@fnd-platform/cognito-auth 1.0.0-alpha.2 → 1.0.0-alpha.4

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 fnd-platform contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/lib/remix/admin.server.js

@@ -1,4 +1,4 @@
-'use strict';
+"use strict";
 /**
  * Admin and role-based access utilities for Remix.
  *
@@ -6,13 +6,13 @@
  *
  * @packageDocumentation
  */
-Object.defineProperty(exports, '__esModule', { value: true });
+Object.defineProperty(exports, "__esModule", { value: true });
 exports.requireAdmin = requireAdmin;
 exports.requireRole = requireRole;
 exports.hasRole = hasRole;
 exports.hasAnyRole = hasAnyRole;
-const node_1 = require('@remix-run/node');
-const session_server_js_1 = require('./session.server.js');
+const node_1 = require("@remix-run/node");
+const session_server_js_1 = require("./session.server.js");
 /**
  * Requires admin role for accessing a route.
  *
@@ -35,7 +35,7 @@ const session_server_js_1 = require('./session.server.js');
  * ```
  */
 async function requireAdmin(request, storage) {
-  return requireRole(request, ['admin'], storage);
+    return requireRole(request, ['admin'], storage);
 }
 /**
  * Requires any of the specified roles for accessing a route.
@@ -60,25 +60,22 @@ async function requireAdmin(request, storage) {
  * ```
  */
 async function requireRole(request, roles, storage) {
-  // First ensure user is authenticated
-  const userId = await (0, session_server_js_1.requireAuth)(request, '/login', storage);
-  // Get user's groups from session
-  const session = await (0, session_server_js_1.getSession)(request, storage);
-  const userGroups = session.get('groups') ?? [];
-  // Check if user has at least one required role
-  const hasRequiredRole = roles.some((role) => userGroups.includes(role));
-  if (!hasRequiredRole) {
-    throw (0, node_1.json)(
-      {
-        error: {
-          code: 'FORBIDDEN',
-          message: `Required role: ${roles.join(' or ')}`,
-        },
-      },
-      { status: 403 }
-    );
-  }
-  return userId;
+    // First ensure user is authenticated
+    const userId = await (0, session_server_js_1.requireAuth)(request, '/login', storage);
+    // Get user's groups from session
+    const session = await (0, session_server_js_1.getSession)(request, storage);
+    const userGroups = session.get('groups') ?? [];
+    // Check if user has at least one required role
+    const hasRequiredRole = roles.some((role) => userGroups.includes(role));
+    if (!hasRequiredRole) {
+        throw (0, node_1.json)({
+            error: {
+                code: 'FORBIDDEN',
+                message: `Required role: ${roles.join(' or ')}`,
+            },
+        }, { status: 403 });
+    }
+    return userId;
 }
 /**
  * Checks if the user has a specific role.
@@ -100,17 +97,18 @@ async function requireRole(request, roles, storage) {
  * ```
  */
 async function hasRole(request, role, storage) {
-  try {
-    const session = await (0, session_server_js_1.getSession)(request, storage);
-    const userId = session.get('userId');
-    if (!userId) {
-      return false;
+    try {
+        const session = await (0, session_server_js_1.getSession)(request, storage);
+        const userId = session.get('userId');
+        if (!userId) {
+            return false;
+        }
+        const userGroups = session.get('groups') ?? [];
+        return userGroups.includes(role);
+    }
+    catch {
+        return false;
     }
-    const userGroups = session.get('groups') ?? [];
-    return userGroups.includes(role);
-  } catch {
-    return false;
-  }
 }
 /**
  * Checks if the user has any of the specified roles.
@@ -131,16 +129,17 @@ async function hasRole(request, role, storage) {
  * ```
  */
 async function hasAnyRole(request, roles, storage) {
-  try {
-    const session = await (0, session_server_js_1.getSession)(request, storage);
-    const userId = session.get('userId');
-    if (!userId) {
-      return false;
+    try {
+        const session = await (0, session_server_js_1.getSession)(request, storage);
+        const userId = session.get('userId');
+        if (!userId) {
+            return false;
+        }
+        const userGroups = session.get('groups') ?? [];
+        return roles.some((role) => userGroups.includes(role));
+    }
+    catch {
+        return false;
     }
-    const userGroups = session.get('groups') ?? [];
-    return roles.some((role) => userGroups.includes(role));
-  } catch {
-    return false;
-  }
 }
-//# sourceMappingURL=admin.server.js.map
+//# sourceMappingURL=admin.server.js.map

package/lib/remix/index.d.ts

@@ -3,15 +3,7 @@
  *
  * @packageDocumentation
  */
-export {
-  createSessionStorage,
-  getSession,
-  createUserSession,
-  requireAuth,
-  getOptionalUser,
-  getUserSession,
-  logout,
-  resetDefaultStorage,
-} from './session.server.js';
+export { createSessionStorage, getSession, createUserSession, requireAuth, getOptionalUser, getUserSession, getAccessToken, logout, resetDefaultStorage, } from './session.server.js';
+export type { GetAccessTokenConfig } from './session.server.js';
 export { requireAdmin, requireRole, hasRole, hasAnyRole } from './admin.server.js';
-//# sourceMappingURL=index.d.ts.map
+//# sourceMappingURL=index.d.ts.map

package/lib/remix/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/remix/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,oBAAoB,EACpB,UAAU,EACV,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,cAAc,EACd,MAAM,EACN,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/remix/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,oBAAoB,EACpB,UAAU,EACV,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,cAAc,EACd,cAAc,EACd,MAAM,EACN,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAE7B,YAAY,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC"}

package/lib/remix/index.js

@@ -1,95 +1,24 @@
-'use strict';
+"use strict";
 /**
  * Remix authentication utilities exports.
  *
  * @packageDocumentation
  */
-Object.defineProperty(exports, '__esModule', { value: true });
-exports.hasAnyRole =
-  exports.hasRole =
-  exports.requireRole =
-  exports.requireAdmin =
-  exports.resetDefaultStorage =
-  exports.logout =
-  exports.getUserSession =
-  exports.getOptionalUser =
-  exports.requireAuth =
-  exports.createUserSession =
-  exports.getSession =
-  exports.createSessionStorage =
-    void 0;
-var session_server_js_1 = require('./session.server.js');
-Object.defineProperty(exports, 'createSessionStorage', {
-  enumerable: true,
-  get: function () {
-    return session_server_js_1.createSessionStorage;
-  },
-});
-Object.defineProperty(exports, 'getSession', {
-  enumerable: true,
-  get: function () {
-    return session_server_js_1.getSession;
-  },
-});
-Object.defineProperty(exports, 'createUserSession', {
-  enumerable: true,
-  get: function () {
-    return session_server_js_1.createUserSession;
-  },
-});
-Object.defineProperty(exports, 'requireAuth', {
-  enumerable: true,
-  get: function () {
-    return session_server_js_1.requireAuth;
-  },
-});
-Object.defineProperty(exports, 'getOptionalUser', {
-  enumerable: true,
-  get: function () {
-    return session_server_js_1.getOptionalUser;
-  },
-});
-Object.defineProperty(exports, 'getUserSession', {
-  enumerable: true,
-  get: function () {
-    return session_server_js_1.getUserSession;
-  },
-});
-Object.defineProperty(exports, 'logout', {
-  enumerable: true,
-  get: function () {
-    return session_server_js_1.logout;
-  },
-});
-Object.defineProperty(exports, 'resetDefaultStorage', {
-  enumerable: true,
-  get: function () {
-    return session_server_js_1.resetDefaultStorage;
-  },
-});
-var admin_server_js_1 = require('./admin.server.js');
-Object.defineProperty(exports, 'requireAdmin', {
-  enumerable: true,
-  get: function () {
-    return admin_server_js_1.requireAdmin;
-  },
-});
-Object.defineProperty(exports, 'requireRole', {
-  enumerable: true,
-  get: function () {
-    return admin_server_js_1.requireRole;
-  },
-});
-Object.defineProperty(exports, 'hasRole', {
-  enumerable: true,
-  get: function () {
-    return admin_server_js_1.hasRole;
-  },
-});
-Object.defineProperty(exports, 'hasAnyRole', {
-  enumerable: true,
-  get: function () {
-    return admin_server_js_1.hasAnyRole;
-  },
-});
-//# sourceMappingURL=index.js.map
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasAnyRole = exports.hasRole = exports.requireRole = exports.requireAdmin = exports.resetDefaultStorage = exports.logout = exports.getAccessToken = exports.getUserSession = exports.getOptionalUser = exports.requireAuth = exports.createUserSession = exports.getSession = exports.createSessionStorage = void 0;
+var session_server_js_1 = require("./session.server.js");
+Object.defineProperty(exports, "createSessionStorage", { enumerable: true, get: function () { return session_server_js_1.createSessionStorage; } });
+Object.defineProperty(exports, "getSession", { enumerable: true, get: function () { return session_server_js_1.getSession; } });
+Object.defineProperty(exports, "createUserSession", { enumerable: true, get: function () { return session_server_js_1.createUserSession; } });
+Object.defineProperty(exports, "requireAuth", { enumerable: true, get: function () { return session_server_js_1.requireAuth; } });
+Object.defineProperty(exports, "getOptionalUser", { enumerable: true, get: function () { return session_server_js_1.getOptionalUser; } });
+Object.defineProperty(exports, "getUserSession", { enumerable: true, get: function () { return session_server_js_1.getUserSession; } });
+Object.defineProperty(exports, "getAccessToken", { enumerable: true, get: function () { return session_server_js_1.getAccessToken; } });
+Object.defineProperty(exports, "logout", { enumerable: true, get: function () { return session_server_js_1.logout; } });
+Object.defineProperty(exports, "resetDefaultStorage", { enumerable: true, get: function () { return session_server_js_1.resetDefaultStorage; } });
+var admin_server_js_1 = require("./admin.server.js");
+Object.defineProperty(exports, "requireAdmin", { enumerable: true, get: function () { return admin_server_js_1.requireAdmin; } });
+Object.defineProperty(exports, "requireRole", { enumerable: true, get: function () { return admin_server_js_1.requireRole; } });
+Object.defineProperty(exports, "hasRole", { enumerable: true, get: function () { return admin_server_js_1.hasRole; } });
+Object.defineProperty(exports, "hasAnyRole", { enumerable: true, get: function () { return admin_server_js_1.hasAnyRole; } });
+//# sourceMappingURL=index.js.map

package/lib/remix/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/remix/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,yDAS6B;AAR3B,yHAAA,oBAAoB,OAAA;AACpB,+GAAA,UAAU,OAAA;AACV,sHAAA,iBAAiB,OAAA;AACjB,gHAAA,WAAW,OAAA;AACX,oHAAA,eAAe,OAAA;AACf,mHAAA,cAAc,OAAA;AACd,2GAAA,MAAM,OAAA;AACN,wHAAA,mBAAmB,OAAA;AAGrB,qDAAmF;AAA1E,+GAAA,YAAY,OAAA;AAAE,8GAAA,WAAW,OAAA;AAAE,0GAAA,OAAO,OAAA;AAAE,6GAAA,UAAU,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/remix/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,yDAU6B;AAT3B,yHAAA,oBAAoB,OAAA;AACpB,+GAAA,UAAU,OAAA;AACV,sHAAA,iBAAiB,OAAA;AACjB,gHAAA,WAAW,OAAA;AACX,oHAAA,eAAe,OAAA;AACf,mHAAA,cAAc,OAAA;AACd,mHAAA,cAAc,OAAA;AACd,2GAAA,MAAM,OAAA;AACN,wHAAA,mBAAmB,OAAA;AAKrB,qDAAmF;AAA1E,+GAAA,YAAY,OAAA;AAAE,8GAAA,WAAW,OAAA;AAAE,0GAAA,OAAO,OAAA;AAAE,6GAAA,UAAU,OAAA"}

package/lib/remix/session.server.d.ts

@@ -45,15 +45,7 @@ export declare function resetDefaultStorage(): void;
  * }
  * ```
  */
-export declare function getSession(
-  request: Request,
-  storage?: SessionStorage
-): Promise<
-  import('@remix-run/node').Session<
-    import('@remix-run/node').SessionData,
-    import('@remix-run/node').SessionData
-  >
->;
+export declare function getSession(request: Request, storage?: SessionStorage): Promise<import("@remix-run/node").Session<import("@remix-run/node").SessionData, import("@remix-run/node").SessionData>>;
 /**
  * Creates a user session with authentication tokens and redirects.
  *
@@ -73,11 +65,7 @@ export declare function getSession(
  * }
  * ```
  */
-export declare function createUserSession(
-  tokens: AuthTokens,
-  redirectTo: string,
-  storage?: SessionStorage
-): Promise<Response>;
+export declare function createUserSession(tokens: AuthTokens, redirectTo: string, storage?: SessionStorage): Promise<Response>;
 /**
  * Requires authentication for a route.
  *
@@ -99,11 +87,7 @@ export declare function createUserSession(
  * }
  * ```
  */
-export declare function requireAuth(
-  request: Request,
-  redirectTo?: string,
-  storage?: SessionStorage
-): Promise<string>;
+export declare function requireAuth(request: Request, redirectTo?: string, storage?: SessionStorage): Promise<string>;
 /**
  * Gets the optional user from the session.
  *
@@ -122,10 +106,7 @@ export declare function requireAuth(
  * }
  * ```
  */
-export declare function getOptionalUser(
-  request: Request,
-  storage?: SessionStorage
-): Promise<SessionUser | null>;
+export declare function getOptionalUser(request: Request, storage?: SessionStorage): Promise<SessionUser | null>;
 /**
  * Gets full session data including tokens.
  *
@@ -148,10 +129,7 @@ export declare function getOptionalUser(
  * }
  * ```
  */
-export declare function getUserSession(
-  request: Request,
-  storage?: SessionStorage
-): Promise<SessionData | null>;
+export declare function getUserSession(request: Request, storage?: SessionStorage): Promise<SessionData | null>;
 /**
  * Logs out the user and redirects to the login page.
  *
@@ -169,9 +147,41 @@ export declare function getUserSession(
  * }
  * ```
  */
-export declare function logout(
-  request: Request,
-  redirectTo?: string,
-  storage?: SessionStorage
-): Promise<Response>;
-//# sourceMappingURL=session.server.d.ts.map
+export declare function logout(request: Request, redirectTo?: string, storage?: SessionStorage): Promise<Response>;
+/**
+ * Configuration for getting access tokens.
+ */
+export interface GetAccessTokenConfig {
+    /** Cognito User Pool Client ID (defaults to COGNITO_CLIENT_ID env var) */
+    clientId?: string;
+    /** AWS region (defaults to AWS_REGION env var) */
+    region?: string;
+}
+/**
+ * Gets a fresh access token for making authenticated API calls.
+ *
+ * Since access tokens are not stored in the session (to stay under cookie limits),
+ * this function uses the refresh token to obtain a fresh access token from Cognito.
+ *
+ * @param request - Remix request object
+ * @param config - Optional configuration
+ * @param storage - Optional custom session storage
+ * @returns Fresh access token or null if not authenticated
+ *
+ * @example
+ * ```typescript
+ * export async function loader({ request }: LoaderFunctionArgs) {
+ *   const accessToken = await getAccessToken(request);
+ *   if (!accessToken) {
+ *     throw redirect('/login');
+ *   }
+ *
+ *   const response = await fetch('https://api.example.com/data', {
+ *     headers: { Authorization: `Bearer ${accessToken}` },
+ *   });
+ *   return json(await response.json());
+ * }
+ * ```
+ */
+export declare function getAccessToken(request: Request, config?: GetAccessTokenConfig, storage?: SessionStorage): Promise<string | null>;
+//# sourceMappingURL=session.server.d.ts.map

package/lib/remix/session.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"session.server.d.ts","sourceRoot":"","sources":["../../src/remix/session.server.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAmBxE;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,cAAc,CAcpE;AAeD;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,cAAc,4HAG1E;AAoBD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,QAAQ,CAAC,CAqBnB;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,OAAO,EAChB,UAAU,SAAW,EACrB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,CAAC,CAiBjB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAa7B;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAmB7B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,MAAM,CAC1B,OAAO,EAAE,OAAO,EAChB,UAAU,SAAW,EACrB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,QAAQ,CAAC,CASnB"}
+{"version":3,"file":"session.server.d.ts","sourceRoot":"","sources":["../../src/remix/session.server.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAoBxE;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,cAAc,CAcpE;AAeD;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,cAAc,4HAG1E;AAoBD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,QAAQ,CAAC,CAuBnB;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,OAAO,EAChB,UAAU,SAAW,EACrB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,CAAC,CAiBjB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAa7B;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAmB7B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,MAAM,CAC1B,OAAO,EAAE,OAAO,EAChB,UAAU,SAAW,EACrB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,QAAQ,CAAC,CASnB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,OAAO,EAChB,MAAM,CAAC,EAAE,oBAAoB,EAC7B,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAwBxB"}

package/lib/remix/session.server.js

@@ -16,7 +16,9 @@ exports.requireAuth = requireAuth;
 exports.getOptionalUser = getOptionalUser;
 exports.getUserSession = getUserSession;
 exports.logout = logout;
+exports.getAccessToken = getAccessToken;
 const node_1 = require("@remix-run/node");
+const token_refresh_js_1 = require("../utils/token-refresh.js");
 /**
  * Default session storage instance.
  * Lazily initialized to avoid accessing env at module load.
@@ -141,9 +143,11 @@ async function createUserSession(tokens, redirectTo, storage) {
     const session = await sessionStorage.getSession();
     // Decode ID token to get user info
     const payload = decodeTokenPayload(tokens.idToken);
-    // Store only essential user info in session to stay under cookie size limit (~4KB).
-    // We skip storing the full tokens (accessToken, idToken) as they're large JWTs.
-    // The refreshToken is stored to enable token refresh for API calls when needed.
+    // Store tokens and user info in session.
+    // Note: Cookies have a ~4KB limit. JWT tokens are typically 1-2KB each.
+    // We only store refreshToken (for obtaining fresh accessTokens when needed).
+    // We skip accessToken and idToken to stay under cookie limits.
+    // User info is extracted from idToken and stored separately.
     session.set('refreshToken', tokens.refreshToken);
     session.set('expiresAt', Date.now() + tokens.expiresIn * 1000);
     session.set('userId', payload.sub);
@@ -250,10 +254,10 @@ async function getUserSession(request, storage) {
         return null;
     }
     return {
-        // Note: accessToken and idToken are not stored in session to stay under cookie limits.
-        // Use refreshToken to obtain fresh tokens when needed for API calls.
-        accessToken: session.get('accessToken'),
-        idToken: session.get('idToken'),
+        // accessToken and idToken are NOT stored to stay under ~4KB cookie limit.
+        // Use getAccessToken() to obtain a fresh accessToken when needed for API calls.
+        accessToken: undefined,
+        idToken: undefined,
         refreshToken: session.get('refreshToken'),
         expiresAt: session.get('expiresAt'),
         userId,
@@ -287,4 +291,53 @@ async function logout(request, redirectTo = '/login', storage) {
         },
     });
 }
+/**
+ * Gets a fresh access token for making authenticated API calls.
+ *
+ * Since access tokens are not stored in the session (to stay under cookie limits),
+ * this function uses the refresh token to obtain a fresh access token from Cognito.
+ *
+ * @param request - Remix request object
+ * @param config - Optional configuration
+ * @param storage - Optional custom session storage
+ * @returns Fresh access token or null if not authenticated
+ *
+ * @example
+ * ```typescript
+ * export async function loader({ request }: LoaderFunctionArgs) {
+ *   const accessToken = await getAccessToken(request);
+ *   if (!accessToken) {
+ *     throw redirect('/login');
+ *   }
+ *
+ *   const response = await fetch('https://api.example.com/data', {
+ *     headers: { Authorization: `Bearer ${accessToken}` },
+ *   });
+ *   return json(await response.json());
+ * }
+ * ```
+ */
+async function getAccessToken(request, config, storage) {
+    const session = await getSession(request, storage);
+    const refreshToken = session.get('refreshToken');
+    if (!refreshToken) {
+        return null;
+    }
+    const clientId = config?.clientId ?? process.env.COGNITO_CLIENT_ID;
+    if (!clientId) {
+        throw new Error('COGNITO_CLIENT_ID environment variable is required');
+    }
+    try {
+        const result = await (0, token_refresh_js_1.refreshAccessToken)(refreshToken, {
+            clientId,
+            region: config?.region,
+        });
+        return result.accessToken;
+    }
+    catch (error) {
+        // Refresh token may be expired or invalid
+        console.error('Failed to refresh access token:', error);
+        return null;
+    }
+}
 //# sourceMappingURL=session.server.js.map

package/lib/remix/session.server.js.map

@@ -1 +1 @@
-{"version":3,"file":"session.server.js","sourceRoot":"","sources":["../../src/remix/session.server.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAsCH,oDAcC;AAoBD,kDAEC;AAiBD,gCAGC;AAuCD,8CAyBC;AAuBD,kCAqBC;AAoBD,0CAgBC;AAwBD,wCAsBC;AAmBD,wBAaC;AA1TD,0CAAuE;AAIvE;;;GAGG;AACH,IAAI,qBAAqB,GAA0B,IAAI,CAAC;AAExD;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,eAAe;IACrB,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,SAAS;IACnC,IAAI,EAAE,GAAG;IACT,QAAQ,EAAE,KAAc;CACzB,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,SAAgB,oBAAoB,CAAC,MAAe;IAClD,MAAM,aAAa,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAE3D,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,IAAA,iCAA0B,EAAC;QAChC,MAAM,EAAE;YACN,GAAG,aAAa;YAChB,OAAO,EAAE,CAAC,aAAa,CAAC;YACxB,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;SAC9C;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB;IACxB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,qBAAqB,GAAG,oBAAoB,EAAE,CAAC;IACjD,CAAC;IACD,OAAO,qBAAqB,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB;IACjC,qBAAqB,GAAG,IAAI,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACI,KAAK,UAAU,UAAU,CAAC,OAAgB,EAAE,OAAwB;IACzE,MAAM,cAAc,GAAG,OAAO,IAAI,iBAAiB,EAAE,CAAC;IACtD,OAAO,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AAClE,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,kBAAkB,CAAC,KAAa;IACvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACI,KAAK,UAAU,iBAAiB,CACrC,MAAkB,EAClB,UAAkB,EAClB,OAAwB;IAExB,MAAM,cAAc,GAAG,OAAO,IAAI,iBAAiB,EAAE,CAAC;IACtD,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,CAAC;IAElD,mCAAmC;IACnC,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEnD,oFAAoF;IACpF,gFAAgF;IAChF,gFAAgF;IAChF,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAa,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,OAAO,EAAG,OAAO,CAAC,KAAgB,IAAI,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAG,OAAO,CAAC,gBAAgB,CAAc,IAAI,EAAE,CAAC,CAAC;IAErE,OAAO,IAAA,eAAQ,EAAC,UAAU,EAAE;QAC1B,OAAO,EAAE;YACP,YAAY,EAAE,MAAM,cAAc,CAAC,aAAa,CAAC,OAAO,CAAC;SAC1D;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACI,KAAK,UAAU,WAAW,CAC/B,OAAgB,EAChB,UAAU,GAAG,QAAQ,EACrB,OAAwB;IAExB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE3D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAA,eAAQ,EAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;IAED,qDAAqD;IACrD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAuB,CAAC;IACjE,IAAI,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QACxD,yBAAyB;QACzB,sDAAsD;QACtD,mEAAmE;IACrE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACI,KAAK,UAAU,eAAe,CACnC,OAAgB,EAChB,OAAwB;IAExB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE3D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,MAAM;QACN,KAAK,EAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAY,IAAI,EAAE;QAC7C,MAAM,EAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAc,IAAI,EAAE;KAClD,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACI,KAAK,UAAU,cAAc,CAClC,OAAgB,EAChB,OAAwB;IAExB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE3D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,uFAAuF;QACvF,qEAAqE;QACrE,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAuB;QAC7D,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS,CAAuB;QACrD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAW;QACnD,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW,CAAW;QAC7C,MAAM;QACN,KAAK,EAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAY,IAAI,EAAE;QAC7C,MAAM,EAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAc,IAAI,EAAE;KAClD,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACI,KAAK,UAAU,MAAM,CAC1B,OAAgB,EAChB,UAAU,GAAG,QAAQ,EACrB,OAAwB;IAExB,MAAM,cAAc,GAAG,OAAO,IAAI,iBAAiB,EAAE,CAAC;IACtD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAEnD,OAAO,IAAA,eAAQ,EAAC,UAAU,EAAE;QAC1B,OAAO,EAAE;YACP,YAAY,EAAE,MAAM,cAAc,CAAC,cAAc,CAAC,OAAO,CAAC;SAC3D;KACF,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"session.server.js","sourceRoot":"","sources":["../../src/remix/session.server.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAuCH,oDAcC;AAoBD,kDAEC;AAiBD,gCAGC;AAuCD,8CA2BC;AAuBD,kCAqBC;AAoBD,0CAgBC;AAwBD,wCAsBC;AAmBD,wBAaC;AAsCD,wCA4BC;AA/XD,0CAAuE;AAGvE,gEAA+D;AAE/D;;;GAGG;AACH,IAAI,qBAAqB,GAA0B,IAAI,CAAC;AAExD;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,eAAe;IACrB,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,SAAS;IACnC,IAAI,EAAE,GAAG;IACT,QAAQ,EAAE,KAAc;CACzB,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,SAAgB,oBAAoB,CAAC,MAAe;IAClD,MAAM,aAAa,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAE3D,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,IAAA,iCAA0B,EAAC;QAChC,MAAM,EAAE;YACN,GAAG,aAAa;YAChB,OAAO,EAAE,CAAC,aAAa,CAAC;YACxB,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;SAC9C;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB;IACxB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,qBAAqB,GAAG,oBAAoB,EAAE,CAAC;IACjD,CAAC;IACD,OAAO,qBAAqB,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB;IACjC,qBAAqB,GAAG,IAAI,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACI,KAAK,UAAU,UAAU,CAAC,OAAgB,EAAE,OAAwB;IACzE,MAAM,cAAc,GAAG,OAAO,IAAI,iBAAiB,EAAE,CAAC;IACtD,OAAO,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;AAClE,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,kBAAkB,CAAC,KAAa;IACvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACI,KAAK,UAAU,iBAAiB,CACrC,MAAkB,EAClB,UAAkB,EAClB,OAAwB;IAExB,MAAM,cAAc,GAAG,OAAO,IAAI,iBAAiB,EAAE,CAAC;IACtD,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,CAAC;IAElD,mCAAmC;IACnC,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEnD,yCAAyC;IACzC,wEAAwE;IACxE,6EAA6E;IAC7E,+DAA+D;IAC/D,6DAA6D;IAC7D,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAa,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,OAAO,EAAG,OAAO,CAAC,KAAgB,IAAI,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAG,OAAO,CAAC,gBAAgB,CAAc,IAAI,EAAE,CAAC,CAAC;IAErE,OAAO,IAAA,eAAQ,EAAC,UAAU,EAAE;QAC1B,OAAO,EAAE;YACP,YAAY,EAAE,MAAM,cAAc,CAAC,aAAa,CAAC,OAAO,CAAC;SAC1D;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACI,KAAK,UAAU,WAAW,CAC/B,OAAgB,EAChB,UAAU,GAAG,QAAQ,EACrB,OAAwB;IAExB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE3D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAA,eAAQ,EAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;IAED,qDAAqD;IACrD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAuB,CAAC;IACjE,IAAI,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QACxD,yBAAyB;QACzB,sDAAsD;QACtD,mEAAmE;IACrE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACI,KAAK,UAAU,eAAe,CACnC,OAAgB,EAChB,OAAwB;IAExB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE3D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,MAAM;QACN,KAAK,EAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAY,IAAI,EAAE;QAC7C,MAAM,EAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAc,IAAI,EAAE;KAClD,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACI,KAAK,UAAU,cAAc,CAClC,OAAgB,EAChB,OAAwB;IAExB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE3D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,0EAA0E;QAC1E,gFAAgF;QAChF,WAAW,EAAE,SAAS;QACtB,OAAO,EAAE,SAAS;QAClB,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAW;QACnD,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW,CAAW;QAC7C,MAAM;QACN,KAAK,EAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAY,IAAI,EAAE;QAC7C,MAAM,EAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAc,IAAI,EAAE;KAClD,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACI,KAAK,UAAU,MAAM,CAC1B,OAAgB,EAChB,UAAU,GAAG,QAAQ,EACrB,OAAwB;IAExB,MAAM,cAAc,GAAG,OAAO,IAAI,iBAAiB,EAAE,CAAC;IACtD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAEnD,OAAO,IAAA,eAAQ,EAAC,UAAU,EAAE;QAC1B,OAAO,EAAE;YACP,YAAY,EAAE,MAAM,cAAc,CAAC,cAAc,CAAC,OAAO,CAAC;SAC3D;KACF,CAAC,CAAC;AACL,CAAC;AAYD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACI,KAAK,UAAU,cAAc,CAClC,OAAgB,EAChB,MAA6B,EAC7B,OAAwB;IAExB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAuB,CAAC;IAEvE,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IACnE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,qCAAkB,EAAC,YAAY,EAAE;YACpD,QAAQ;YACR,MAAM,EAAE,MAAM,EAAE,MAAM;SACvB,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,WAAW,CAAC;IAC5B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,0CAA0C;QAC1C,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/package.json

@@ -1,19 +1,12 @@
 {
   "name": "@fnd-platform/cognito-auth",
-  "version": "1.0.0-alpha.2",
+  "version": "1.0.0-alpha.4",
   "description": "AWS Cognito authentication constructs and middleware for fnd-platform applications",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
   "files": [
     "lib/"
   ],
-  "scripts": {
-    "build": "tsc",
-    "test": "vitest run",
-    "test:watch": "vitest",
-    "test:coverage": "vitest run --coverage",
-    "lint": "eslint src/ test/"
-  },
   "dependencies": {
     "aws-jwt-verify": "^4.0.0"
   },
@@ -66,5 +59,12 @@
     "type": "git",
     "url": "https://github.com/your-org/fnd-platform",
     "directory": "packages/cognito-auth"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "lint": "eslint src/ test/"
   }
-}
+}