@functionalcms/svelte-components 2.17.8 → 2.17.10

package/dist/auth/auth.d.ts

@@ -1,6 +1,6 @@
 /// <reference types="@sveltejs/kit" />
-type Tokencallback = (token: any, profile: any) => any;
-export declare const configureAuthentication: (secret: string, issuer: string, clientId: string, clientSecret: string, customClaims?: string[], jwtCallback?: Tokencallback) => () => {
+type ProcessSession = (session: any) => any;
+export declare const configureAuthentication: (secret: string, issuer: string, clientId: string, clientSecret: string, customClaims?: string[], sessionTransformation?: ProcessSession) => () => {
     handle: import("@sveltejs/kit").Handle;
     signIn: import("@sveltejs/kit").Action;
     signOut: import("@sveltejs/kit").Action;

package/dist/auth/auth.js

@@ -1,8 +1,45 @@
 import { SvelteKitAuth } from "@auth/sveltekit";
 import Keycloak from "@auth/sveltekit/providers/keycloak";
 const defaultScopes = ["openid", "profile", "offline_access", "functional"];
-const defaultTokenCallback = (profile) => profile;
-export const configureAuthentication = (secret, issuer, clientId, clientSecret, customClaims = [], jwtCallback = defaultTokenCallback) => {
+const defaultTokenCallback = (session) => { };
+function isTokenRefreshRequired(issued_at) {
+    const dateNow = Math.floor(new Date().getTime() / 1000);
+    const diffrence = Math.abs(new Date(issued_at).getTime() - dateNow);
+    const minutes = Math.floor(diffrence / 60);
+    return minutes > 25;
+}
+async function refreshToken(issuer, clientId, clientSecret, session) {
+    const user = session?.user;
+    if (user) {
+        try {
+            const request = await fetch(`${issuer}/protocol/openid-connect/token`, {
+                method: 'POST',
+                headers: {
+                    'content-type': 'application/x-www-form-urlencoded'
+                },
+                body: new URLSearchParams({
+                    grant_type: 'client_credentials',
+                    client_id: clientId,
+                    client_secret: clientSecret // ${ISSUER}/api/v2/
+                })
+            });
+            return await request.json();
+        }
+        catch (error) {
+            console.error(`Error while updating token data: ${error?.message}. Reusing existing tokens!`);
+            return {
+                accessToken: user.access_token,
+                expires_at: user.expires_at
+            };
+        }
+    }
+    else {
+        return {
+            message: 'User is not authorized to rotate access-token'
+        };
+    }
+}
+export const configureAuthentication = (secret, issuer, clientId, clientSecret, customClaims = [], sessionTransformation = defaultTokenCallback) => {
     const scope = defaultScopes.concat(customClaims).join(' ');
     return () => SvelteKitAuth({
         providers: [Keycloak({
@@ -16,35 +53,38 @@ export const configureAuthentication = (secret, issuer, clientId, clientSecret,
                 }
             })],
         secret: secret,
+        trustHost: true,
         callbacks: {
-            // async signIn({ user, account, profile, email, credentials }: any) {
-            //     return user;
-            // },
-            async jwt({ token, user, account, session, profile, trigger }) {
-                // Your JWT callback logic here
+            async jwt({ token, user, account, profile, session }) {
                 if (account) {
-                    token.id = account.providerAccountId;
-                    token.accessToken = account.access_token;
+                    token.account = account;
                 }
                 if (user) {
-                    token.roles = user.roles;
-                    token.metadata = user.metadata;
+                    token.user = user;
                 }
                 if (profile) {
-                    token.custom = jwtCallback(profile);
+                    token.profile = profile;
+                }
+                if (token && isTokenRefreshRequired(token.expires_at)) {
+                    const updatedToken = await refreshToken(issuer, clientId, clientSecret, session);
+                    if (updatedToken.access_token) {
+                        token = {
+                            ...token,
+                            ...updatedToken
+                        };
+                    }
                 }
                 return token;
             },
             async session({ session, token, user }) {
-                session.accessToken = token.accessToken;
+                session.accessToken = token.account.access_token;
                 if (session.user) {
-                    session.user.roles = token.roles;
-                    session.user.metadata = token.metadata;
-                    session.userId = token.sub;
+                    session = { ...session, ...user };
                 }
-                if (token.custom) {
-                    session.custom = token.custom;
+                if (token.profile) {
+                    session.profile = token.profile;
                 }
+                sessionTransformation(session);
                 return session;
             }
         }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@functionalcms/svelte-components",
-	"version": "2.17.8",
+	"version": "2.17.10",
 	"watch": {
 		"build": {
 			"patterns": [