npm - @imtbl/auth-nextjs - Versions diffs - 0.0.1-alpha.0 → 2.12.4-alpha.5 - Mend

@imtbl/auth-nextjs 0.0.1-alpha.0 → 2.12.4-alpha.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/node/chunk-OPPMGNFZ.js +210 -0
package/dist/node/client/index.cjs +380 -0
package/dist/node/client/index.js +365 -0
package/dist/node/index.cjs +296 -0
package/dist/node/index.js +55 -0
package/dist/node/server/index.cjs +300 -0
package/dist/node/server/index.js +57 -0
package/dist/types/client/callback.d.ts +37 -0
package/dist/types/client/index.d.ts +5 -0
package/dist/types/client/provider.d.ts +70 -0
package/dist/types/config.d.ts +23 -0
package/dist/types/constants.d.ts +42 -0
package/dist/types/index.d.ts +63 -0
package/dist/types/refresh.d.ts +16 -0
package/dist/types/server/index.d.ts +2 -0
package/dist/types/server/with-page-auth.d.ts +94 -0
package/dist/types/types.d.ts +192 -0
package/dist/types/utils/token.d.ts +8 -0
package/package.json +2 -2

package/dist/node/chunk-OPPMGNFZ.js ADDED Viewed

@@ -0,0 +1,210 @@
+// src/constants.ts
+var DEFAULT_AUTH_DOMAIN = "https://auth.immutable.com";
+var IMMUTABLE_PROVIDER_ID = "immutable";
+var DEFAULT_TOKEN_EXPIRY_SECONDS = 900;
+var DEFAULT_TOKEN_EXPIRY_MS = DEFAULT_TOKEN_EXPIRY_SECONDS * 1e3;
+var TOKEN_EXPIRY_BUFFER_SECONDS = 60;
+var DEFAULT_SESSION_MAX_AGE_SECONDS = 30 * 24 * 60 * 60;
+// src/refresh.ts
+async function refreshAccessToken(token, config) {
+  const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
+  if (!token.refreshToken) {
+    return {
+      ...token,
+      error: "NoRefreshToken"
+    };
+  }
+  try {
+    const response = await fetch(`${authDomain}/oauth/token`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        grant_type: "refresh_token",
+        client_id: config.clientId,
+        refresh_token: token.refreshToken
+      })
+    });
+    if (!response.ok) {
+      let errorMessage = `Token refresh failed with status ${response.status}`;
+      try {
+        const errorData = await response.json();
+        if (errorData.error_description || errorData.error) {
+          errorMessage = errorData.error_description || errorData.error;
+        }
+      } catch {
+      }
+      throw new Error(errorMessage);
+    }
+    const data = await response.json();
+    if (!data.access_token || typeof data.access_token !== "string") {
+      throw new Error("Invalid token response: missing access_token");
+    }
+    const expiresIn = data.expires_in || DEFAULT_TOKEN_EXPIRY_SECONDS;
+    const accessTokenExpires = Date.now() + expiresIn * 1e3;
+    return {
+      ...token,
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token ?? token.refreshToken,
+      idToken: data.id_token ?? token.idToken,
+      accessTokenExpires,
+      error: void 0
+    };
+  } catch (error) {
+    console.error("[auth-nextjs] Failed to refresh token:", error);
+    return {
+      ...token,
+      error: "RefreshTokenError"
+    };
+  }
+}
+function isTokenExpired(accessTokenExpires, bufferSeconds = TOKEN_EXPIRY_BUFFER_SECONDS) {
+  if (typeof accessTokenExpires !== "number" || Number.isNaN(accessTokenExpires)) {
+    return true;
+  }
+  return Date.now() >= accessTokenExpires - bufferSeconds * 1e3;
+}
+// src/config.ts
+import Credentials from "next-auth/providers/credentials";
+var CredentialsProvider = Credentials.default || Credentials;
+async function validateTokens(accessToken, authDomain) {
+  try {
+    const response = await fetch(`${authDomain}/userinfo`, {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${accessToken}`
+      }
+    });
+    if (!response.ok) {
+      console.error("[auth-nextjs] Token validation failed:", response.status, response.statusText);
+      return null;
+    }
+    return await response.json();
+  } catch (error) {
+    console.error("[auth-nextjs] Token validation error:", error);
+    return null;
+  }
+}
+function createAuthOptions(config) {
+  const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
+  return {
+    providers: [
+      CredentialsProvider({
+        id: IMMUTABLE_PROVIDER_ID,
+        name: "Immutable",
+        credentials: {
+          tokens: { label: "Tokens", type: "text" }
+        },
+        async authorize(credentials) {
+          if (!credentials?.tokens) {
+            return null;
+          }
+          let tokenData;
+          try {
+            tokenData = JSON.parse(credentials.tokens);
+          } catch (error) {
+            console.error("[auth-nextjs] Failed to parse token data:", error);
+            return null;
+          }
+          if (!tokenData.accessToken || typeof tokenData.accessToken !== "string" || !tokenData.profile || typeof tokenData.profile !== "object" || !tokenData.profile.sub || typeof tokenData.profile.sub !== "string" || typeof tokenData.accessTokenExpires !== "number" || Number.isNaN(tokenData.accessTokenExpires)) {
+            console.error("[auth-nextjs] Invalid token data structure - missing required fields");
+            return null;
+          }
+          const userInfo = await validateTokens(tokenData.accessToken, authDomain);
+          if (!userInfo) {
+            console.error("[auth-nextjs] Token validation failed - rejecting authentication");
+            return null;
+          }
+          if (userInfo.sub !== tokenData.profile.sub) {
+            console.error(
+              "[auth-nextjs] User ID mismatch - userinfo sub:",
+              userInfo.sub,
+              "provided sub:",
+              tokenData.profile.sub
+            );
+            return null;
+          }
+          return {
+            id: userInfo.sub,
+            sub: userInfo.sub,
+            email: userInfo.email ?? tokenData.profile.email,
+            nickname: userInfo.nickname ?? tokenData.profile.nickname,
+            accessToken: tokenData.accessToken,
+            refreshToken: tokenData.refreshToken,
+            idToken: tokenData.idToken,
+            accessTokenExpires: tokenData.accessTokenExpires,
+            zkEvm: tokenData.zkEvm
+          };
+        }
+      })
+    ],
+    callbacks: {
+      async jwt({
+        token,
+        user,
+        trigger,
+        session: sessionUpdate
+      }) {
+        if (user) {
+          return {
+            ...token,
+            sub: user.sub,
+            email: user.email,
+            nickname: user.nickname,
+            accessToken: user.accessToken,
+            refreshToken: user.refreshToken,
+            idToken: user.idToken,
+            accessTokenExpires: user.accessTokenExpires,
+            zkEvm: user.zkEvm
+          };
+        }
+        if (trigger === "update" && sessionUpdate) {
+          return {
+            ...token,
+            ...sessionUpdate.accessToken && { accessToken: sessionUpdate.accessToken },
+            ...sessionUpdate.refreshToken && { refreshToken: sessionUpdate.refreshToken },
+            ...sessionUpdate.idToken && { idToken: sessionUpdate.idToken },
+            ...sessionUpdate.accessTokenExpires && { accessTokenExpires: sessionUpdate.accessTokenExpires },
+            ...sessionUpdate.zkEvm && { zkEvm: sessionUpdate.zkEvm }
+          };
+        }
+        if (!isTokenExpired(token.accessTokenExpires)) {
+          return token;
+        }
+        return refreshAccessToken(token, config);
+      },
+      async session({ session, token }) {
+        return {
+          ...session,
+          user: {
+            sub: token.sub,
+            email: token.email,
+            nickname: token.nickname
+          },
+          accessToken: token.accessToken,
+          refreshToken: token.refreshToken,
+          idToken: token.idToken,
+          accessTokenExpires: token.accessTokenExpires,
+          zkEvm: token.zkEvm,
+          ...token.error && { error: token.error }
+        };
+      }
+    },
+    session: {
+      strategy: "jwt",
+      // Session max age in seconds (30 days default)
+      maxAge: DEFAULT_SESSION_MAX_AGE_SECONDS
+    },
+    // Use NEXTAUTH_SECRET from environment
+    secret: process.env.NEXTAUTH_SECRET
+  };
+}
+export {
+  refreshAccessToken,
+  isTokenExpired,
+  createAuthOptions
+};

package/dist/node/client/index.cjs ADDED Viewed

@@ -0,0 +1,380 @@
+'use client';
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/client/index.ts
+var client_exports = {};
+__export(client_exports, {
+  CallbackPage: () => CallbackPage,
+  ImmutableAuthProvider: () => ImmutableAuthProvider,
+  MarketingConsentStatus: () => import_auth4.MarketingConsentStatus,
+  useAccessToken: () => useAccessToken,
+  useImmutableAuth: () => useImmutableAuth
+});
+module.exports = __toCommonJS(client_exports);
+// src/client/provider.tsx
+var import_react = require("react");
+var import_react2 = require("next-auth/react");
+var import_auth2 = require("@imtbl/auth");
+// src/utils/token.ts
+var import_auth = require("@imtbl/auth");
+// src/constants.ts
+var DEFAULT_AUTH_DOMAIN = "https://auth.immutable.com";
+var DEFAULT_AUDIENCE = "platform_api";
+var DEFAULT_SCOPE = "openid profile email offline_access transact";
+var IMMUTABLE_PROVIDER_ID = "immutable";
+var DEFAULT_NEXTAUTH_BASE_PATH = "/api/auth";
+var DEFAULT_TOKEN_EXPIRY_SECONDS = 900;
+var DEFAULT_TOKEN_EXPIRY_MS = DEFAULT_TOKEN_EXPIRY_SECONDS * 1e3;
+var DEFAULT_SESSION_MAX_AGE_SECONDS = 30 * 24 * 60 * 60;
+// src/utils/token.ts
+function getTokenExpiry(accessToken) {
+  if (!accessToken) {
+    return Date.now() + DEFAULT_TOKEN_EXPIRY_MS;
+  }
+  try {
+    const payload = (0, import_auth.decodeJwtPayload)(accessToken);
+    if (payload.exp && typeof payload.exp === "number") {
+      return payload.exp * 1e3;
+    }
+    return Date.now() + DEFAULT_TOKEN_EXPIRY_MS;
+  } catch {
+    return Date.now() + DEFAULT_TOKEN_EXPIRY_MS;
+  }
+}
+// src/client/provider.tsx
+var import_jsx_runtime = require("react/jsx-runtime");
+var ImmutableAuthContext = (0, import_react.createContext)(null);
+function ImmutableAuthInner({
+  children,
+  config,
+  basePath
+}) {
+  const [auth, setAuth] = (0, import_react.useState)(null);
+  const prevConfigRef = (0, import_react.useRef)(null);
+  const [isAuthReady, setIsAuthReady] = (0, import_react.useState)(false);
+  const { data: session, update: updateSession } = (0, import_react2.useSession)();
+  (0, import_react.useEffect)(() => {
+    if (typeof window === "undefined") return;
+    const configKey = [
+      config.clientId,
+      config.redirectUri,
+      config.logoutRedirectUri || "",
+      config.audience || DEFAULT_AUDIENCE,
+      config.scope || DEFAULT_SCOPE,
+      config.authenticationDomain || DEFAULT_AUTH_DOMAIN
+    ].join(":");
+    if (prevConfigRef.current === configKey) {
+      return;
+    }
+    prevConfigRef.current = configKey;
+    const newAuth = new import_auth2.Auth({
+      clientId: config.clientId,
+      redirectUri: config.redirectUri,
+      logoutRedirectUri: config.logoutRedirectUri,
+      audience: config.audience || DEFAULT_AUDIENCE,
+      scope: config.scope || DEFAULT_SCOPE,
+      authenticationDomain: config.authenticationDomain || DEFAULT_AUTH_DOMAIN
+    });
+    setAuth(newAuth);
+    setIsAuthReady(true);
+  }, [config]);
+  (0, import_react.useEffect)(() => {
+    if (!auth || !isAuthReady) return;
+    if (session?.error) return;
+    if (!session?.accessToken || !session?.idToken) return;
+    const hydrateAuth = async () => {
+      try {
+        const {
+          accessToken,
+          idToken,
+          refreshToken,
+          accessTokenExpires
+        } = session;
+        if (!accessToken || !idToken) return;
+        const existingUser = await auth.getUser();
+        if (existingUser) return;
+        const expiresIn = accessTokenExpires ? Math.max(0, Math.floor((accessTokenExpires - Date.now()) / 1e3)) : DEFAULT_TOKEN_EXPIRY_SECONDS;
+        const tokenResponse = {
+          access_token: accessToken,
+          refresh_token: refreshToken,
+          id_token: idToken,
+          token_type: "Bearer",
+          expires_in: expiresIn
+        };
+        await auth.storeTokens(tokenResponse);
+      } catch (error) {
+        console.warn("[auth-nextjs] Failed to hydrate Auth instance:", error);
+      }
+    };
+    hydrateAuth();
+  }, [auth, isAuthReady, session]);
+  (0, import_react.useEffect)(() => {
+    if (!auth || !isAuthReady) return void 0;
+    const handleLoggedIn = async (authUser) => {
+      if (session?.accessToken && authUser.accessToken !== session.accessToken) {
+        await updateSession({
+          accessToken: authUser.accessToken,
+          refreshToken: authUser.refreshToken,
+          idToken: authUser.idToken,
+          accessTokenExpires: getTokenExpiry(authUser.accessToken),
+          zkEvm: authUser.zkEvm
+        });
+      }
+    };
+    auth.eventEmitter.on("loggedIn", handleLoggedIn);
+    return () => {
+      auth.eventEmitter.removeListener("loggedIn", handleLoggedIn);
+    };
+  }, [auth, isAuthReady, session, updateSession]);
+  const contextValue = (0, import_react.useMemo)(
+    () => ({ auth, config, basePath }),
+    [auth, config, basePath]
+  );
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(ImmutableAuthContext.Provider, { value: contextValue, children });
+}
+function ImmutableAuthProvider({
+  children,
+  config,
+  session,
+  basePath = DEFAULT_NEXTAUTH_BASE_PATH
+}) {
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_react2.SessionProvider, { session, basePath, children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(ImmutableAuthInner, { config, basePath, children }) });
+}
+function useImmutableAuth() {
+  const context = (0, import_react.useContext)(ImmutableAuthContext);
+  const { data: sessionData, status } = (0, import_react2.useSession)();
+  if (!context) {
+    throw new Error("useImmutableAuth must be used within ImmutableAuthProvider");
+  }
+  const session = sessionData;
+  const { auth } = context;
+  const isLoading = status === "loading";
+  const isAuthenticated = status === "authenticated" && !!session;
+  const user = session?.user ? {
+    sub: session.user.sub,
+    email: session.user.email,
+    nickname: session.user.nickname
+  } : null;
+  const handleSignIn = (0, import_react.useCallback)(async (options) => {
+    if (!auth) {
+      throw new Error("Auth not initialized");
+    }
+    const authUser = await auth.login(options);
+    if (!authUser) {
+      throw new Error("Login failed");
+    }
+    const tokenData = {
+      accessToken: authUser.accessToken,
+      refreshToken: authUser.refreshToken,
+      idToken: authUser.idToken,
+      accessTokenExpires: getTokenExpiry(authUser.accessToken),
+      profile: {
+        sub: authUser.profile.sub,
+        email: authUser.profile.email,
+        nickname: authUser.profile.nickname
+      },
+      zkEvm: authUser.zkEvm
+    };
+    const result = await (0, import_react2.signIn)(IMMUTABLE_PROVIDER_ID, {
+      tokens: JSON.stringify(tokenData),
+      redirect: false
+    });
+    if (result?.error) {
+      throw new Error(`NextAuth sign-in failed: ${result.error}`);
+    }
+    if (!result?.ok) {
+      throw new Error("NextAuth sign-in failed: unknown error");
+    }
+  }, [auth]);
+  const handleSignOut = (0, import_react.useCallback)(async () => {
+    await (0, import_react2.signOut)({ redirect: false });
+    if (auth) {
+      try {
+        await auth.getLogoutUrl();
+      } catch (error) {
+        console.warn("[auth-nextjs] Logout cleanup error:", error);
+      }
+    }
+  }, [auth]);
+  const getAccessToken = (0, import_react.useCallback)(async () => {
+    if (auth) {
+      try {
+        const token = await auth.getAccessToken();
+        if (token) {
+          return token;
+        }
+      } catch {
+      }
+    }
+    if (session?.error) {
+      throw new Error(`Token refresh failed: ${session.error}`);
+    }
+    if (session?.accessToken) {
+      return session.accessToken;
+    }
+    throw new Error("No access token available");
+  }, [auth, session]);
+  return {
+    user,
+    session,
+    isLoading,
+    isAuthenticated,
+    signIn: handleSignIn,
+    signOut: handleSignOut,
+    getAccessToken,
+    auth
+  };
+}
+function useAccessToken() {
+  const { getAccessToken } = useImmutableAuth();
+  return getAccessToken;
+}
+// src/client/callback.tsx
+var import_react3 = require("react");
+var import_router = require("next/router");
+var import_react4 = require("next-auth/react");
+var import_auth3 = require("@imtbl/auth");
+var import_jsx_runtime2 = require("react/jsx-runtime");
+function CallbackPage({
+  config,
+  redirectTo = "/",
+  loadingComponent = null,
+  errorComponent
+}) {
+  const router = (0, import_router.useRouter)();
+  const [error, setError] = (0, import_react3.useState)(null);
+  const callbackProcessedRef = (0, import_react3.useRef)(false);
+  (0, import_react3.useEffect)(() => {
+    const handleCallback = async () => {
+      try {
+        const auth = new import_auth3.Auth({
+          clientId: config.clientId,
+          redirectUri: config.redirectUri,
+          logoutRedirectUri: config.logoutRedirectUri,
+          audience: config.audience || DEFAULT_AUDIENCE,
+          scope: config.scope || DEFAULT_SCOPE,
+          authenticationDomain: config.authenticationDomain || DEFAULT_AUTH_DOMAIN
+        });
+        const authUser = await auth.loginCallback();
+        if (window.opener) {
+          if (!authUser) {
+            throw new Error("Authentication failed: no user data received from login callback");
+          }
+          window.close();
+        } else if (authUser) {
+          const tokenData = {
+            accessToken: authUser.accessToken,
+            refreshToken: authUser.refreshToken,
+            idToken: authUser.idToken,
+            accessTokenExpires: getTokenExpiry(authUser.accessToken),
+            profile: {
+              sub: authUser.profile.sub,
+              email: authUser.profile.email,
+              nickname: authUser.profile.nickname
+            },
+            zkEvm: authUser.zkEvm
+          };
+          const result = await (0, import_react4.signIn)(IMMUTABLE_PROVIDER_ID, {
+            tokens: JSON.stringify(tokenData),
+            redirect: false
+          });
+          if (result?.error) {
+            throw new Error(`NextAuth sign-in failed: ${result.error}`);
+          }
+          if (!result?.ok) {
+            throw new Error("NextAuth sign-in failed: unknown error");
+          }
+          router.replace(redirectTo);
+        } else {
+          throw new Error("Authentication failed: no user data received from login callback");
+        }
+      } catch (err) {
+        setError(err instanceof Error ? err.message : "Authentication failed");
+      }
+    };
+    const handleOAuthError = () => {
+      const errorCode = router.query.error;
+      const errorDescription = router.query.error_description;
+      const errorMessage = errorDescription || errorCode || "Authentication failed";
+      setError(errorMessage);
+    };
+    if (!router.isReady) {
+      return;
+    }
+    if (router.query.error) {
+      handleOAuthError();
+      return;
+    }
+    if (router.query.code && !callbackProcessedRef.current) {
+      callbackProcessedRef.current = true;
+      handleCallback();
+    }
+  }, [
+    router.isReady,
+    router.query.code,
+    router.query.error,
+    router.query.error_description,
+    router,
+    config,
+    redirectTo
+  ]);
+  if (error) {
+    if (errorComponent) {
+      return errorComponent(error);
+    }
+    return /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)("div", { style: { padding: "2rem", textAlign: "center" }, children: [
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("h2", { style: { color: "#dc3545" }, children: "Authentication Error" }),
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("p", { children: error }),
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(
+        "button",
+        {
+          onClick: () => router.push("/"),
+          style: {
+            padding: "0.5rem 1rem",
+            marginTop: "1rem",
+            cursor: "pointer"
+          },
+          children: "Return to Home"
+        }
+      )
+    ] });
+  }
+  if (loadingComponent) {
+    return loadingComponent;
+  }
+  return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("div", { style: { padding: "2rem", textAlign: "center" }, children: /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("p", { children: "Completing authentication..." }) });
+}
+// src/client/index.ts
+var import_auth4 = require("@imtbl/auth");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  CallbackPage,
+  ImmutableAuthProvider,
+  MarketingConsentStatus,
+  useAccessToken,
+  useImmutableAuth
+});