@logto/next 2.4.0 → 3.1.0

package/README.md

@@ -1,9 +1,14 @@
 # Logto Next.js SDK
+
 [![Version](https://img.shields.io/npm/v/@logto/next)](https://www.npmjs.com/package/@logto/next)
 [![Build Status](https://github.com/logto-io/js/actions/workflows/main.yml/badge.svg)](https://github.com/logto-io/js/actions/workflows/main.yml)
 [![Codecov](https://img.shields.io/codecov/c/github/logto-io/js)](https://app.codecov.io/gh/logto-io/js?branch=master)
 
-The Logto Next.js SDK written in TypeScript. Check out our [integration guide](https://docs.logto.io/docs/recipes/integrate-logto/next-js) or [docs](https://docs.logto.io/sdk/JavaScript/next/) for more information.
+The Logto Next.js SDK written in TypeScript.
+
+Check out our [docs](https://docs.logto.io/sdk/next) for more information.
+
+If you are using App Router and Server Actions, check out the [docs](https://docs.logto.io/sdk/next-app-router) for more information.
 
 ## Installation
 
@@ -25,18 +30,16 @@ yarn add @logto/next
 pnpm add @logto/next
 ```
 
-## Get sample
-
-A sample project can be found at [Next.js Sample](https://github.com/logto-io/js/tree/master/packages/next-sample)
+## Products
 
-Check out the source code and try it with ease.
-
-```bash
-pnpm i && pnpm start
-```
+| Name                  | Description                                   |
+| --------------------- | --------------------------------------------- |
+| @logto/next           | Traditional Next.js SDK using Page Router     |
+| @logto/edge           | Next.js SDK running in edge environment       |
+| @logto/server-actions | Next.js SDK for App Router and Server Actions |
 
 ## Resources
 
 [![Website](https://img.shields.io/badge/website-logto.io-8262F8.svg)](https://logto.io/)
-[![Docs](https://img.shields.io/badge/docs-logto.io-green.svg)](https://docs.logto.io/sdk/JavaScript/next/)
+[![Docs](https://img.shields.io/badge/docs-logto.io-green.svg)](https://docs.logto.io/)
 [![Discord](https://img.shields.io/discord/965845662535147551?logo=discord&logoColor=ffffff&color=7389D8&cacheSeconds=600)](https://discord.gg/UEPaF3j5e6)

package/lib/edge/index.cjs

@@ -3,9 +3,9 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var cookies = require('@edge-runtime/cookies');
+var NodeClient$1 = require('@logto/node');
 var NodeClient = require('@logto/node/edge');
 var client = require('../src/client.cjs');
-var session = require('../src/session.cjs');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
@@ -72,6 +72,7 @@ class LogtoClient extends client.default {
         this.getLogtoContext = async (request, config = {}) => {
             const { nodeClient } = await this.createNodeClientFromEdgeRequest(request);
             const context = await nodeClient.getContext(config);
+            await this.storage?.save();
             return context;
         };
     }
@@ -80,7 +81,7 @@ class LogtoClient extends client.default {
         const cookies$1 = new cookies.RequestCookies(request.headers);
         const headers = new Headers();
         const responseCookies = new cookies.ResponseCookies(headers);
-        const nodeClient = super.createNodeClient(await session.createSession({
+        const nodeClient = super.createNodeClient(await NodeClient$1.createSession({
             secret: this.config.cookieSecret,
             crypto,
         }, cookies$1.get(cookieName)?.value ?? '', (value) => {

package/lib/edge/index.js

@@ -1,7 +1,7 @@
 import { RequestCookies, ResponseCookies } from '@edge-runtime/cookies';
+import { createSession } from '@logto/node';
 import NodeClient from '@logto/node/edge';
 import LogtoNextBaseClient from '../src/client.js';
-import { createSession } from '../src/session.js';
 
 class LogtoClient extends LogtoNextBaseClient {
     constructor(config) {
@@ -64,6 +64,7 @@ class LogtoClient extends LogtoNextBaseClient {
         this.getLogtoContext = async (request, config = {}) => {
             const { nodeClient } = await this.createNodeClientFromEdgeRequest(request);
             const context = await nodeClient.getContext(config);
+            await this.storage?.save();
             return context;
         };
     }

package/lib/server-actions/client.cjs

@@ -0,0 +1,89 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var NodeClient$1 = require('@logto/node');
+var NodeClient = require('@logto/node/edge');
+var client = require('../src/client.cjs');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var NodeClient__default = /*#__PURE__*/_interopDefault(NodeClient);
+
+class LogtoClient extends client.default {
+    constructor(config) {
+        super(config, {
+            NodeClient: NodeClient__default.default,
+        });
+    }
+    /**
+     * Init sign-in and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (callbackUri) to redirect to after sign in
+     * @param interactionMode OIDC interaction mode
+     * @returns the url to redirect to and new cookie if any
+     */
+    async handleSignIn(cookie, redirectUri, interactionMode) {
+        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.signIn(redirectUri, interactionMode);
+        if (!this.navigateUrl) {
+            // Not expected to happen
+            throw new Error('navigateUrl is not set');
+        }
+        return {
+            url: this.navigateUrl,
+            newCookie: await session.getValues?.(),
+        };
+    }
+    /**
+     * Init sign-out and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (postSignOutUri) to redirect to after sign out
+     * @returns the url to redirect to
+     */
+    async handleSignOut(cookie, redirectUri = this.config.baseUrl) {
+        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.signOut(redirectUri);
+        if (!this.navigateUrl) {
+            // Not expected to happen
+            throw new Error('navigateUrl is not set');
+        }
+        return this.navigateUrl;
+    }
+    /**
+     * Handle sign-in callback from Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param callbackUrl the uri (callbackUri) to redirect to after sign in, should match the one used in handleSignIn
+     * @returns new cookie if any
+     */
+    async handleSignInCallback(cookie, callbackUrl) {
+        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.handleSignInCallback(callbackUrl);
+        return session.getValues?.();
+    }
+    /**
+     * Get Logto context from cookies.
+     *
+     * @param cookie the raw cookie string
+     * @param config additional configs of GetContextParameters
+     * @returns LogtoContext
+     */
+    async getLogtoContext(cookie, config = {}) {
+        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
+        const context = await nodeClient.getContext(config);
+        return context;
+    }
+    async createNodeClientFromHeaders(cookie) {
+        const session = await NodeClient$1.createSession({
+            secret: this.config.cookieSecret,
+            crypto,
+        }, cookie);
+        const nodeClient = super.createNodeClient(session);
+        return { nodeClient, session };
+    }
+}
+
+exports.default = LogtoClient;

package/lib/server-actions/client.d.ts

@@ -0,0 +1,47 @@
+import { type GetContextParameters, type InteractionMode } from '@logto/node';
+import BaseClient from '../src/client';
+import type { LogtoNextConfig } from '../src/types.js';
+export type { LogtoContext, InteractionMode } from '@logto/node';
+export default class LogtoClient extends BaseClient {
+    constructor(config: LogtoNextConfig);
+    /**
+     * Init sign-in and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (callbackUri) to redirect to after sign in
+     * @param interactionMode OIDC interaction mode
+     * @returns the url to redirect to and new cookie if any
+     */
+    handleSignIn(cookie: string, redirectUri: string, interactionMode?: InteractionMode): Promise<{
+        url: string;
+        newCookie?: string;
+    }>;
+    /**
+     * Init sign-out and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (postSignOutUri) to redirect to after sign out
+     * @returns the url to redirect to
+     */
+    handleSignOut(cookie: string, redirectUri?: string): Promise<string>;
+    /**
+     * Handle sign-in callback from Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param callbackUrl the uri (callbackUri) to redirect to after sign in, should match the one used in handleSignIn
+     * @returns new cookie if any
+     */
+    handleSignInCallback(cookie: string, callbackUrl: string): Promise<string | undefined>;
+    /**
+     * Get Logto context from cookies.
+     *
+     * @param cookie the raw cookie string
+     * @param config additional configs of GetContextParameters
+     * @returns LogtoContext
+     */
+    getLogtoContext(cookie: string, config?: GetContextParameters): Promise<import("@logto/node").LogtoContext>;
+    createNodeClientFromHeaders(cookie: string): Promise<{
+        nodeClient: import("@logto/node").default;
+        session: import("@logto/node").Session;
+    }>;
+}

package/lib/server-actions/client.js

@@ -0,0 +1,81 @@
+import { createSession } from '@logto/node';
+import NodeClient from '@logto/node/edge';
+import LogtoNextBaseClient from '../src/client.js';
+
+class LogtoClient extends LogtoNextBaseClient {
+    constructor(config) {
+        super(config, {
+            NodeClient,
+        });
+    }
+    /**
+     * Init sign-in and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (callbackUri) to redirect to after sign in
+     * @param interactionMode OIDC interaction mode
+     * @returns the url to redirect to and new cookie if any
+     */
+    async handleSignIn(cookie, redirectUri, interactionMode) {
+        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.signIn(redirectUri, interactionMode);
+        if (!this.navigateUrl) {
+            // Not expected to happen
+            throw new Error('navigateUrl is not set');
+        }
+        return {
+            url: this.navigateUrl,
+            newCookie: await session.getValues?.(),
+        };
+    }
+    /**
+     * Init sign-out and return the url to redirect to Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param redirectUri the uri (postSignOutUri) to redirect to after sign out
+     * @returns the url to redirect to
+     */
+    async handleSignOut(cookie, redirectUri = this.config.baseUrl) {
+        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.signOut(redirectUri);
+        if (!this.navigateUrl) {
+            // Not expected to happen
+            throw new Error('navigateUrl is not set');
+        }
+        return this.navigateUrl;
+    }
+    /**
+     * Handle sign-in callback from Logto.
+     *
+     * @param cookie the raw cookie string
+     * @param callbackUrl the uri (callbackUri) to redirect to after sign in, should match the one used in handleSignIn
+     * @returns new cookie if any
+     */
+    async handleSignInCallback(cookie, callbackUrl) {
+        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
+        await nodeClient.handleSignInCallback(callbackUrl);
+        return session.getValues?.();
+    }
+    /**
+     * Get Logto context from cookies.
+     *
+     * @param cookie the raw cookie string
+     * @param config additional configs of GetContextParameters
+     * @returns LogtoContext
+     */
+    async getLogtoContext(cookie, config = {}) {
+        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
+        const context = await nodeClient.getContext(config);
+        return context;
+    }
+    async createNodeClientFromHeaders(cookie) {
+        const session = await createSession({
+            secret: this.config.cookieSecret,
+            crypto,
+        }, cookie);
+        const nodeClient = super.createNodeClient(session);
+        return { nodeClient, session };
+    }
+}
+
+export { LogtoClient as default };

package/lib/server-actions/cookie.cjs

@@ -0,0 +1,16 @@
+'use strict';
+
+const getCookies = async (config) => {
+    const { cookies } = await import('next/headers');
+    return cookies().get(`logto:${config.appId}`)?.value ?? '';
+};
+const setCookies = async (newCookie, config) => {
+    const { cookies } = await import('next/headers');
+    cookies().set(`logto:${config.appId}`, newCookie, {
+        maxAge: 14 * 3600 * 24,
+        secure: config.cookieSecure,
+    });
+};
+
+exports.getCookies = getCookies;
+exports.setCookies = setCookies;

package/lib/server-actions/cookie.d.ts

@@ -0,0 +1,3 @@
+import { type LogtoNextConfig } from '../src/types';
+export declare const getCookies: (config: LogtoNextConfig) => Promise<string>;
+export declare const setCookies: (newCookie: string, config: LogtoNextConfig) => Promise<void>;

package/lib/server-actions/cookie.js

@@ -0,0 +1,13 @@
+const getCookies = async (config) => {
+    const { cookies } = await import('next/headers');
+    return cookies().get(`logto:${config.appId}`)?.value ?? '';
+};
+const setCookies = async (newCookie, config) => {
+    const { cookies } = await import('next/headers');
+    cookies().set(`logto:${config.appId}`, newCookie, {
+        maxAge: 14 * 3600 * 24,
+        secure: config.cookieSecure,
+    });
+};
+
+export { getCookies, setCookies };

package/lib/server-actions/index.cjs

@@ -2,88 +2,68 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var NodeClient = require('@logto/node/edge');
-var client = require('../src/client.cjs');
-var session = require('../src/session.cjs');
+var navigation = require('next/navigation');
+var client = require('./client.cjs');
+var cookie = require('./cookie.cjs');
 
-function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
-
-var NodeClient__default = /*#__PURE__*/_interopDefault(NodeClient);
-
-class LogtoClient extends client.default {
-    constructor(config) {
-        super(config, {
-            NodeClient: NodeClient__default.default,
-        });
-    }
-    /**
-     * Init sign-in and return the url to redirect to Logto.
-     *
-     * @param cookie the raw cookie string
-     * @param redirectUri the uri (callbackUri) to redirect to after sign in
-     * @param interactionMode OIDC interaction mode
-     * @returns the url to redirect to and new cookie if any
-     */
-    async handleSignIn(cookie, redirectUri, interactionMode) {
-        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
-        await nodeClient.signIn(redirectUri, interactionMode);
-        if (!this.navigateUrl) {
-            // Not expected to happen
-            throw new Error('navigateUrl is not set');
-        }
-        return {
-            url: this.navigateUrl,
-            newCookie: await session.getValues?.(),
-        };
-    }
-    /**
-     * Init sign-out and return the url to redirect to Logto.
-     *
-     * @param cookie the raw cookie string
-     * @param redirectUri the uri (postSignOutUri) to redirect to after sign out
-     * @returns the url to redirect to
-     */
-    async handleSignOut(cookie, redirectUri = this.config.baseUrl) {
-        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
-        await nodeClient.signOut(redirectUri);
-        if (!this.navigateUrl) {
-            // Not expected to happen
-            throw new Error('navigateUrl is not set');
-        }
-        return this.navigateUrl;
-    }
-    /**
-     * Handle sign-in callback from Logto.
-     *
-     * @param cookie the raw cookie string
-     * @param callbackUrl the uri (callbackUri) to redirect to after sign in, should match the one used in handleSignIn
-     * @returns new cookie if any
-     */
-    async handleSignInCallback(cookie, callbackUrl) {
-        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
-        await nodeClient.handleSignInCallback(callbackUrl);
-        return session.getValues?.();
+/**
+ * Init sign in process and redirect to the Logto sign-in page
+ */
+const signIn = async (config, redirectUri, interactionMode) => {
+    const client$1 = new client.default(config);
+    const { url, newCookie } = await client$1.handleSignIn(await cookie.getCookies(config), redirectUri ?? `${config.baseUrl}/callback`, interactionMode);
+    if (newCookie) {
+        await cookie.setCookies(newCookie, config);
     }
-    /**
-     * Get Logto context from cookies.
-     *
-     * @param cookie the raw cookie string
-     * @param config additional configs of GetContextParameters
-     * @returns LogtoContext
-     */
-    async getLogtoContext(cookie, config = {}) {
-        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
-        const context = await nodeClient.getContext(config);
-        return context;
+    navigation.redirect(url);
+};
+/**
+ * Handle sign in callback from search params, save tokens to session
+ */
+const handleSignIn = async (config, searchParams) => {
+    const search = searchParams.toString();
+    const client$1 = new client.default(config);
+    const newCookie = await client$1.handleSignInCallback(await cookie.getCookies(config), `${config.baseUrl}/callback?${search}`);
+    if (newCookie) {
+        await cookie.setCookies(newCookie, config);
     }
-    async createNodeClientFromHeaders(cookie) {
-        const session$1 = await session.createSession({
-            secret: this.config.cookieSecret,
-            crypto,
-        }, cookie);
-        const nodeClient = super.createNodeClient(session$1);
-        return { nodeClient, session: session$1 };
+};
+/**
+ * Init sign out process, clear session, and redirect to the Logto sign-out page
+ */
+const signOut = async (config, redirectUri) => {
+    const client$1 = new client.default(config);
+    const url = await client$1.handleSignOut(await cookie.getCookies(config), redirectUri);
+    await cookie.setCookies('', config);
+    navigation.redirect(url);
+};
+/**
+ * Get Logto context from session, including auth status and claims
+ */
+const getLogtoContext = async (config, getContextParameters) => {
+    const client$1 = new client.default(config);
+    return client$1.getLogtoContext(await cookie.getCookies(config), getContextParameters);
+};
+/**
+ * Get organization tokens from session
+ */
+const getOrganizationTokens = async (config) => {
+    const { isAuthenticated } = await getLogtoContext(config);
+    if (!isAuthenticated) {
+        return [];
     }
-}
+    const client$1 = new client.default(config);
+    const { nodeClient } = await client$1.createNodeClientFromHeaders(await cookie.getCookies(config));
+    const { organizations = [] } = await nodeClient.getIdTokenClaims();
+    return Promise.all(organizations.map(async (organizationId) => ({
+        id: organizationId,
+        token: await nodeClient.getOrganizationToken(organizationId),
+    })));
+};
 
-exports.default = LogtoClient;
+exports.default = client.default;
+exports.getLogtoContext = getLogtoContext;
+exports.getOrganizationTokens = getOrganizationTokens;
+exports.handleSignIn = handleSignIn;
+exports.signIn = signIn;
+exports.signOut = signOut;

package/lib/server-actions/index.d.ts

@@ -1,47 +1,27 @@
-import { type GetContextParameters, type InteractionMode } from '@logto/node';
-import BaseClient from '../src/client';
+import { type LogtoContext, type GetContextParameters, type InteractionMode } from '@logto/node';
 import type { LogtoNextConfig } from '../src/types.js';
 export type { LogtoContext, InteractionMode } from '@logto/node';
-export default class LogtoClient extends BaseClient {
-    constructor(config: LogtoNextConfig);
-    /**
-     * Init sign-in and return the url to redirect to Logto.
-     *
-     * @param cookie the raw cookie string
-     * @param redirectUri the uri (callbackUri) to redirect to after sign in
-     * @param interactionMode OIDC interaction mode
-     * @returns the url to redirect to and new cookie if any
-     */
-    handleSignIn(cookie: string, redirectUri: string, interactionMode?: InteractionMode): Promise<{
-        url: string;
-        newCookie?: string;
-    }>;
-    /**
-     * Init sign-out and return the url to redirect to Logto.
-     *
-     * @param cookie the raw cookie string
-     * @param redirectUri the uri (postSignOutUri) to redirect to after sign out
-     * @returns the url to redirect to
-     */
-    handleSignOut(cookie: string, redirectUri?: string): Promise<string>;
-    /**
-     * Handle sign-in callback from Logto.
-     *
-     * @param cookie the raw cookie string
-     * @param callbackUrl the uri (callbackUri) to redirect to after sign in, should match the one used in handleSignIn
-     * @returns new cookie if any
-     */
-    handleSignInCallback(cookie: string, callbackUrl: string): Promise<string | undefined>;
-    /**
-     * Get Logto context from cookies.
-     *
-     * @param cookie the raw cookie string
-     * @param config additional configs of GetContextParameters
-     * @returns LogtoContext
-     */
-    getLogtoContext(cookie: string, config?: GetContextParameters): Promise<import("@logto/node").LogtoContext>;
-    createNodeClientFromHeaders(cookie: string): Promise<{
-        nodeClient: import("@logto/node").default;
-        session: import("../src/types.js").Session;
-    }>;
-}
+/**
+ * Init sign in process and redirect to the Logto sign-in page
+ */
+export declare const signIn: (config: LogtoNextConfig, redirectUri?: string, interactionMode?: InteractionMode) => Promise<void>;
+/**
+ * Handle sign in callback from search params, save tokens to session
+ */
+export declare const handleSignIn: (config: LogtoNextConfig, searchParams: URLSearchParams) => Promise<void>;
+/**
+ * Init sign out process, clear session, and redirect to the Logto sign-out page
+ */
+export declare const signOut: (config: LogtoNextConfig, redirectUri?: string) => Promise<void>;
+/**
+ * Get Logto context from session, including auth status and claims
+ */
+export declare const getLogtoContext: (config: LogtoNextConfig, getContextParameters?: GetContextParameters) => Promise<LogtoContext>;
+/**
+ * Get organization tokens from session
+ */
+export declare const getOrganizationTokens: (config: LogtoNextConfig) => Promise<{
+    id: string;
+    token: string;
+}[]>;
+export { default } from './client';

package/lib/server-actions/index.js

@@ -1,81 +1,60 @@
-import NodeClient from '@logto/node/edge';
-import LogtoNextBaseClient from '../src/client.js';
-import { createSession } from '../src/session.js';
+import { redirect } from 'next/navigation';
+import LogtoClient from './client.js';
+import { getCookies, setCookies } from './cookie.js';
 
-class LogtoClient extends LogtoNextBaseClient {
-    constructor(config) {
-        super(config, {
-            NodeClient,
-        });
+/**
+ * Init sign in process and redirect to the Logto sign-in page
+ */
+const signIn = async (config, redirectUri, interactionMode) => {
+    const client = new LogtoClient(config);
+    const { url, newCookie } = await client.handleSignIn(await getCookies(config), redirectUri ?? `${config.baseUrl}/callback`, interactionMode);
+    if (newCookie) {
+        await setCookies(newCookie, config);
     }
-    /**
-     * Init sign-in and return the url to redirect to Logto.
-     *
-     * @param cookie the raw cookie string
-     * @param redirectUri the uri (callbackUri) to redirect to after sign in
-     * @param interactionMode OIDC interaction mode
-     * @returns the url to redirect to and new cookie if any
-     */
-    async handleSignIn(cookie, redirectUri, interactionMode) {
-        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
-        await nodeClient.signIn(redirectUri, interactionMode);
-        if (!this.navigateUrl) {
-            // Not expected to happen
-            throw new Error('navigateUrl is not set');
-        }
-        return {
-            url: this.navigateUrl,
-            newCookie: await session.getValues?.(),
-        };
+    redirect(url);
+};
+/**
+ * Handle sign in callback from search params, save tokens to session
+ */
+const handleSignIn = async (config, searchParams) => {
+    const search = searchParams.toString();
+    const client = new LogtoClient(config);
+    const newCookie = await client.handleSignInCallback(await getCookies(config), `${config.baseUrl}/callback?${search}`);
+    if (newCookie) {
+        await setCookies(newCookie, config);
     }
-    /**
-     * Init sign-out and return the url to redirect to Logto.
-     *
-     * @param cookie the raw cookie string
-     * @param redirectUri the uri (postSignOutUri) to redirect to after sign out
-     * @returns the url to redirect to
-     */
-    async handleSignOut(cookie, redirectUri = this.config.baseUrl) {
-        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
-        await nodeClient.signOut(redirectUri);
-        if (!this.navigateUrl) {
-            // Not expected to happen
-            throw new Error('navigateUrl is not set');
-        }
-        return this.navigateUrl;
+};
+/**
+ * Init sign out process, clear session, and redirect to the Logto sign-out page
+ */
+const signOut = async (config, redirectUri) => {
+    const client = new LogtoClient(config);
+    const url = await client.handleSignOut(await getCookies(config), redirectUri);
+    await setCookies('', config);
+    redirect(url);
+};
+/**
+ * Get Logto context from session, including auth status and claims
+ */
+const getLogtoContext = async (config, getContextParameters) => {
+    const client = new LogtoClient(config);
+    return client.getLogtoContext(await getCookies(config), getContextParameters);
+};
+/**
+ * Get organization tokens from session
+ */
+const getOrganizationTokens = async (config) => {
+    const { isAuthenticated } = await getLogtoContext(config);
+    if (!isAuthenticated) {
+        return [];
     }
-    /**
-     * Handle sign-in callback from Logto.
-     *
-     * @param cookie the raw cookie string
-     * @param callbackUrl the uri (callbackUri) to redirect to after sign in, should match the one used in handleSignIn
-     * @returns new cookie if any
-     */
-    async handleSignInCallback(cookie, callbackUrl) {
-        const { nodeClient, session } = await this.createNodeClientFromHeaders(cookie);
-        await nodeClient.handleSignInCallback(callbackUrl);
-        return session.getValues?.();
-    }
-    /**
-     * Get Logto context from cookies.
-     *
-     * @param cookie the raw cookie string
-     * @param config additional configs of GetContextParameters
-     * @returns LogtoContext
-     */
-    async getLogtoContext(cookie, config = {}) {
-        const { nodeClient } = await this.createNodeClientFromHeaders(cookie);
-        const context = await nodeClient.getContext(config);
-        return context;
-    }
-    async createNodeClientFromHeaders(cookie) {
-        const session = await createSession({
-            secret: this.config.cookieSecret,
-            crypto,
-        }, cookie);
-        const nodeClient = super.createNodeClient(session);
-        return { nodeClient, session };
-    }
-}
+    const client = new LogtoClient(config);
+    const { nodeClient } = await client.createNodeClientFromHeaders(await getCookies(config));
+    const { organizations = [] } = await nodeClient.getIdTokenClaims();
+    return Promise.all(organizations.map(async (organizationId) => ({
+        id: organizationId,
+        token: await nodeClient.getOrganizationToken(organizationId),
+    })));
+};
 
-export { LogtoClient as default };
+export { LogtoClient as default, getLogtoContext, getOrganizationTokens, handleSignIn, signIn, signOut };

package/lib/src/client.d.ts

@@ -1,5 +1,6 @@
+import { type Session } from '@logto/node';
 import NextStorage from './storage';
-import type { Adapters, LogtoNextConfig, Session } from './types';
+import type { Adapters, LogtoNextConfig } from './types';
 export default class LogtoNextBaseClient {
     protected readonly config: LogtoNextConfig;
     protected readonly adapters: Adapters;

package/lib/src/index.cjs

@@ -2,32 +2,11 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var crypto = require('crypto');
 var NodeClient = require('@logto/node');
 var client = require('./client.cjs');
-var session = require('./session.cjs');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
-function _interopNamespace(e) {
-    if (e && e.__esModule) return e;
-    var n = Object.create(null);
-    if (e) {
-        Object.keys(e).forEach(function (k) {
-            if (k !== 'default') {
-                var d = Object.getOwnPropertyDescriptor(e, k);
-                Object.defineProperty(n, k, d.get ? d : {
-                    enumerable: true,
-                    get: function () { return e[k]; }
-                });
-            }
-        });
-    }
-    n.default = e;
-    return Object.freeze(n);
-}
-
-var crypto__namespace = /*#__PURE__*/_interopNamespace(crypto);
 var NodeClient__default = /*#__PURE__*/_interopDefault(NodeClient);
 
 class LogtoClient extends client.default {
@@ -85,6 +64,7 @@ class LogtoClient extends client.default {
         this.withLogtoApiRoute = (handler, config = {}) => async (request, response) => {
             const nodeClient = await this.createNodeClientFromNextApi(request, response);
             const user = await nodeClient.getContext(config);
+            await this.storage?.save();
             // eslint-disable-next-line @silverhand/fp/no-mutating-methods
             Object.defineProperty(request, 'user', { enumerable: true, get: () => user });
             return handler(request, response);
@@ -92,6 +72,7 @@ class LogtoClient extends client.default {
         this.withLogtoSsr = (handler, configs = {}) => async (context) => {
             const nodeClient = await this.createNodeClientFromNextApi(context.req, context.res);
             const user = await nodeClient.getContext(configs);
+            await this.storage?.save();
             // eslint-disable-next-line @silverhand/fp/no-mutating-methods
             Object.defineProperty(context.req, 'user', { enumerable: true, get: () => user });
             return handler(context);
@@ -99,9 +80,9 @@ class LogtoClient extends client.default {
     }
     async createNodeClientFromNextApi(request, response) {
         const cookieName = `logto:${this.config.appId}`;
-        return super.createNodeClient(await session.createSession({
+        return super.createNodeClient(await NodeClient.createSession({
             secret: this.config.cookieSecret,
-            crypto: crypto__namespace,
+            crypto,
         }, request.cookies[cookieName] ?? '', (value) => {
             const secure = this.config.cookieSecure;
             const maxAge = 14 * 3600 * 24;
@@ -110,51 +91,51 @@ class LogtoClient extends client.default {
     }
 }
 
-Object.defineProperty(exports, 'LogtoClientError', {
+Object.defineProperty(exports, "LogtoClientError", {
     enumerable: true,
     get: function () { return NodeClient.LogtoClientError; }
 });
-Object.defineProperty(exports, 'LogtoError', {
+Object.defineProperty(exports, "LogtoError", {
     enumerable: true,
     get: function () { return NodeClient.LogtoError; }
 });
-Object.defineProperty(exports, 'LogtoRequestError', {
+Object.defineProperty(exports, "LogtoRequestError", {
     enumerable: true,
     get: function () { return NodeClient.LogtoRequestError; }
 });
-Object.defineProperty(exports, 'OidcError', {
+Object.defineProperty(exports, "OidcError", {
     enumerable: true,
     get: function () { return NodeClient.OidcError; }
 });
-Object.defineProperty(exports, 'PersistKey', {
+Object.defineProperty(exports, "PersistKey", {
     enumerable: true,
     get: function () { return NodeClient.PersistKey; }
 });
-Object.defineProperty(exports, 'Prompt', {
+Object.defineProperty(exports, "Prompt", {
     enumerable: true,
     get: function () { return NodeClient.Prompt; }
 });
-Object.defineProperty(exports, 'ReservedResource', {
+Object.defineProperty(exports, "ReservedResource", {
     enumerable: true,
     get: function () { return NodeClient.ReservedResource; }
 });
-Object.defineProperty(exports, 'ReservedScope', {
+Object.defineProperty(exports, "ReservedScope", {
     enumerable: true,
     get: function () { return NodeClient.ReservedScope; }
 });
-Object.defineProperty(exports, 'UserScope', {
+Object.defineProperty(exports, "UserScope", {
     enumerable: true,
     get: function () { return NodeClient.UserScope; }
 });
-Object.defineProperty(exports, 'buildOrganizationUrn', {
+Object.defineProperty(exports, "buildOrganizationUrn", {
     enumerable: true,
     get: function () { return NodeClient.buildOrganizationUrn; }
 });
-Object.defineProperty(exports, 'getOrganizationIdFromUrn', {
+Object.defineProperty(exports, "getOrganizationIdFromUrn", {
     enumerable: true,
     get: function () { return NodeClient.getOrganizationIdFromUrn; }
 });
-Object.defineProperty(exports, 'organizationUrnPrefix', {
+Object.defineProperty(exports, "organizationUrnPrefix", {
     enumerable: true,
     get: function () { return NodeClient.organizationUrnPrefix; }
 });

package/lib/src/index.d.ts

@@ -1,5 +1,5 @@
 /// <reference types="node" />
-import { type IncomingMessage, type ServerResponse } from 'http';
+import { type IncomingMessage, type ServerResponse } from 'node:http';
 import NodeClient, { type GetContextParameters, type InteractionMode } from '@logto/node';
 import { type GetServerSidePropsResult, type GetServerSidePropsContext, type NextApiHandler } from 'next';
 import { type NextApiRequestCookies } from 'next/dist/server/api-utils/index.js';

package/lib/src/index.js

@@ -1,8 +1,6 @@
-import * as crypto from 'crypto';
-import NodeClient from '@logto/node';
+import NodeClient, { createSession } from '@logto/node';
 export { LogtoClientError, LogtoError, LogtoRequestError, OidcError, PersistKey, Prompt, ReservedResource, ReservedScope, UserScope, buildOrganizationUrn, getOrganizationIdFromUrn, organizationUrnPrefix } from '@logto/node';
 import LogtoNextBaseClient from './client.js';
-import { createSession } from './session.js';
 
 class LogtoClient extends LogtoNextBaseClient {
     constructor(config) {
@@ -59,6 +57,7 @@ class LogtoClient extends LogtoNextBaseClient {
         this.withLogtoApiRoute = (handler, config = {}) => async (request, response) => {
             const nodeClient = await this.createNodeClientFromNextApi(request, response);
             const user = await nodeClient.getContext(config);
+            await this.storage?.save();
             // eslint-disable-next-line @silverhand/fp/no-mutating-methods
             Object.defineProperty(request, 'user', { enumerable: true, get: () => user });
             return handler(request, response);
@@ -66,6 +65,7 @@ class LogtoClient extends LogtoNextBaseClient {
         this.withLogtoSsr = (handler, configs = {}) => async (context) => {
             const nodeClient = await this.createNodeClientFromNextApi(context.req, context.res);
             const user = await nodeClient.getContext(configs);
+            await this.storage?.save();
             // eslint-disable-next-line @silverhand/fp/no-mutating-methods
             Object.defineProperty(context.req, 'user', { enumerable: true, get: () => user });
             return handler(context);

package/lib/src/storage.d.ts

@@ -1,6 +1,5 @@
-import { type Storage } from '@logto/node';
+import { type Session, type Storage } from '@logto/node';
 import { PersistKey } from '@logto/node/edge';
-import { type Session } from './types';
 export default class NextStorage implements Storage<PersistKey> {
     private readonly session;
     private sessionChanged;

package/lib/src/types.d.ts

@@ -1,15 +1,5 @@
-import type { LogtoConfig, PersistKey } from '@logto/node';
+import type { LogtoConfig } from '@logto/node';
 import type NodeClient from '@logto/node';
-export type SessionData = {
-    [PersistKey.AccessToken]?: string;
-    [PersistKey.IdToken]?: string;
-    [PersistKey.SignInSession]?: string;
-    [PersistKey.RefreshToken]?: string;
-};
-export type Session = SessionData & {
-    save: () => Promise<void>;
-    getValues?: () => Promise<string>;
-};
 export type LogtoNextConfig = LogtoConfig & {
     cookieSecret: string;
     cookieSecure: boolean;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/next",
-  "version": "2.4.0",
+  "version": "3.1.0",
   "type": "module",
   "main": "./lib/src/index.cjs",
   "module": "./lib/src/index.js",
@@ -46,7 +46,7 @@
   },
   "dependencies": {
     "@edge-runtime/cookies": "^4.0.0",
-    "@logto/node": "^2.2.0"
+    "@logto/node": "^2.4.0"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "^5.0.0",
@@ -65,16 +65,13 @@
     "prettier": "^3.0.0",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
-    "typescript": "^5.0.0"
+    "typescript": "^5.3.3"
   },
   "peerDependencies": {
     "next": ">=12"
   },
   "eslintConfig": {
-    "extends": "@silverhand",
-    "rules": {
-      "unicorn/prefer-node-protocol": "off"
-    }
+    "extends": "@silverhand"
   },
   "prettier": "@silverhand/eslint-config/.prettierrc",
   "publishConfig": {

package/lib/src/session.cjs

@@ -1,73 +0,0 @@
-'use strict';
-
-async function getKeyFromPassword(password, crypto) {
-    const encoder = new TextEncoder();
-    const data = encoder.encode(password);
-    const hash = await crypto.subtle.digest('SHA-256', data);
-    // Convert the hash to a hex string
-    return Array.from(new Uint8Array(hash))
-        .map((byte) => byte.toString(16).padStart(2, '0'))
-        .join('');
-}
-async function encrypt(text, password, crypto) {
-    const iv = crypto.getRandomValues(new Uint8Array(12));
-    const encodedPlaintext = new TextEncoder().encode(text);
-    const secretKey = await crypto.subtle.importKey('raw', Buffer.from(await getKeyFromPassword(password, crypto), 'hex'), {
-        name: 'AES-GCM',
-        length: 256,
-    }, true, ['encrypt', 'decrypt']);
-    const ciphertext = await crypto.subtle.encrypt({
-        name: 'AES-GCM',
-        iv,
-    }, secretKey, encodedPlaintext);
-    return {
-        ciphertext: Buffer.from(ciphertext).toString('base64'),
-        iv: Buffer.from(iv).toString('base64'),
-    };
-}
-async function decrypt(ciphertext, iv, password, crypto) {
-    const secretKey = await crypto.subtle.importKey('raw', Buffer.from(await getKeyFromPassword(password, crypto), 'hex'), {
-        name: 'AES-GCM',
-        length: 256,
-    }, true, ['encrypt', 'decrypt']);
-    const cleartext = await crypto.subtle.decrypt({
-        name: 'AES-GCM',
-        iv: Buffer.from(iv, 'base64'),
-    }, secretKey, Buffer.from(ciphertext, 'base64'));
-    return new TextDecoder().decode(cleartext);
-}
-const unwrapSession = async (cookie, secret, crypto) => {
-    try {
-        const [ciphertext, iv] = cookie.split('.');
-        if (!ciphertext || !iv) {
-            return {};
-        }
-        const decrypted = await decrypt(ciphertext, iv, secret, crypto);
-        // eslint-disable-next-line no-restricted-syntax
-        return JSON.parse(decrypted);
-    }
-    catch {
-        // Ignore invalid session
-    }
-    return {};
-};
-const wrapSession = async (session, secret, crypto) => {
-    const { ciphertext, iv } = await encrypt(JSON.stringify(session), secret, crypto);
-    return `${ciphertext}.${iv}`;
-};
-const createSession = async ({ secret, crypto }, cookie, setCookie) => {
-    const data = await unwrapSession(cookie, secret, crypto);
-    const getValues = async () => wrapSession(session, secret, crypto);
-    const session = {
-        ...data,
-        save: async () => {
-            setCookie?.(await getValues());
-        },
-        getValues,
-    };
-    return session;
-};
-
-exports.createSession = createSession;
-exports.unwrapSession = unwrapSession;
-exports.wrapSession = wrapSession;

package/lib/src/session.d.ts

@@ -1,9 +0,0 @@
-import { type SessionData, type Session } from './types';
-export declare const unwrapSession: (cookie: string, secret: string, crypto: Crypto) => Promise<SessionData>;
-export declare const wrapSession: (session: SessionData, secret: string, crypto: Crypto) => Promise<string>;
-type SessionConfigs = {
-    secret: string;
-    crypto: Crypto;
-};
-export declare const createSession: ({ secret, crypto }: SessionConfigs, cookie: string, setCookie?: ((value: string) => void) | undefined) => Promise<Session>;
-export {};

package/lib/src/session.js

@@ -1,69 +0,0 @@
-async function getKeyFromPassword(password, crypto) {
-    const encoder = new TextEncoder();
-    const data = encoder.encode(password);
-    const hash = await crypto.subtle.digest('SHA-256', data);
-    // Convert the hash to a hex string
-    return Array.from(new Uint8Array(hash))
-        .map((byte) => byte.toString(16).padStart(2, '0'))
-        .join('');
-}
-async function encrypt(text, password, crypto) {
-    const iv = crypto.getRandomValues(new Uint8Array(12));
-    const encodedPlaintext = new TextEncoder().encode(text);
-    const secretKey = await crypto.subtle.importKey('raw', Buffer.from(await getKeyFromPassword(password, crypto), 'hex'), {
-        name: 'AES-GCM',
-        length: 256,
-    }, true, ['encrypt', 'decrypt']);
-    const ciphertext = await crypto.subtle.encrypt({
-        name: 'AES-GCM',
-        iv,
-    }, secretKey, encodedPlaintext);
-    return {
-        ciphertext: Buffer.from(ciphertext).toString('base64'),
-        iv: Buffer.from(iv).toString('base64'),
-    };
-}
-async function decrypt(ciphertext, iv, password, crypto) {
-    const secretKey = await crypto.subtle.importKey('raw', Buffer.from(await getKeyFromPassword(password, crypto), 'hex'), {
-        name: 'AES-GCM',
-        length: 256,
-    }, true, ['encrypt', 'decrypt']);
-    const cleartext = await crypto.subtle.decrypt({
-        name: 'AES-GCM',
-        iv: Buffer.from(iv, 'base64'),
-    }, secretKey, Buffer.from(ciphertext, 'base64'));
-    return new TextDecoder().decode(cleartext);
-}
-const unwrapSession = async (cookie, secret, crypto) => {
-    try {
-        const [ciphertext, iv] = cookie.split('.');
-        if (!ciphertext || !iv) {
-            return {};
-        }
-        const decrypted = await decrypt(ciphertext, iv, secret, crypto);
-        // eslint-disable-next-line no-restricted-syntax
-        return JSON.parse(decrypted);
-    }
-    catch {
-        // Ignore invalid session
-    }
-    return {};
-};
-const wrapSession = async (session, secret, crypto) => {
-    const { ciphertext, iv } = await encrypt(JSON.stringify(session), secret, crypto);
-    return `${ciphertext}.${iv}`;
-};
-const createSession = async ({ secret, crypto }, cookie, setCookie) => {
-    const data = await unwrapSession(cookie, secret, crypto);
-    const getValues = async () => wrapSession(session, secret, crypto);
-    const session = {
-        ...data,
-        save: async () => {
-            setCookie?.(await getValues());
-        },
-        getValues,
-    };
-    return session;
-};
-
-export { createSession, unwrapSession, wrapSession };

package/lib/src/session.test.d.ts

@@ -1 +0,0 @@
-export {};