@logto/next 2.1.3 → 2.2.0

package/README.md

@@ -5,8 +5,6 @@
 
 The Logto Next.js SDK written in TypeScript. Check out our [integration guide](https://docs.logto.io/docs/recipes/integrate-logto/next-js) or [docs](https://docs.logto.io/sdk/JavaScript/next/) for more information.
 
-We also provide [集成指南](https://docs.logto.io/zh-cn/docs/recipes/integrate-logto/next-js/) and [文档](https://docs.logto.io/zh-cn/sdk/JavaScript/next/) in Simplified Chinese.
-
 ## Installation
 
 ### Using npm

package/lib/edge/index.cjs

@@ -2,9 +2,10 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
+var cookies = require('@edge-runtime/cookies');
 var NodeClient = require('@logto/node/edge');
-var edge = require('iron-session/edge');
 var client = require('../src/client.cjs');
+var session = require('../src/session.cjs');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
@@ -16,41 +17,34 @@ class LogtoClient extends client.default {
             NodeClient: NodeClient__default.default,
         });
         this.handleSignIn = (redirectUri = `${this.config.baseUrl}/api/logto/sign-in-callback`, interactionMode) => async (request) => {
+            const { nodeClient, headers } = await this.createNodeClientFromEdgeRequest(request);
+            await nodeClient.signIn(redirectUri, interactionMode);
+            await this.storage?.save();
             const response = new Response(null, {
+                headers,
                 status: 307,
             });
-            const session = await edge.getIronSession(request, response, this.ironSessionConfigs);
-            const nodeClient = this.createNodeClient(session);
-            await nodeClient.signIn(redirectUri, interactionMode);
-            await this.storage?.save();
             if (this.navigateUrl) {
                 response.headers.append('Location', this.navigateUrl);
             }
             return response;
         };
         this.handleSignOut = (redirectUri = this.config.baseUrl) => async (request) => {
+            const { nodeClient, headers } = await this.createNodeClientFromEdgeRequest(request);
+            await nodeClient.signOut(redirectUri);
+            await this.storage?.destroy();
+            await this.storage?.save();
             const response = new Response(null, {
+                headers,
                 status: 307,
             });
-            const session = await edge.getIronSession(request, response, this.ironSessionConfigs);
-            const nodeClient = this.createNodeClient(session);
-            await nodeClient.signOut(redirectUri);
-            session.destroy();
-            await this.storage?.save();
             if (this.navigateUrl) {
                 response.headers.append('Location', this.navigateUrl);
             }
             return response;
         };
         this.handleSignInCallback = (redirectTo = this.config.baseUrl) => async (request) => {
-            const response = new Response(null, {
-                status: 307,
-                headers: {
-                    Location: redirectTo,
-                },
-            });
-            const session = await edge.getIronSession(request, response, this.ironSessionConfigs);
-            const nodeClient = this.createNodeClient(session);
+            const { nodeClient, headers } = await this.createNodeClientFromEdgeRequest(request);
             if (request.url) {
                 // When app is running behind reverse proxy which is common for edge runtime,
                 // the `request.url`'s domain may not be expected, replace to the configured baseUrl
@@ -59,6 +53,11 @@ class LogtoClient extends client.default {
                 await nodeClient.handleSignInCallback(callbackUrl.toString());
                 await this.storage?.save();
             }
+            const response = new Response(null, {
+                status: 307,
+                headers,
+            });
+            response.headers.append('Location', redirectTo);
             return response;
         };
         this.handleUser = (configs) => async (request) => {
@@ -71,11 +70,27 @@ class LogtoClient extends client.default {
             });
         };
         this.getLogtoContext = async (request, config = {}) => {
-            const session = await edge.getIronSession(request, new Response(), this.ironSessionConfigs);
-            const context = await this.getLogtoUserFromRequest(session, config);
+            const { nodeClient } = await this.createNodeClientFromEdgeRequest(request);
+            const context = await nodeClient.getContext();
             return context;
         };
     }
+    async createNodeClientFromEdgeRequest(request) {
+        const cookieName = `logto:${this.config.appId}`;
+        const cookies$1 = new cookies.RequestCookies(request.headers);
+        const headers = new Headers();
+        const responseCookies = new cookies.ResponseCookies(headers);
+        const nodeClient = super.createNodeClient(await session.createSession({
+            secret: this.config.cookieSecret,
+            crypto,
+        }, cookies$1.get(cookieName)?.value ?? '', (value) => {
+            responseCookies.set(cookieName, value, {
+                maxAge: 14 * 3600 * 24,
+                secure: this.config.cookieSecure,
+            });
+        }));
+        return { nodeClient, headers };
+    }
 }
 
 exports.default = LogtoClient;

package/lib/edge/index.d.ts

@@ -5,9 +5,10 @@ import type { LogtoNextConfig } from '../src/types.js';
 export type { LogtoContext, InteractionMode } from '@logto/node';
 export default class LogtoClient extends BaseClient {
     constructor(config: LogtoNextConfig);
-    handleSignIn: (redirectUri?: string, interactionMode?: InteractionMode) => (request: NextRequest) => Promise<Response>;
+    handleSignIn: (redirectUri?: string, interactionMode?: InteractionMode) => (request: Request) => Promise<Response>;
     handleSignOut: (redirectUri?: string) => (request: NextRequest) => Promise<Response>;
     handleSignInCallback: (redirectTo?: string) => (request: NextRequest) => Promise<Response>;
     handleUser: (configs?: GetContextParameters) => (request: NextRequest) => Promise<Response>;
     getLogtoContext: (request: NextRequest, config?: GetContextParameters) => Promise<import("@logto/node").LogtoContext>;
+    private createNodeClientFromEdgeRequest;
 }

package/lib/edge/index.js

@@ -1,6 +1,7 @@
+import { RequestCookies, ResponseCookies } from '@edge-runtime/cookies';
 import NodeClient from '@logto/node/edge';
-import { getIronSession } from 'iron-session/edge';
 import LogtoNextBaseClient from '../src/client.js';
+import { createSession } from '../src/session.js';
 
 class LogtoClient extends LogtoNextBaseClient {
     constructor(config) {
@@ -8,41 +9,34 @@ class LogtoClient extends LogtoNextBaseClient {
             NodeClient,
         });
         this.handleSignIn = (redirectUri = `${this.config.baseUrl}/api/logto/sign-in-callback`, interactionMode) => async (request) => {
+            const { nodeClient, headers } = await this.createNodeClientFromEdgeRequest(request);
+            await nodeClient.signIn(redirectUri, interactionMode);
+            await this.storage?.save();
             const response = new Response(null, {
+                headers,
                 status: 307,
             });
-            const session = await getIronSession(request, response, this.ironSessionConfigs);
-            const nodeClient = this.createNodeClient(session);
-            await nodeClient.signIn(redirectUri, interactionMode);
-            await this.storage?.save();
             if (this.navigateUrl) {
                 response.headers.append('Location', this.navigateUrl);
             }
             return response;
         };
         this.handleSignOut = (redirectUri = this.config.baseUrl) => async (request) => {
+            const { nodeClient, headers } = await this.createNodeClientFromEdgeRequest(request);
+            await nodeClient.signOut(redirectUri);
+            await this.storage?.destroy();
+            await this.storage?.save();
             const response = new Response(null, {
+                headers,
                 status: 307,
             });
-            const session = await getIronSession(request, response, this.ironSessionConfigs);
-            const nodeClient = this.createNodeClient(session);
-            await nodeClient.signOut(redirectUri);
-            session.destroy();
-            await this.storage?.save();
             if (this.navigateUrl) {
                 response.headers.append('Location', this.navigateUrl);
             }
             return response;
         };
         this.handleSignInCallback = (redirectTo = this.config.baseUrl) => async (request) => {
-            const response = new Response(null, {
-                status: 307,
-                headers: {
-                    Location: redirectTo,
-                },
-            });
-            const session = await getIronSession(request, response, this.ironSessionConfigs);
-            const nodeClient = this.createNodeClient(session);
+            const { nodeClient, headers } = await this.createNodeClientFromEdgeRequest(request);
             if (request.url) {
                 // When app is running behind reverse proxy which is common for edge runtime,
                 // the `request.url`'s domain may not be expected, replace to the configured baseUrl
@@ -51,6 +45,11 @@ class LogtoClient extends LogtoNextBaseClient {
                 await nodeClient.handleSignInCallback(callbackUrl.toString());
                 await this.storage?.save();
             }
+            const response = new Response(null, {
+                status: 307,
+                headers,
+            });
+            response.headers.append('Location', redirectTo);
             return response;
         };
         this.handleUser = (configs) => async (request) => {
@@ -63,11 +62,27 @@ class LogtoClient extends LogtoNextBaseClient {
             });
         };
         this.getLogtoContext = async (request, config = {}) => {
-            const session = await getIronSession(request, new Response(), this.ironSessionConfigs);
-            const context = await this.getLogtoUserFromRequest(session, config);
+            const { nodeClient } = await this.createNodeClientFromEdgeRequest(request);
+            const context = await nodeClient.getContext();
             return context;
         };
     }
+    async createNodeClientFromEdgeRequest(request) {
+        const cookieName = `logto:${this.config.appId}`;
+        const cookies = new RequestCookies(request.headers);
+        const headers = new Headers();
+        const responseCookies = new ResponseCookies(headers);
+        const nodeClient = super.createNodeClient(await createSession({
+            secret: this.config.cookieSecret,
+            crypto,
+        }, cookies.get(cookieName)?.value ?? '', (value) => {
+            responseCookies.set(cookieName, value, {
+                maxAge: 14 * 3600 * 24,
+                secure: this.config.cookieSecure,
+            });
+        }));
+        return { nodeClient, headers };
+    }
 }
 
 export { LogtoClient as default };

package/lib/server-actions/index.cjs

@@ -0,0 +1,89 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var NodeClient = require('@logto/node/edge');
+var client = require('../src/client.cjs');
+var session = require('../src/session.cjs');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var NodeClient__default = /*#__PURE__*/_interopDefault(NodeClient);
+
+class LogtoClient extends client.default {
+    constructor(config) {
+        super(config, {
+            NodeClient: NodeClient__default.default,
+        });
+    }
+    /**
+     * Init sign-in and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (callbackUri) to redirect to after sign in
+     * @param interactionMode OIDC interaction mode
+     * @returns the url to redirect to and new cookie if any
+     */
+    async handleSignIn(cookie, redirectUri, interactionMode) {
+        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.signIn(redirectUri, interactionMode);
+        if (!this.navigateUrl) {
+            // Not expected to happen
+            throw new Error('navigateUrl is not set');
+        }
+        return {
+            url: this.navigateUrl,
+            newCookie: await session.getValues?.(),
+        };
+    }
+    /**
+     * Init sign-out and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (postSignOutUri) to redirect to after sign out
+     * @returns the url to redirect to
+     */
+    async handleSignOut(cookie, redirectUri = this.config.baseUrl) {
+        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.signOut(redirectUri);
+        if (!this.navigateUrl) {
+            // Not expected to happen
+            throw new Error('navigateUrl is not set');
+        }
+        return this.navigateUrl;
+    }
+    /**
+     * Handle sign-in callback from Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param callbackUrl the uri (callbackUri) to redirect to after sign in, should match the one used in handleSignIn
+     * @returns new cookie if any
+     */
+    async handleSignInCallback(cookie, callbackUrl) {
+        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.handleSignInCallback(callbackUrl);
+        return session.getValues?.();
+    }
+    /**
+     * Get Logto context from cookies.
+     *
+     * @param cookie the raw cookie string
+     * @param config additional configs of GetContextParameters
+     * @returns LogtoContext
+     */
+    async getLogtoContext(cookie, config = {}) {
+        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
+        const context = await nodeClient.getContext(config);
+        return context;
+    }
+    async createNodeClientFromHeaders(cookie) {
+        const session$1 = await session.createSession({
+            secret: this.config.cookieSecret,
+            crypto,
+        }, cookie);
+        const nodeClient = super.createNodeClient(session$1);
+        return { nodeClient, session: session$1 };
+    }
+}
+
+exports.default = LogtoClient;

package/lib/server-actions/index.d.ts

@@ -0,0 +1,44 @@
+import { type GetContextParameters, type InteractionMode } from '@logto/node';
+import BaseClient from '../src/client';
+import type { LogtoNextConfig } from '../src/types.js';
+export type { LogtoContext, InteractionMode } from '@logto/node';
+export default class LogtoClient extends BaseClient {
+    constructor(config: LogtoNextConfig);
+    /**
+     * Init sign-in and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (callbackUri) to redirect to after sign in
+     * @param interactionMode OIDC interaction mode
+     * @returns the url to redirect to and new cookie if any
+     */
+    handleSignIn(cookie: string, redirectUri: string, interactionMode?: InteractionMode): Promise<{
+        url: string;
+        newCookie?: string;
+    }>;
+    /**
+     * Init sign-out and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (postSignOutUri) to redirect to after sign out
+     * @returns the url to redirect to
+     */
+    handleSignOut(cookie: string, redirectUri?: string): Promise<string>;
+    /**
+     * Handle sign-in callback from Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param callbackUrl the uri (callbackUri) to redirect to after sign in, should match the one used in handleSignIn
+     * @returns new cookie if any
+     */
+    handleSignInCallback(cookie: string, callbackUrl: string): Promise<string | undefined>;
+    /**
+     * Get Logto context from cookies.
+     *
+     * @param cookie the raw cookie string
+     * @param config additional configs of GetContextParameters
+     * @returns LogtoContext
+     */
+    getLogtoContext(cookie: string, config?: GetContextParameters): Promise<import("@logto/node").LogtoContext>;
+    private createNodeClientFromHeaders;
+}

package/lib/server-actions/index.js

@@ -0,0 +1,81 @@
+import NodeClient from '@logto/node/edge';
+import LogtoNextBaseClient from '../src/client.js';
+import { createSession } from '../src/session.js';
+
+class LogtoClient extends LogtoNextBaseClient {
+    constructor(config) {
+        super(config, {
+            NodeClient,
+        });
+    }
+    /**
+     * Init sign-in and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (callbackUri) to redirect to after sign in
+     * @param interactionMode OIDC interaction mode
+     * @returns the url to redirect to and new cookie if any
+     */
+    async handleSignIn(cookie, redirectUri, interactionMode) {
+        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.signIn(redirectUri, interactionMode);
+        if (!this.navigateUrl) {
+            // Not expected to happen
+            throw new Error('navigateUrl is not set');
+        }
+        return {
+            url: this.navigateUrl,
+            newCookie: await session.getValues?.(),
+        };
+    }
+    /**
+     * Init sign-out and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (postSignOutUri) to redirect to after sign out
+     * @returns the url to redirect to
+     */
+    async handleSignOut(cookie, redirectUri = this.config.baseUrl) {
+        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.signOut(redirectUri);
+        if (!this.navigateUrl) {
+            // Not expected to happen
+            throw new Error('navigateUrl is not set');
+        }
+        return this.navigateUrl;
+    }
+    /**
+     * Handle sign-in callback from Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param callbackUrl the uri (callbackUri) to redirect to after sign in, should match the one used in handleSignIn
+     * @returns new cookie if any
+     */
+    async handleSignInCallback(cookie, callbackUrl) {
+        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.handleSignInCallback(callbackUrl);
+        return session.getValues?.();
+    }
+    /**
+     * Get Logto context from cookies.
+     *
+     * @param cookie the raw cookie string
+     * @param config additional configs of GetContextParameters
+     * @returns LogtoContext
+     */
+    async getLogtoContext(cookie, config = {}) {
+        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
+        const context = await nodeClient.getContext(config);
+        return context;
+    }
+    async createNodeClientFromHeaders(cookie) {
+        const session = await createSession({
+            secret: this.config.cookieSecret,
+            crypto,
+        }, cookie);
+        const nodeClient = super.createNodeClient(session);
+        return { nodeClient, session };
+    }
+}
+
+export { LogtoClient as default };

package/lib/server-actions/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/src/client.cjs

@@ -18,20 +18,6 @@ class LogtoNextBaseClient {
             },
         });
     }
-    get ironSessionConfigs() {
-        return {
-            cookieName: `logto:${this.config.appId}`,
-            password: this.config.cookieSecret,
-            cookieOptions: {
-                secure: this.config.cookieSecure,
-                maxAge: 14 * 24 * 60 * 60,
-            },
-        };
-    }
-    async getLogtoUserFromRequest(session, configs) {
-        const nodeClient = this.createNodeClient(session);
-        return nodeClient.getContext(configs);
-    }
 }
 
 exports.default = LogtoNextBaseClient;

package/lib/src/client.d.ts

@@ -1,21 +1,10 @@
-import type { GetContextParameters } from '@logto/node';
-import { type IronSession } from 'iron-session';
 import NextStorage from './storage';
-import type { Adapters, LogtoNextConfig } from './types';
+import type { Adapters, LogtoNextConfig, Session } from './types';
 export default class LogtoNextBaseClient {
     protected readonly config: LogtoNextConfig;
     protected readonly adapters: Adapters;
     protected navigateUrl?: string;
     protected storage?: NextStorage;
     constructor(config: LogtoNextConfig, adapters: Adapters);
-    protected createNodeClient(session: IronSession): import("@logto/node").default;
-    protected get ironSessionConfigs(): {
-        cookieName: string;
-        password: string;
-        cookieOptions: {
-            secure: boolean;
-            maxAge: number;
-        };
-    };
-    protected getLogtoUserFromRequest(session: IronSession, configs: GetContextParameters): Promise<import("@logto/node").LogtoContext>;
+    protected createNodeClient(session: Session): import("@logto/node").default;
 }

package/lib/src/client.js

@@ -14,20 +14,6 @@ class LogtoNextBaseClient {
             },
         });
     }
-    get ironSessionConfigs() {
-        return {
-            cookieName: `logto:${this.config.appId}`,
-            password: this.config.cookieSecret,
-            cookieOptions: {
-                secure: this.config.cookieSecure,
-                maxAge: 14 * 24 * 60 * 60,
-            },
-        };
-    }
-    async getLogtoUserFromRequest(session, configs) {
-        const nodeClient = this.createNodeClient(session);
-        return nodeClient.getContext(configs);
-    }
 }
 
 export { LogtoNextBaseClient as default };

package/lib/src/index.cjs

@@ -2,12 +2,32 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
+var crypto = require('crypto');
 var NodeClient = require('@logto/node');
-var next = require('iron-session/next');
 var client = require('./client.cjs');
+var session = require('./session.cjs');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
+function _interopNamespace(e) {
+    if (e && e.__esModule) return e;
+    var n = Object.create(null);
+    if (e) {
+        Object.keys(e).forEach(function (k) {
+            if (k !== 'default') {
+                var d = Object.getOwnPropertyDescriptor(e, k);
+                Object.defineProperty(n, k, d.get ? d : {
+                    enumerable: true,
+                    get: function () { return e[k]; }
+                });
+            }
+        });
+    }
+    n.default = e;
+    return Object.freeze(n);
+}
+
+var crypto__namespace = /*#__PURE__*/_interopNamespace(crypto);
 var NodeClient__default = /*#__PURE__*/_interopDefault(NodeClient);
 
 class LogtoClient extends client.default {
@@ -15,31 +35,31 @@ class LogtoClient extends client.default {
         super(config, {
             NodeClient: NodeClient__default.default,
         });
-        this.handleSignIn = (redirectUri = `${this.config.baseUrl}/api/logto/sign-in-callback`, interactionMode) => next.withIronSessionApiRoute(async (request, response) => {
-            const nodeClient = this.createNodeClient(request.session);
+        this.handleSignIn = (redirectUri = `${this.config.baseUrl}/api/logto/sign-in-callback`, interactionMode) => async (request, response) => {
+            const nodeClient = await this.createNodeClientFromNextApi(request, response);
             await nodeClient.signIn(redirectUri, interactionMode);
             await this.storage?.save();
             if (this.navigateUrl) {
                 response.redirect(this.navigateUrl);
             }
-        }, this.ironSessionConfigs);
-        this.handleSignInCallback = (redirectTo = this.config.baseUrl) => next.withIronSessionApiRoute(async (request, response) => {
-            const nodeClient = this.createNodeClient(request.session);
+        };
+        this.handleSignInCallback = (redirectTo = this.config.baseUrl) => async (request, response) => {
+            const nodeClient = await this.createNodeClientFromNextApi(request, response);
             if (request.url) {
                 await nodeClient.handleSignInCallback(`${this.config.baseUrl}${request.url}`);
                 await this.storage?.save();
                 response.redirect(redirectTo);
             }
-        }, this.ironSessionConfigs);
-        this.handleSignOut = (redirectUri = this.config.baseUrl) => next.withIronSessionApiRoute(async (request, response) => {
-            const nodeClient = this.createNodeClient(request.session);
+        };
+        this.handleSignOut = (redirectUri = this.config.baseUrl) => async (request, response) => {
+            const nodeClient = await this.createNodeClientFromNextApi(request, response);
             await nodeClient.signOut(redirectUri);
-            request.session.destroy();
+            await this.storage?.destroy();
             await this.storage?.save();
             if (this.navigateUrl) {
                 response.redirect(this.navigateUrl);
             }
-        }, this.ironSessionConfigs);
+        };
         this.handleUser = (configs) => this.withLogtoApiRoute((request, response) => {
             response.json(request.user);
         }, configs);
@@ -62,21 +82,46 @@ class LogtoClient extends client.default {
             }
             response.status(404).end();
         };
-        this.withLogtoApiRoute = (handler, config = {}) => next.withIronSessionApiRoute(async (request, response) => {
-            const user = await this.getLogtoUserFromRequest(request.session, config);
+        this.withLogtoApiRoute = (handler, config = {}) => async (request, response) => {
+            const nodeClient = await this.createNodeClientFromNextApi(request, response);
+            const user = await nodeClient.getContext(config);
             // eslint-disable-next-line @silverhand/fp/no-mutating-methods
             Object.defineProperty(request, 'user', { enumerable: true, get: () => user });
             return handler(request, response);
-        }, this.ironSessionConfigs);
-        this.withLogtoSsr = (handler, configs = {}) => next.withIronSessionSsr(async (context) => {
-            const user = await this.getLogtoUserFromRequest(context.req.session, configs);
+        };
+        this.withLogtoSsr = (handler, configs = {}) => async (context) => {
+            const nodeClient = await this.createNodeClientFromNextApi(context.req, context.res);
+            const user = await nodeClient.getContext(configs);
             // eslint-disable-next-line @silverhand/fp/no-mutating-methods
             Object.defineProperty(context.req, 'user', { enumerable: true, get: () => user });
             return handler(context);
-        }, this.ironSessionConfigs);
+        };
+    }
+    async createNodeClientFromNextApi(request, response) {
+        const cookieName = `logto:${this.config.appId}`;
+        return super.createNodeClient(await session.createSession({
+            secret: this.config.cookieSecret,
+            crypto: crypto__namespace,
+        }, request.cookies[cookieName] ?? '', (value) => {
+            const secure = this.config.cookieSecure;
+            const maxAge = 14 * 3600 * 24;
+            response.setHeader('Set-Cookie', `${cookieName}=${value}; Path=/; Max-Age=${maxAge}; ${secure ? 'Secure; SameSite=None' : ''}`);
+        }));
     }
 }
 
+Object.defineProperty(exports, 'LogtoClientError', {
+    enumerable: true,
+    get: function () { return NodeClient.LogtoClientError; }
+});
+Object.defineProperty(exports, 'LogtoError', {
+    enumerable: true,
+    get: function () { return NodeClient.LogtoError; }
+});
+Object.defineProperty(exports, 'LogtoRequestError', {
+    enumerable: true,
+    get: function () { return NodeClient.LogtoRequestError; }
+});
 Object.defineProperty(exports, 'ReservedScope', {
     enumerable: true,
     get: function () { return NodeClient.ReservedScope; }

package/lib/src/index.d.ts

@@ -2,8 +2,8 @@ import { type GetContextParameters, type InteractionMode } from '@logto/node';
 import { type GetServerSidePropsResult, type GetServerSidePropsContext, type NextApiHandler } from 'next';
 import LogtoNextBaseClient from './client.js';
 import type { LogtoNextConfig } from './types.js';
-export { ReservedScope, UserScope } from '@logto/node';
-export type { LogtoContext, InteractionMode } from '@logto/node';
+export { ReservedScope, UserScope, LogtoError, LogtoClientError, LogtoRequestError, } from '@logto/node';
+export type { LogtoContext, InteractionMode, LogtoErrorCode } from '@logto/node';
 export default class LogtoClient extends LogtoNextBaseClient {
     constructor(config: LogtoNextConfig);
     handleSignIn: (redirectUri?: string, interactionMode?: InteractionMode) => NextApiHandler;
@@ -13,4 +13,5 @@ export default class LogtoClient extends LogtoNextBaseClient {
     handleAuthRoutes: (configs?: GetContextParameters) => NextApiHandler;
     withLogtoApiRoute: (handler: NextApiHandler, config?: GetContextParameters) => NextApiHandler;
     withLogtoSsr: <P extends Record<string, unknown> = Record<string, unknown>>(handler: (context: GetServerSidePropsContext) => GetServerSidePropsResult<P> | Promise<GetServerSidePropsResult<P>>, configs?: GetContextParameters) => (context: GetServerSidePropsContext) => Promise<GetServerSidePropsResult<P>>;
+    private createNodeClientFromNextApi;
 }

package/lib/src/index.js

@@ -1,38 +1,39 @@
+import * as crypto from 'crypto';
 import NodeClient from '@logto/node';
-export { ReservedScope, UserScope } from '@logto/node';
-import { withIronSessionApiRoute, withIronSessionSsr } from 'iron-session/next';
+export { LogtoClientError, LogtoError, LogtoRequestError, ReservedScope, UserScope } from '@logto/node';
 import LogtoNextBaseClient from './client.js';
+import { createSession } from './session.js';
 
 class LogtoClient extends LogtoNextBaseClient {
     constructor(config) {
         super(config, {
             NodeClient,
         });
-        this.handleSignIn = (redirectUri = `${this.config.baseUrl}/api/logto/sign-in-callback`, interactionMode) => withIronSessionApiRoute(async (request, response) => {
-            const nodeClient = this.createNodeClient(request.session);
+        this.handleSignIn = (redirectUri = `${this.config.baseUrl}/api/logto/sign-in-callback`, interactionMode) => async (request, response) => {
+            const nodeClient = await this.createNodeClientFromNextApi(request, response);
             await nodeClient.signIn(redirectUri, interactionMode);
             await this.storage?.save();
             if (this.navigateUrl) {
                 response.redirect(this.navigateUrl);
             }
-        }, this.ironSessionConfigs);
-        this.handleSignInCallback = (redirectTo = this.config.baseUrl) => withIronSessionApiRoute(async (request, response) => {
-            const nodeClient = this.createNodeClient(request.session);
+        };
+        this.handleSignInCallback = (redirectTo = this.config.baseUrl) => async (request, response) => {
+            const nodeClient = await this.createNodeClientFromNextApi(request, response);
             if (request.url) {
                 await nodeClient.handleSignInCallback(`${this.config.baseUrl}${request.url}`);
                 await this.storage?.save();
                 response.redirect(redirectTo);
             }
-        }, this.ironSessionConfigs);
-        this.handleSignOut = (redirectUri = this.config.baseUrl) => withIronSessionApiRoute(async (request, response) => {
-            const nodeClient = this.createNodeClient(request.session);
+        };
+        this.handleSignOut = (redirectUri = this.config.baseUrl) => async (request, response) => {
+            const nodeClient = await this.createNodeClientFromNextApi(request, response);
             await nodeClient.signOut(redirectUri);
-            request.session.destroy();
+            await this.storage?.destroy();
             await this.storage?.save();
             if (this.navigateUrl) {
                 response.redirect(this.navigateUrl);
             }
-        }, this.ironSessionConfigs);
+        };
         this.handleUser = (configs) => this.withLogtoApiRoute((request, response) => {
             response.json(request.user);
         }, configs);
@@ -55,18 +56,31 @@ class LogtoClient extends LogtoNextBaseClient {
             }
             response.status(404).end();
         };
-        this.withLogtoApiRoute = (handler, config = {}) => withIronSessionApiRoute(async (request, response) => {
-            const user = await this.getLogtoUserFromRequest(request.session, config);
+        this.withLogtoApiRoute = (handler, config = {}) => async (request, response) => {
+            const nodeClient = await this.createNodeClientFromNextApi(request, response);
+            const user = await nodeClient.getContext(config);
             // eslint-disable-next-line @silverhand/fp/no-mutating-methods
             Object.defineProperty(request, 'user', { enumerable: true, get: () => user });
             return handler(request, response);
-        }, this.ironSessionConfigs);
-        this.withLogtoSsr = (handler, configs = {}) => withIronSessionSsr(async (context) => {
-            const user = await this.getLogtoUserFromRequest(context.req.session, configs);
+        };
+        this.withLogtoSsr = (handler, configs = {}) => async (context) => {
+            const nodeClient = await this.createNodeClientFromNextApi(context.req, context.res);
+            const user = await nodeClient.getContext(configs);
             // eslint-disable-next-line @silverhand/fp/no-mutating-methods
             Object.defineProperty(context.req, 'user', { enumerable: true, get: () => user });
             return handler(context);
-        }, this.ironSessionConfigs);
+        };
+    }
+    async createNodeClientFromNextApi(request, response) {
+        const cookieName = `logto:${this.config.appId}`;
+        return super.createNodeClient(await createSession({
+            secret: this.config.cookieSecret,
+            crypto,
+        }, request.cookies[cookieName] ?? '', (value) => {
+            const secure = this.config.cookieSecure;
+            const maxAge = 14 * 3600 * 24;
+            response.setHeader('Set-Cookie', `${cookieName}=${value}; Path=/; Max-Age=${maxAge}; ${secure ? 'Secure; SameSite=None' : ''}`);
+        }));
     }
 }
 

package/lib/src/session.cjs

@@ -0,0 +1,73 @@
+'use strict';
+
+async function getKeyFromPassword(password, crypto) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(password);
+    const hash = await crypto.subtle.digest('SHA-256', data);
+    // Convert the hash to a hex string
+    return Array.from(new Uint8Array(hash))
+        .map((byte) => byte.toString(16).padStart(2, '0'))
+        .join('');
+}
+async function encrypt(text, password, crypto) {
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encodedPlaintext = new TextEncoder().encode(text);
+    const secretKey = await crypto.subtle.importKey('raw', Buffer.from(await getKeyFromPassword(password, crypto), 'hex'), {
+        name: 'AES-GCM',
+        length: 256,
+    }, true, ['encrypt', 'decrypt']);
+    const ciphertext = await crypto.subtle.encrypt({
+        name: 'AES-GCM',
+        iv,
+    }, secretKey, encodedPlaintext);
+    return {
+        ciphertext: Buffer.from(ciphertext).toString('base64'),
+        iv: Buffer.from(iv).toString('base64'),
+    };
+}
+async function decrypt(ciphertext, iv, password, crypto) {
+    const secretKey = await crypto.subtle.importKey('raw', Buffer.from(await getKeyFromPassword(password, crypto), 'hex'), {
+        name: 'AES-GCM',
+        length: 256,
+    }, true, ['encrypt', 'decrypt']);
+    const cleartext = await crypto.subtle.decrypt({
+        name: 'AES-GCM',
+        iv: Buffer.from(iv, 'base64'),
+    }, secretKey, Buffer.from(ciphertext, 'base64'));
+    return new TextDecoder().decode(cleartext);
+}
+const unwrapSession = async (cookie, secret, crypto) => {
+    try {
+        const [ciphertext, iv] = cookie.split('.');
+        if (!ciphertext || !iv) {
+            return {};
+        }
+        const decrypted = await decrypt(ciphertext, iv, secret, crypto);
+        // eslint-disable-next-line no-restricted-syntax
+        return JSON.parse(decrypted);
+    }
+    catch {
+        // Ignore invalid session
+    }
+    return {};
+};
+const wrapSession = async (session, secret, crypto) => {
+    const { ciphertext, iv } = await encrypt(JSON.stringify(session), secret, crypto);
+    return `${ciphertext}.${iv}`;
+};
+const createSession = async ({ secret, crypto }, cookie, setCookie) => {
+    const data = await unwrapSession(cookie, secret, crypto);
+    const getValues = async () => wrapSession(session, secret, crypto);
+    const session = {
+        ...data,
+        save: async () => {
+            setCookie?.(await getValues());
+        },
+        getValues,
+    };
+    return session;
+};
+
+exports.createSession = createSession;
+exports.unwrapSession = unwrapSession;
+exports.wrapSession = wrapSession;

package/lib/src/session.d.ts

@@ -0,0 +1,9 @@
+import { type SessionData, type Session } from './types';
+export declare const unwrapSession: (cookie: string, secret: string, crypto: Crypto) => Promise<SessionData>;
+export declare const wrapSession: (session: SessionData, secret: string, crypto: Crypto) => Promise<string>;
+type SessionConfigs = {
+    secret: string;
+    crypto: Crypto;
+};
+export declare const createSession: ({ secret, crypto }: SessionConfigs, cookie: string, setCookie?: ((value: string) => void) | undefined) => Promise<Session>;
+export {};

package/lib/src/session.js

@@ -0,0 +1,69 @@
+async function getKeyFromPassword(password, crypto) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(password);
+    const hash = await crypto.subtle.digest('SHA-256', data);
+    // Convert the hash to a hex string
+    return Array.from(new Uint8Array(hash))
+        .map((byte) => byte.toString(16).padStart(2, '0'))
+        .join('');
+}
+async function encrypt(text, password, crypto) {
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encodedPlaintext = new TextEncoder().encode(text);
+    const secretKey = await crypto.subtle.importKey('raw', Buffer.from(await getKeyFromPassword(password, crypto), 'hex'), {
+        name: 'AES-GCM',
+        length: 256,
+    }, true, ['encrypt', 'decrypt']);
+    const ciphertext = await crypto.subtle.encrypt({
+        name: 'AES-GCM',
+        iv,
+    }, secretKey, encodedPlaintext);
+    return {
+        ciphertext: Buffer.from(ciphertext).toString('base64'),
+        iv: Buffer.from(iv).toString('base64'),
+    };
+}
+async function decrypt(ciphertext, iv, password, crypto) {
+    const secretKey = await crypto.subtle.importKey('raw', Buffer.from(await getKeyFromPassword(password, crypto), 'hex'), {
+        name: 'AES-GCM',
+        length: 256,
+    }, true, ['encrypt', 'decrypt']);
+    const cleartext = await crypto.subtle.decrypt({
+        name: 'AES-GCM',
+        iv: Buffer.from(iv, 'base64'),
+    }, secretKey, Buffer.from(ciphertext, 'base64'));
+    return new TextDecoder().decode(cleartext);
+}
+const unwrapSession = async (cookie, secret, crypto) => {
+    try {
+        const [ciphertext, iv] = cookie.split('.');
+        if (!ciphertext || !iv) {
+            return {};
+        }
+        const decrypted = await decrypt(ciphertext, iv, secret, crypto);
+        // eslint-disable-next-line no-restricted-syntax
+        return JSON.parse(decrypted);
+    }
+    catch {
+        // Ignore invalid session
+    }
+    return {};
+};
+const wrapSession = async (session, secret, crypto) => {
+    const { ciphertext, iv } = await encrypt(JSON.stringify(session), secret, crypto);
+    return `${ciphertext}.${iv}`;
+};
+const createSession = async ({ secret, crypto }, cookie, setCookie) => {
+    const data = await unwrapSession(cookie, secret, crypto);
+    const getValues = async () => wrapSession(session, secret, crypto);
+    const session = {
+        ...data,
+        save: async () => {
+            setCookie?.(await getValues());
+        },
+        getValues,
+    };
+    return session;
+};
+
+export { createSession, unwrapSession, wrapSession };

package/lib/src/session.test.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/src/storage.cjs

@@ -2,6 +2,8 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
+var NodeClient = require('@logto/node/edge');
+
 class NextStorage {
     constructor(session) {
         this.session = session;
@@ -22,6 +24,13 @@ class NextStorage {
         this.session[key] = undefined;
         this.sessionChanged = true;
     }
+    async destroy() {
+        this.session[NodeClient.PersistKey.AccessToken] = undefined;
+        this.session[NodeClient.PersistKey.IdToken] = undefined;
+        this.session[NodeClient.PersistKey.SignInSession] = undefined;
+        this.session[NodeClient.PersistKey.RefreshToken] = undefined;
+        this.sessionChanged = true;
+    }
     async save() {
         if (!this.sessionChanged) {
             return;

package/lib/src/storage.d.ts

@@ -1,11 +1,15 @@
-import type { Storage, StorageKey } from '@logto/node';
-import { type IronSession } from 'iron-session';
-export default class NextStorage implements Storage<StorageKey> {
+import { type Storage } from '@logto/node';
+import { PersistKey } from '@logto/node/edge';
+import { type Session } from './types';
+export default class NextStorage implements Storage<PersistKey> {
     private readonly session;
     private sessionChanged;
-    constructor(session: IronSession);
-    setItem(key: StorageKey, value: string): Promise<void>;
-    getItem(key: StorageKey): Promise<string | null>;
-    removeItem(key: StorageKey): Promise<void>;
+    constructor(session: Session & {
+        save: () => Promise<void>;
+    });
+    setItem(key: PersistKey, value: string): Promise<void>;
+    getItem(key: PersistKey): Promise<string | null>;
+    removeItem(key: PersistKey): Promise<void>;
+    destroy(): Promise<void>;
     save(): Promise<void>;
 }

package/lib/src/storage.js

@@ -1,3 +1,5 @@
+import { PersistKey } from '@logto/node/edge';
+
 class NextStorage {
     constructor(session) {
         this.session = session;
@@ -18,6 +20,13 @@ class NextStorage {
         this.session[key] = undefined;
         this.sessionChanged = true;
     }
+    async destroy() {
+        this.session[PersistKey.AccessToken] = undefined;
+        this.session[PersistKey.IdToken] = undefined;
+        this.session[PersistKey.SignInSession] = undefined;
+        this.session[PersistKey.RefreshToken] = undefined;
+        this.sessionChanged = true;
+    }
     async save() {
         if (!this.sessionChanged) {
             return;

package/lib/src/types.d.ts

@@ -1,18 +1,15 @@
-import type { LogtoConfig } from '@logto/node';
+import type { LogtoConfig, PersistKey } from '@logto/node';
 import type NodeClient from '@logto/node';
-import type { IronSession } from 'iron-session';
-import type { NextApiRequest } from 'next';
-export type NextRequestWithIronSession = NextApiRequest & {
-    session: IronSession;
+export type SessionData = {
+    [PersistKey.AccessToken]?: string;
+    [PersistKey.IdToken]?: string;
+    [PersistKey.SignInSession]?: string;
+    [PersistKey.RefreshToken]?: string;
+};
+export type Session = SessionData & {
+    save: () => Promise<void>;
+    getValues?: () => Promise<string>;
 };
-declare module 'iron-session' {
-    interface IronSessionData {
-        accessToken?: string;
-        idToken?: string;
-        signInSession?: string;
-        refreshToken?: string;
-    }
-}
 export type LogtoNextConfig = LogtoConfig & {
     cookieSecret: string;
     cookieSecure: boolean;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/next",
-  "version": "2.1.3",
+  "version": "2.2.0",
   "type": "module",
   "main": "./lib/src/index.cjs",
   "module": "./lib/src/index.js",
@@ -12,6 +12,9 @@
       ],
       "edge": [
         "./lib/edge/index.d.ts"
+      ],
+      "server-actions": [
+        "./lib/server-actions/index.d.ts"
       ]
     }
   },
@@ -25,6 +28,11 @@
       "require": "./lib/edge/index.cjs",
       "import": "./lib/edge/index.js",
       "types": "./lib/edge/index.d.ts"
+    },
+    "./server-actions": {
+      "require": "./lib/server-actions/index.cjs",
+      "import": "./lib/server-actions/index.js",
+      "types": "./lib/server-actions/index.d.ts"
     }
   },
   "files": [
@@ -37,8 +45,8 @@
     "directory": "packages/next"
   },
   "dependencies": {
-    "@logto/node": "^2.1.1",
-    "iron-session": "^6.3.1"
+    "@edge-runtime/cookies": "^4.0.0",
+    "@logto/node": "^2.1.2"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "^4.0.1",
@@ -49,10 +57,10 @@
     "@types/jest": "^29.5.0",
     "eslint": "^8.44.0",
     "jest": "^29.5.0",
-    "jest-location-mock": "^1.0.9",
+    "jest-location-mock": "^2.0.0",
     "jest-matcher-specific-error": "^1.0.0",
     "lint-staged": "^14.0.0",
-    "next": "^13.0.4",
+    "next": "^13.5.3",
     "next-test-api-route-handler": "^3.1.6",
     "prettier": "^3.0.0",
     "react": "^18.2.0",