), tokens);
+    await storeTokens(new LocalStorageAdapter(), tokens);
 
     // cleanup the browser window if needed
     const parsedDisplayMode = displayModeFromState(
@@ -279,7 +269,7 @@ export class BrowserAuthenticationService extends BrowserAuthenticationInitiator
 
   // Get the session data from local storage
   async getSessionData(): Promise<SessionData | null> {
-    const storageData = retrieveTokens(new LocalStorageAdapter());
+    const storageData = await retrieveTokens(new LocalStorageAdapter());
 
     if (!storageData) return null;
 
@@ -296,7 +286,7 @@ export class BrowserAuthenticationService extends BrowserAuthenticationInitiator
       const sessionData = await this.getSessionData();
       if (!sessionData?.idToken || !sessionData.accessToken) {
         const unAuthenticatedSession = { ...sessionData, authenticated: false };
-        clearTokens(new LocalStorageAdapter());
+        await clearTokens(new LocalStorageAdapter());
         return unAuthenticatedSession;
       }
       if (!this.endpoints || !this.oauth2client) await this.init();
@@ -318,7 +308,7 @@ export class BrowserAuthenticationService extends BrowserAuthenticationInitiator
       const unAuthenticatedSession = {
         authenticated: false,
       };
-      clearTokens(new LocalStorageAdapter());
+      await clearTokens(new LocalStorageAdapter());
       return unAuthenticatedSession;
     }
   }

package/src/shared/components/CivicAuthIframeContainer.tsx

@@ -106,9 +106,6 @@ const CivicAuthIframeContainer = ({
           // On the initial (3rd party) redirect from the auth server, the cookie won't be sent, so the server-side callback route will just render a blank page,
           // and we'll do the exchange request from here, which will include the cookies.
           if (iframeBody.includes(TOKEN_EXCHANGE_TRIGGER_TEXT)) {
-            console.log(
-              `${TOKEN_EXCHANGE_TRIGGER_TEXT}, calling callback URL again...`,
-            );
             const params = new URL(iframeUrl).searchParams;
             const appUrl = globalThis.window?.location?.origin;
             fetch(
@@ -157,7 +154,6 @@ const CivicAuthIframeContainer = ({
 
   const handleIframeLoad = () => {
     setIsLoading(false);
-    console.log("handleIframeLoad");
     if (processIframeUrl() && intervalId.current) {
       clearInterval(intervalId.current);
     }

package/src/shared/lib/GenericAuthenticationRefresher.ts

@@ -16,12 +16,7 @@ export class GenericAuthenticationRefresher implements AuthenticationRefresher {
     private authConfig: AuthConfig,
     private storage: AuthStorage,
     private endpointOverrides?: Partial<Endpoints>,
-  ) {
-    console.log("GenericAuthenticationRefresher constructor", {
-      authConfig,
-      endpointOverrides,
-    });
-  }
+  ) {}
 
   async init(): Promise<this> {
     // resolve oauth config
@@ -59,7 +54,7 @@ export class GenericAuthenticationRefresher implements AuthenticationRefresher {
   async refreshTokens() {
     if (!this.oauth2client) await this.init();
 
-    const tokens = retrieveTokens(this.storage);
+    const tokens = await retrieveTokens(this.storage);
     if (!tokens?.refresh_token) throw new Error("No refresh token available");
 
     const oauth2Client = this.oauth2client!;
@@ -68,7 +63,7 @@ export class GenericAuthenticationRefresher implements AuthenticationRefresher {
         tokens.refresh_token,
       );
 
-    storeTokens(this.storage, refreshedTokens);
+    await storeTokens(this.storage, refreshedTokens);
 
     return tokens;
   }