npm - @imtbl/auth-nextjs - Versions diffs - 0.0.1-alpha.0 → 2.12.4-alpha.5 - Mend

@imtbl/auth-nextjs 0.0.1-alpha.0 → 2.12.4-alpha.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/node/chunk-OPPMGNFZ.js +210 -0
package/dist/node/client/index.cjs +380 -0
package/dist/node/client/index.js +365 -0
package/dist/node/index.cjs +296 -0
package/dist/node/index.js +55 -0
package/dist/node/server/index.cjs +300 -0
package/dist/node/server/index.js +57 -0
package/dist/types/client/callback.d.ts +37 -0
package/dist/types/client/index.d.ts +5 -0
package/dist/types/client/provider.d.ts +70 -0
package/dist/types/config.d.ts +23 -0
package/dist/types/constants.d.ts +42 -0
package/dist/types/index.d.ts +63 -0
package/dist/types/refresh.d.ts +16 -0
package/dist/types/server/index.d.ts +2 -0
package/dist/types/server/with-page-auth.d.ts +94 -0
package/dist/types/types.d.ts +192 -0
package/dist/types/utils/token.d.ts +8 -0
package/package.json +2 -2

package/dist/node/client/index.js ADDED Viewed

@@ -0,0 +1,365 @@
+'use client';
+// src/client/provider.tsx
+import {
+  createContext,
+  useContext,
+  useEffect,
+  useRef,
+  useState,
+  useCallback,
+  useMemo
+} from "react";
+import {
+  SessionProvider,
+  useSession,
+  signIn,
+  signOut
+} from "next-auth/react";
+import {
+  Auth
+} from "@imtbl/auth";
+// src/utils/token.ts
+import { decodeJwtPayload } from "@imtbl/auth";
+// src/constants.ts
+var DEFAULT_AUTH_DOMAIN = "https://auth.immutable.com";
+var DEFAULT_AUDIENCE = "platform_api";
+var DEFAULT_SCOPE = "openid profile email offline_access transact";
+var IMMUTABLE_PROVIDER_ID = "immutable";
+var DEFAULT_NEXTAUTH_BASE_PATH = "/api/auth";
+var DEFAULT_TOKEN_EXPIRY_SECONDS = 900;
+var DEFAULT_TOKEN_EXPIRY_MS = DEFAULT_TOKEN_EXPIRY_SECONDS * 1e3;
+var DEFAULT_SESSION_MAX_AGE_SECONDS = 30 * 24 * 60 * 60;
+// src/utils/token.ts
+function getTokenExpiry(accessToken) {
+  if (!accessToken) {
+    return Date.now() + DEFAULT_TOKEN_EXPIRY_MS;
+  }
+  try {
+    const payload = decodeJwtPayload(accessToken);
+    if (payload.exp && typeof payload.exp === "number") {
+      return payload.exp * 1e3;
+    }
+    return Date.now() + DEFAULT_TOKEN_EXPIRY_MS;
+  } catch {
+    return Date.now() + DEFAULT_TOKEN_EXPIRY_MS;
+  }
+}
+// src/client/provider.tsx
+import { jsx } from "react/jsx-runtime";
+var ImmutableAuthContext = createContext(null);
+function ImmutableAuthInner({
+  children,
+  config,
+  basePath
+}) {
+  const [auth, setAuth] = useState(null);
+  const prevConfigRef = useRef(null);
+  const [isAuthReady, setIsAuthReady] = useState(false);
+  const { data: session, update: updateSession } = useSession();
+  useEffect(() => {
+    if (typeof window === "undefined") return;
+    const configKey = [
+      config.clientId,
+      config.redirectUri,
+      config.logoutRedirectUri || "",
+      config.audience || DEFAULT_AUDIENCE,
+      config.scope || DEFAULT_SCOPE,
+      config.authenticationDomain || DEFAULT_AUTH_DOMAIN
+    ].join(":");
+    if (prevConfigRef.current === configKey) {
+      return;
+    }
+    prevConfigRef.current = configKey;
+    const newAuth = new Auth({
+      clientId: config.clientId,
+      redirectUri: config.redirectUri,
+      logoutRedirectUri: config.logoutRedirectUri,
+      audience: config.audience || DEFAULT_AUDIENCE,
+      scope: config.scope || DEFAULT_SCOPE,
+      authenticationDomain: config.authenticationDomain || DEFAULT_AUTH_DOMAIN
+    });
+    setAuth(newAuth);
+    setIsAuthReady(true);
+  }, [config]);
+  useEffect(() => {
+    if (!auth || !isAuthReady) return;
+    if (session?.error) return;
+    if (!session?.accessToken || !session?.idToken) return;
+    const hydrateAuth = async () => {
+      try {
+        const {
+          accessToken,
+          idToken,
+          refreshToken,
+          accessTokenExpires
+        } = session;
+        if (!accessToken || !idToken) return;
+        const existingUser = await auth.getUser();
+        if (existingUser) return;
+        const expiresIn = accessTokenExpires ? Math.max(0, Math.floor((accessTokenExpires - Date.now()) / 1e3)) : DEFAULT_TOKEN_EXPIRY_SECONDS;
+        const tokenResponse = {
+          access_token: accessToken,
+          refresh_token: refreshToken,
+          id_token: idToken,
+          token_type: "Bearer",
+          expires_in: expiresIn
+        };
+        await auth.storeTokens(tokenResponse);
+      } catch (error) {
+        console.warn("[auth-nextjs] Failed to hydrate Auth instance:", error);
+      }
+    };
+    hydrateAuth();
+  }, [auth, isAuthReady, session]);
+  useEffect(() => {
+    if (!auth || !isAuthReady) return void 0;
+    const handleLoggedIn = async (authUser) => {
+      if (session?.accessToken && authUser.accessToken !== session.accessToken) {
+        await updateSession({
+          accessToken: authUser.accessToken,
+          refreshToken: authUser.refreshToken,
+          idToken: authUser.idToken,
+          accessTokenExpires: getTokenExpiry(authUser.accessToken),
+          zkEvm: authUser.zkEvm
+        });
+      }
+    };
+    auth.eventEmitter.on("loggedIn", handleLoggedIn);
+    return () => {
+      auth.eventEmitter.removeListener("loggedIn", handleLoggedIn);
+    };
+  }, [auth, isAuthReady, session, updateSession]);
+  const contextValue = useMemo(
+    () => ({ auth, config, basePath }),
+    [auth, config, basePath]
+  );
+  return /* @__PURE__ */ jsx(ImmutableAuthContext.Provider, { value: contextValue, children });
+}
+function ImmutableAuthProvider({
+  children,
+  config,
+  session,
+  basePath = DEFAULT_NEXTAUTH_BASE_PATH
+}) {
+  return /* @__PURE__ */ jsx(SessionProvider, { session, basePath, children: /* @__PURE__ */ jsx(ImmutableAuthInner, { config, basePath, children }) });
+}
+function useImmutableAuth() {
+  const context = useContext(ImmutableAuthContext);
+  const { data: sessionData, status } = useSession();
+  if (!context) {
+    throw new Error("useImmutableAuth must be used within ImmutableAuthProvider");
+  }
+  const session = sessionData;
+  const { auth } = context;
+  const isLoading = status === "loading";
+  const isAuthenticated = status === "authenticated" && !!session;
+  const user = session?.user ? {
+    sub: session.user.sub,
+    email: session.user.email,
+    nickname: session.user.nickname
+  } : null;
+  const handleSignIn = useCallback(async (options) => {
+    if (!auth) {
+      throw new Error("Auth not initialized");
+    }
+    const authUser = await auth.login(options);
+    if (!authUser) {
+      throw new Error("Login failed");
+    }
+    const tokenData = {
+      accessToken: authUser.accessToken,
+      refreshToken: authUser.refreshToken,
+      idToken: authUser.idToken,
+      accessTokenExpires: getTokenExpiry(authUser.accessToken),
+      profile: {
+        sub: authUser.profile.sub,
+        email: authUser.profile.email,
+        nickname: authUser.profile.nickname
+      },
+      zkEvm: authUser.zkEvm
+    };
+    const result = await signIn(IMMUTABLE_PROVIDER_ID, {
+      tokens: JSON.stringify(tokenData),
+      redirect: false
+    });
+    if (result?.error) {
+      throw new Error(`NextAuth sign-in failed: ${result.error}`);
+    }
+    if (!result?.ok) {
+      throw new Error("NextAuth sign-in failed: unknown error");
+    }
+  }, [auth]);
+  const handleSignOut = useCallback(async () => {
+    await signOut({ redirect: false });
+    if (auth) {
+      try {
+        await auth.getLogoutUrl();
+      } catch (error) {
+        console.warn("[auth-nextjs] Logout cleanup error:", error);
+      }
+    }
+  }, [auth]);
+  const getAccessToken = useCallback(async () => {
+    if (auth) {
+      try {
+        const token = await auth.getAccessToken();
+        if (token) {
+          return token;
+        }
+      } catch {
+      }
+    }
+    if (session?.error) {
+      throw new Error(`Token refresh failed: ${session.error}`);
+    }
+    if (session?.accessToken) {
+      return session.accessToken;
+    }
+    throw new Error("No access token available");
+  }, [auth, session]);
+  return {
+    user,
+    session,
+    isLoading,
+    isAuthenticated,
+    signIn: handleSignIn,
+    signOut: handleSignOut,
+    getAccessToken,
+    auth
+  };
+}
+function useAccessToken() {
+  const { getAccessToken } = useImmutableAuth();
+  return getAccessToken;
+}
+// src/client/callback.tsx
+import { useEffect as useEffect2, useState as useState2, useRef as useRef2 } from "react";
+import { useRouter } from "next/router";
+import { signIn as signIn2 } from "next-auth/react";
+import { Auth as Auth2 } from "@imtbl/auth";
+import { jsx as jsx2, jsxs } from "react/jsx-runtime";
+function CallbackPage({
+  config,
+  redirectTo = "/",
+  loadingComponent = null,
+  errorComponent
+}) {
+  const router = useRouter();
+  const [error, setError] = useState2(null);
+  const callbackProcessedRef = useRef2(false);
+  useEffect2(() => {
+    const handleCallback = async () => {
+      try {
+        const auth = new Auth2({
+          clientId: config.clientId,
+          redirectUri: config.redirectUri,
+          logoutRedirectUri: config.logoutRedirectUri,
+          audience: config.audience || DEFAULT_AUDIENCE,
+          scope: config.scope || DEFAULT_SCOPE,
+          authenticationDomain: config.authenticationDomain || DEFAULT_AUTH_DOMAIN
+        });
+        const authUser = await auth.loginCallback();
+        if (window.opener) {
+          if (!authUser) {
+            throw new Error("Authentication failed: no user data received from login callback");
+          }
+          window.close();
+        } else if (authUser) {
+          const tokenData = {
+            accessToken: authUser.accessToken,
+            refreshToken: authUser.refreshToken,
+            idToken: authUser.idToken,
+            accessTokenExpires: getTokenExpiry(authUser.accessToken),
+            profile: {
+              sub: authUser.profile.sub,
+              email: authUser.profile.email,
+              nickname: authUser.profile.nickname
+            },
+            zkEvm: authUser.zkEvm
+          };
+          const result = await signIn2(IMMUTABLE_PROVIDER_ID, {
+            tokens: JSON.stringify(tokenData),
+            redirect: false
+          });
+          if (result?.error) {
+            throw new Error(`NextAuth sign-in failed: ${result.error}`);
+          }
+          if (!result?.ok) {
+            throw new Error("NextAuth sign-in failed: unknown error");
+          }
+          router.replace(redirectTo);
+        } else {
+          throw new Error("Authentication failed: no user data received from login callback");
+        }
+      } catch (err) {
+        setError(err instanceof Error ? err.message : "Authentication failed");
+      }
+    };
+    const handleOAuthError = () => {
+      const errorCode = router.query.error;
+      const errorDescription = router.query.error_description;
+      const errorMessage = errorDescription || errorCode || "Authentication failed";
+      setError(errorMessage);
+    };
+    if (!router.isReady) {
+      return;
+    }
+    if (router.query.error) {
+      handleOAuthError();
+      return;
+    }
+    if (router.query.code && !callbackProcessedRef.current) {
+      callbackProcessedRef.current = true;
+      handleCallback();
+    }
+  }, [
+    router.isReady,
+    router.query.code,
+    router.query.error,
+    router.query.error_description,
+    router,
+    config,
+    redirectTo
+  ]);
+  if (error) {
+    if (errorComponent) {
+      return errorComponent(error);
+    }
+    return /* @__PURE__ */ jsxs("div", { style: { padding: "2rem", textAlign: "center" }, children: [
+      /* @__PURE__ */ jsx2("h2", { style: { color: "#dc3545" }, children: "Authentication Error" }),
+      /* @__PURE__ */ jsx2("p", { children: error }),
+      /* @__PURE__ */ jsx2(
+        "button",
+        {
+          onClick: () => router.push("/"),
+          style: {
+            padding: "0.5rem 1rem",
+            marginTop: "1rem",
+            cursor: "pointer"
+          },
+          children: "Return to Home"
+        }
+      )
+    ] });
+  }
+  if (loadingComponent) {
+    return loadingComponent;
+  }
+  return /* @__PURE__ */ jsx2("div", { style: { padding: "2rem", textAlign: "center" }, children: /* @__PURE__ */ jsx2("p", { children: "Completing authentication..." }) });
+}
+// src/client/index.ts
+import { MarketingConsentStatus } from "@imtbl/auth";
+export {
+  CallbackPage,
+  ImmutableAuthProvider,
+  MarketingConsentStatus,
+  useAccessToken,
+  useImmutableAuth
+};

package/dist/node/index.cjs ADDED Viewed

@@ -0,0 +1,296 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  ImmutableAuth: () => ImmutableAuth,
+  MarketingConsentStatus: () => import_auth.MarketingConsentStatus,
+  isTokenExpired: () => isTokenExpired,
+  refreshAccessToken: () => refreshAccessToken
+});
+module.exports = __toCommonJS(src_exports);
+var import_next_auth = __toESM(require("next-auth"), 1);
+// src/config.ts
+var import_credentials = __toESM(require("next-auth/providers/credentials"), 1);
+// src/constants.ts
+var DEFAULT_AUTH_DOMAIN = "https://auth.immutable.com";
+var IMMUTABLE_PROVIDER_ID = "immutable";
+var DEFAULT_TOKEN_EXPIRY_SECONDS = 900;
+var DEFAULT_TOKEN_EXPIRY_MS = DEFAULT_TOKEN_EXPIRY_SECONDS * 1e3;
+var TOKEN_EXPIRY_BUFFER_SECONDS = 60;
+var DEFAULT_SESSION_MAX_AGE_SECONDS = 30 * 24 * 60 * 60;
+// src/refresh.ts
+async function refreshAccessToken(token, config) {
+  const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
+  if (!token.refreshToken) {
+    return {
+      ...token,
+      error: "NoRefreshToken"
+    };
+  }
+  try {
+    const response = await fetch(`${authDomain}/oauth/token`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        grant_type: "refresh_token",
+        client_id: config.clientId,
+        refresh_token: token.refreshToken
+      })
+    });
+    if (!response.ok) {
+      let errorMessage = `Token refresh failed with status ${response.status}`;
+      try {
+        const errorData = await response.json();
+        if (errorData.error_description || errorData.error) {
+          errorMessage = errorData.error_description || errorData.error;
+        }
+      } catch {
+      }
+      throw new Error(errorMessage);
+    }
+    const data = await response.json();
+    if (!data.access_token || typeof data.access_token !== "string") {
+      throw new Error("Invalid token response: missing access_token");
+    }
+    const expiresIn = data.expires_in || DEFAULT_TOKEN_EXPIRY_SECONDS;
+    const accessTokenExpires = Date.now() + expiresIn * 1e3;
+    return {
+      ...token,
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token ?? token.refreshToken,
+      idToken: data.id_token ?? token.idToken,
+      accessTokenExpires,
+      error: void 0
+    };
+  } catch (error) {
+    console.error("[auth-nextjs] Failed to refresh token:", error);
+    return {
+      ...token,
+      error: "RefreshTokenError"
+    };
+  }
+}
+function isTokenExpired(accessTokenExpires, bufferSeconds = TOKEN_EXPIRY_BUFFER_SECONDS) {
+  if (typeof accessTokenExpires !== "number" || Number.isNaN(accessTokenExpires)) {
+    return true;
+  }
+  return Date.now() >= accessTokenExpires - bufferSeconds * 1e3;
+}
+// src/config.ts
+var CredentialsProvider = import_credentials.default.default || import_credentials.default;
+async function validateTokens(accessToken, authDomain) {
+  try {
+    const response = await fetch(`${authDomain}/userinfo`, {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${accessToken}`
+      }
+    });
+    if (!response.ok) {
+      console.error("[auth-nextjs] Token validation failed:", response.status, response.statusText);
+      return null;
+    }
+    return await response.json();
+  } catch (error) {
+    console.error("[auth-nextjs] Token validation error:", error);
+    return null;
+  }
+}
+function createAuthOptions(config) {
+  const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
+  return {
+    providers: [
+      CredentialsProvider({
+        id: IMMUTABLE_PROVIDER_ID,
+        name: "Immutable",
+        credentials: {
+          tokens: { label: "Tokens", type: "text" }
+        },
+        async authorize(credentials) {
+          if (!credentials?.tokens) {
+            return null;
+          }
+          let tokenData;
+          try {
+            tokenData = JSON.parse(credentials.tokens);
+          } catch (error) {
+            console.error("[auth-nextjs] Failed to parse token data:", error);
+            return null;
+          }
+          if (!tokenData.accessToken || typeof tokenData.accessToken !== "string" || !tokenData.profile || typeof tokenData.profile !== "object" || !tokenData.profile.sub || typeof tokenData.profile.sub !== "string" || typeof tokenData.accessTokenExpires !== "number" || Number.isNaN(tokenData.accessTokenExpires)) {
+            console.error("[auth-nextjs] Invalid token data structure - missing required fields");
+            return null;
+          }
+          const userInfo = await validateTokens(tokenData.accessToken, authDomain);
+          if (!userInfo) {
+            console.error("[auth-nextjs] Token validation failed - rejecting authentication");
+            return null;
+          }
+          if (userInfo.sub !== tokenData.profile.sub) {
+            console.error(
+              "[auth-nextjs] User ID mismatch - userinfo sub:",
+              userInfo.sub,
+              "provided sub:",
+              tokenData.profile.sub
+            );
+            return null;
+          }
+          return {
+            id: userInfo.sub,
+            sub: userInfo.sub,
+            email: userInfo.email ?? tokenData.profile.email,
+            nickname: userInfo.nickname ?? tokenData.profile.nickname,
+            accessToken: tokenData.accessToken,
+            refreshToken: tokenData.refreshToken,
+            idToken: tokenData.idToken,
+            accessTokenExpires: tokenData.accessTokenExpires,
+            zkEvm: tokenData.zkEvm
+          };
+        }
+      })
+    ],
+    callbacks: {
+      async jwt({
+        token,
+        user,
+        trigger,
+        session: sessionUpdate
+      }) {
+        if (user) {
+          return {
+            ...token,
+            sub: user.sub,
+            email: user.email,
+            nickname: user.nickname,
+            accessToken: user.accessToken,
+            refreshToken: user.refreshToken,
+            idToken: user.idToken,
+            accessTokenExpires: user.accessTokenExpires,
+            zkEvm: user.zkEvm
+          };
+        }
+        if (trigger === "update" && sessionUpdate) {
+          return {
+            ...token,
+            ...sessionUpdate.accessToken && { accessToken: sessionUpdate.accessToken },
+            ...sessionUpdate.refreshToken && { refreshToken: sessionUpdate.refreshToken },
+            ...sessionUpdate.idToken && { idToken: sessionUpdate.idToken },
+            ...sessionUpdate.accessTokenExpires && { accessTokenExpires: sessionUpdate.accessTokenExpires },
+            ...sessionUpdate.zkEvm && { zkEvm: sessionUpdate.zkEvm }
+          };
+        }
+        if (!isTokenExpired(token.accessTokenExpires)) {
+          return token;
+        }
+        return refreshAccessToken(token, config);
+      },
+      async session({ session, token }) {
+        return {
+          ...session,
+          user: {
+            sub: token.sub,
+            email: token.email,
+            nickname: token.nickname
+          },
+          accessToken: token.accessToken,
+          refreshToken: token.refreshToken,
+          idToken: token.idToken,
+          accessTokenExpires: token.accessTokenExpires,
+          zkEvm: token.zkEvm,
+          ...token.error && { error: token.error }
+        };
+      }
+    },
+    session: {
+      strategy: "jwt",
+      // Session max age in seconds (30 days default)
+      maxAge: DEFAULT_SESSION_MAX_AGE_SECONDS
+    },
+    // Use NEXTAUTH_SECRET from environment
+    secret: process.env.NEXTAUTH_SECRET
+  };
+}
+// src/index.ts
+var import_auth = require("@imtbl/auth");
+var NextAuth = import_next_auth.default.default || import_next_auth.default;
+function ImmutableAuth(config, overrides) {
+  const authOptions = createAuthOptions(config);
+  if (!overrides) {
+    return NextAuth(authOptions);
+  }
+  const composedCallbacks = {
+    ...authOptions.callbacks
+  };
+  if (overrides.callbacks) {
+    if (overrides.callbacks.jwt) {
+      const internalJwt = authOptions.callbacks?.jwt;
+      const userJwt = overrides.callbacks.jwt;
+      composedCallbacks.jwt = async (params) => {
+        const token = internalJwt ? await internalJwt(params) : params.token;
+        return userJwt({ ...params, token });
+      };
+    }
+    if (overrides.callbacks.session) {
+      const internalSession = authOptions.callbacks?.session;
+      const userSession = overrides.callbacks.session;
+      composedCallbacks.session = async (params) => {
+        const session = internalSession ? await internalSession(params) : params.session;
+        return userSession({ ...params, session });
+      };
+    }
+    if (overrides.callbacks.signIn) {
+      composedCallbacks.signIn = overrides.callbacks.signIn;
+    }
+    if (overrides.callbacks.redirect) {
+      composedCallbacks.redirect = overrides.callbacks.redirect;
+    }
+  }
+  const mergedOptions = {
+    ...authOptions,
+    ...overrides,
+    callbacks: composedCallbacks
+  };
+  return NextAuth(mergedOptions);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ImmutableAuth,
+  MarketingConsentStatus,
+  isTokenExpired,
+  refreshAccessToken
+});