@meistrari/auth-nuxt 3.9.1 → 3.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/module.json +1 -1
- package/dist/module.mjs +5 -0
- package/dist/runtime/composables/application/auth.d.ts +6 -0
- package/dist/runtime/composables/application/auth.js +6 -18
- package/dist/runtime/composables/application/organization.d.ts +1 -0
- package/dist/runtime/composables/application/organization.js +11 -1
- package/dist/runtime/composables/session-assurance.d.ts +13 -0
- package/dist/runtime/composables/session-assurance.js +35 -0
- package/dist/runtime/composables/state.d.ts +2 -1
- package/dist/runtime/composables/state.js +3 -1
- package/dist/runtime/plugins/application-token-refresh.js +10 -6
- package/dist/runtime/server/routes/auth/refresh.d.ts +2 -1
- package/dist/runtime/server/routes/auth/refresh.js +3 -2
- package/dist/runtime/server/routes/auth/switch-organization.d.ts +2 -1
- package/dist/runtime/server/routes/auth/switch-organization.js +3 -2
- package/dist/runtime/server/routes/auth/whoami.d.ts +2 -1
- package/dist/runtime/server/routes/auth/whoami.js +3 -2
- package/package.json +2 -2
package/dist/module.json
CHANGED
package/dist/module.mjs
CHANGED
|
@@ -100,6 +100,11 @@ const module$1 = defineNuxtModule({
|
|
|
100
100
|
as: "useTelaSession",
|
|
101
101
|
from: resolver.resolve("runtime/composables/session")
|
|
102
102
|
});
|
|
103
|
+
addImports({
|
|
104
|
+
name: "useTelaSessionAssurance",
|
|
105
|
+
as: "useTelaSessionAssurance",
|
|
106
|
+
from: resolver.resolve("runtime/composables/session-assurance")
|
|
107
|
+
});
|
|
103
108
|
addImports({
|
|
104
109
|
name: "useTelaOrganization",
|
|
105
110
|
as: "useTelaOrganization",
|
|
@@ -38,7 +38,13 @@ export declare function useTelaApplicationAuth(): {
|
|
|
38
38
|
login: () => Promise<void>;
|
|
39
39
|
logout: () => Promise<void>;
|
|
40
40
|
initSession: () => Promise<void>;
|
|
41
|
+
/**
|
|
42
|
+
* @deprecated Use `useTelaOrganization().listOrganizations()` instead.
|
|
43
|
+
*/
|
|
41
44
|
getAvailableOrganizations: () => Promise<FullOrganization[]>;
|
|
45
|
+
/**
|
|
46
|
+
* @deprecated Use `useTelaOrganization().setActiveOrganization(organizationId)` instead.
|
|
47
|
+
*/
|
|
42
48
|
switchOrganization: (organizationId: string) => Promise<void>;
|
|
43
49
|
refreshToken: () => Promise<void>;
|
|
44
50
|
getToken: () => Promise<string | null | undefined>;
|
|
@@ -49,6 +49,7 @@ export function useTelaApplicationAuth() {
|
|
|
49
49
|
async function logout() {
|
|
50
50
|
state.user.value = null;
|
|
51
51
|
state.activeOrganization.value = null;
|
|
52
|
+
state.sessionAssurance.value = null;
|
|
52
53
|
await $fetch("/auth/logout", { method: "POST" });
|
|
53
54
|
}
|
|
54
55
|
async function refreshToken() {
|
|
@@ -58,6 +59,7 @@ export function useTelaApplicationAuth() {
|
|
|
58
59
|
});
|
|
59
60
|
state.user.value = result.user;
|
|
60
61
|
state.activeOrganization.value = result.organization;
|
|
62
|
+
state.sessionAssurance.value = result.assurance;
|
|
61
63
|
} catch (error) {
|
|
62
64
|
console.error("[Auth Refresh] Failed to refresh token:", error);
|
|
63
65
|
throw new RefreshTokenExpiredError();
|
|
@@ -73,25 +75,10 @@ export function useTelaApplicationAuth() {
|
|
|
73
75
|
}
|
|
74
76
|
}
|
|
75
77
|
async function getAvailableOrganizations() {
|
|
76
|
-
|
|
77
|
-
return await useTelaOrganization().listOrganizations();
|
|
78
|
-
} catch (error) {
|
|
79
|
-
console.error("[Auth Orgs] Failed to list organizations:", error);
|
|
80
|
-
throw error;
|
|
81
|
-
}
|
|
78
|
+
return await useTelaOrganization().listOrganizations();
|
|
82
79
|
}
|
|
83
80
|
async function switchOrganization(organizationId) {
|
|
84
|
-
|
|
85
|
-
const result = await $fetch("/auth/switch-organization", {
|
|
86
|
-
method: "POST",
|
|
87
|
-
body: { organizationId }
|
|
88
|
-
});
|
|
89
|
-
state.user.value = result.user;
|
|
90
|
-
state.activeOrganization.value = result.organization;
|
|
91
|
-
} catch (error) {
|
|
92
|
-
console.error("[Auth Switch Org] Failed to switch organization:", error);
|
|
93
|
-
throw error;
|
|
94
|
-
}
|
|
81
|
+
await useTelaOrganization().setActiveOrganization(organizationId);
|
|
95
82
|
}
|
|
96
83
|
async function getToken() {
|
|
97
84
|
const shouldRefresh = accessTokenCookie.value ? willTokenExpireIn(accessTokenCookie.value, ONE_MINUTE * 2) : true;
|
|
@@ -101,7 +88,8 @@ export function useTelaApplicationAuth() {
|
|
|
101
88
|
return accessTokenCookie.value;
|
|
102
89
|
}
|
|
103
90
|
return {
|
|
104
|
-
|
|
91
|
+
user: state.user,
|
|
92
|
+
activeOrganization: state.activeOrganization,
|
|
105
93
|
login,
|
|
106
94
|
logout,
|
|
107
95
|
/**
|
|
@@ -6,6 +6,7 @@ export interface UseTelaApplicationOrganizationReturn {
|
|
|
6
6
|
getActiveOrganization: () => Promise<FullOrganization | undefined>;
|
|
7
7
|
getAvailableOrganizations: () => Promise<FullOrganization[]>;
|
|
8
8
|
listOrganizations: () => Promise<FullOrganization[]>;
|
|
9
|
+
setActiveOrganization: (id: string) => Promise<void>;
|
|
9
10
|
listMembers: (options?: ListMembersOptions) => Promise<Member[]>;
|
|
10
11
|
getActiveMember: () => Promise<Member>;
|
|
11
12
|
inviteUserToOrganization: (options: InviteUserToOrganizationOptions) => Promise<Invitation>;
|
|
@@ -2,7 +2,7 @@ import { useCookie, useRequestURL } from "#app";
|
|
|
2
2
|
import { createNuxtAuthClient } from "../../shared.js";
|
|
3
3
|
import { useApplicationSessionState, useOrganizationState } from "../state.js";
|
|
4
4
|
export function useTelaOrganization() {
|
|
5
|
-
const { activeOrganization } = useApplicationSessionState();
|
|
5
|
+
const { activeOrganization, sessionAssurance, user } = useApplicationSessionState();
|
|
6
6
|
const { activeMember } = useOrganizationState();
|
|
7
7
|
const requestUrl = useRequestURL();
|
|
8
8
|
const accessToken = useCookie("tela-access-token");
|
|
@@ -21,6 +21,15 @@ export function useTelaOrganization() {
|
|
|
21
21
|
async function listOrganizations() {
|
|
22
22
|
return await authClient.organization.listOrganizations();
|
|
23
23
|
}
|
|
24
|
+
async function setActiveOrganization(id) {
|
|
25
|
+
const result = await $fetch("/auth/switch-organization", {
|
|
26
|
+
method: "POST",
|
|
27
|
+
body: { organizationId: id }
|
|
28
|
+
});
|
|
29
|
+
user.value = result.user;
|
|
30
|
+
activeOrganization.value = result.organization;
|
|
31
|
+
sessionAssurance.value = result.assurance;
|
|
32
|
+
}
|
|
24
33
|
async function listMembers(options) {
|
|
25
34
|
return await authClient.organization.listMembers(options);
|
|
26
35
|
}
|
|
@@ -125,6 +134,7 @@ export function useTelaOrganization() {
|
|
|
125
134
|
getActiveOrganization,
|
|
126
135
|
getAvailableOrganizations,
|
|
127
136
|
listOrganizations,
|
|
137
|
+
setActiveOrganization,
|
|
128
138
|
listMembers,
|
|
129
139
|
getActiveMember,
|
|
130
140
|
inviteUserToOrganization,
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { BeginOAuthStepUpParams, OAuthCompleteStepUpResponse, SendOtpResponse, SessionAssuranceResponse } from '@meistrari/auth-core';
|
|
2
|
+
export interface UseTelaSessionAssuranceReturn {
|
|
3
|
+
get: () => Promise<SessionAssuranceResponse>;
|
|
4
|
+
stepUpWithPassword: (password: string) => Promise<SessionAssuranceResponse>;
|
|
5
|
+
sendOtp: () => Promise<SendOtpResponse>;
|
|
6
|
+
verifyOtp: (otp: string) => Promise<SessionAssuranceResponse>;
|
|
7
|
+
beginOAuthStepUp: (params: BeginOAuthStepUpParams) => Promise<{
|
|
8
|
+
stepUpToken: string;
|
|
9
|
+
callbackURL: string;
|
|
10
|
+
}>;
|
|
11
|
+
completeOAuthStepUp: (token: string) => Promise<OAuthCompleteStepUpResponse>;
|
|
12
|
+
}
|
|
13
|
+
export declare function useTelaSessionAssurance(): UseTelaSessionAssuranceReturn;
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import { useCookie, useRuntimeConfig } from "#app";
|
|
2
|
+
import { createNuxtAuthClient } from "../shared.js";
|
|
3
|
+
export function useTelaSessionAssurance() {
|
|
4
|
+
const { jwtCookieName, apiUrl } = useRuntimeConfig().public.telaAuth;
|
|
5
|
+
const tokenCookie = useCookie(jwtCookieName);
|
|
6
|
+
const authClient = createNuxtAuthClient(apiUrl, () => tokenCookie.value ?? null);
|
|
7
|
+
const callbackSessionClient = createNuxtAuthClient(apiUrl, () => null);
|
|
8
|
+
async function refreshTokenCookie(client = authClient) {
|
|
9
|
+
const { token } = await client.session.getToken();
|
|
10
|
+
tokenCookie.value = token;
|
|
11
|
+
}
|
|
12
|
+
async function stepUpWithPassword(password) {
|
|
13
|
+
const result = await authClient.sessionAssurance.stepUpWithPassword(password);
|
|
14
|
+
await refreshTokenCookie();
|
|
15
|
+
return result;
|
|
16
|
+
}
|
|
17
|
+
async function verifyOtp(otp) {
|
|
18
|
+
const result = await authClient.sessionAssurance.verifyOtp(otp);
|
|
19
|
+
await refreshTokenCookie();
|
|
20
|
+
return result;
|
|
21
|
+
}
|
|
22
|
+
async function completeOAuthStepUp(token) {
|
|
23
|
+
const result = await callbackSessionClient.sessionAssurance.completeOAuthStepUp(token);
|
|
24
|
+
await refreshTokenCookie(callbackSessionClient);
|
|
25
|
+
return result;
|
|
26
|
+
}
|
|
27
|
+
return {
|
|
28
|
+
get: () => authClient.sessionAssurance.get(),
|
|
29
|
+
stepUpWithPassword,
|
|
30
|
+
sendOtp: () => authClient.sessionAssurance.sendOtp(),
|
|
31
|
+
verifyOtp,
|
|
32
|
+
beginOAuthStepUp: (params) => authClient.sessionAssurance.beginOAuthStepUp(params),
|
|
33
|
+
completeOAuthStepUp
|
|
34
|
+
};
|
|
35
|
+
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { Ref } from 'vue';
|
|
2
|
-
import type { FullOrganization, Session, User } from '@meistrari/auth-core';
|
|
2
|
+
import type { FullOrganization, JWTPayload, Session, User } from '@meistrari/auth-core';
|
|
3
3
|
/**
|
|
4
4
|
* Shared state for session management.
|
|
5
5
|
* This module provides access to session-related state without creating circular dependencies.
|
|
@@ -51,4 +51,5 @@ export declare function useOrganizationState(): {
|
|
|
51
51
|
export declare function useApplicationSessionState(): {
|
|
52
52
|
user: Ref<User | null>;
|
|
53
53
|
activeOrganization: Ref<FullOrganization | null>;
|
|
54
|
+
sessionAssurance: Ref<JWTPayload['assurance'] | null>;
|
|
54
55
|
};
|
|
@@ -18,8 +18,10 @@ export function useOrganizationState() {
|
|
|
18
18
|
export function useApplicationSessionState() {
|
|
19
19
|
const user = useState("user", () => null);
|
|
20
20
|
const activeOrganization = useState("activeOrganization", () => null);
|
|
21
|
+
const sessionAssurance = useState("sessionAssurance", () => null);
|
|
21
22
|
return {
|
|
22
23
|
user,
|
|
23
|
-
activeOrganization
|
|
24
|
+
activeOrganization,
|
|
25
|
+
sessionAssurance
|
|
24
26
|
};
|
|
25
27
|
}
|
|
@@ -43,18 +43,20 @@ export default defineNuxtPlugin({
|
|
|
43
43
|
isRefreshing = true;
|
|
44
44
|
try {
|
|
45
45
|
if (import.meta.server) {
|
|
46
|
-
const { accessToken, refreshToken: refreshToken2, user: user2, organization: organization2 } = await authClient.application.refreshAccessToken(refreshTokenCookie.value ?? "");
|
|
46
|
+
const { accessToken, refreshToken: refreshToken2, user: user2, organization: organization2, assurance: assurance2 } = await authClient.application.refreshAccessToken(refreshTokenCookie.value ?? "");
|
|
47
47
|
accessTokenCookie.value = accessToken;
|
|
48
48
|
refreshTokenCookie.value = refreshToken2;
|
|
49
49
|
state.user.value = user2;
|
|
50
50
|
state.activeOrganization.value = organization2;
|
|
51
|
+
state.sessionAssurance.value = assurance2;
|
|
51
52
|
return true;
|
|
52
53
|
}
|
|
53
|
-
const { user, organization } = await $fetch("/auth/refresh", {
|
|
54
|
+
const { user, organization, assurance } = await $fetch("/auth/refresh", {
|
|
54
55
|
method: "POST"
|
|
55
56
|
});
|
|
56
57
|
state.user.value = user;
|
|
57
58
|
state.activeOrganization.value = organization;
|
|
59
|
+
state.sessionAssurance.value = assurance;
|
|
58
60
|
return true;
|
|
59
61
|
} catch {
|
|
60
62
|
await sdkLogout();
|
|
@@ -75,6 +77,7 @@ export default defineNuxtPlugin({
|
|
|
75
77
|
accessTokenCookie.value = null;
|
|
76
78
|
state.user.value = null;
|
|
77
79
|
state.activeOrganization.value = null;
|
|
80
|
+
state.sessionAssurance.value = null;
|
|
78
81
|
}
|
|
79
82
|
function scheduleWorkerTimeout(delayMs, callback) {
|
|
80
83
|
if (refreshWorker) {
|
|
@@ -127,6 +130,7 @@ export default defineNuxtPlugin({
|
|
|
127
130
|
});
|
|
128
131
|
state.user.value = data.user;
|
|
129
132
|
state.activeOrganization.value = data.organization;
|
|
133
|
+
state.sessionAssurance.value = data.assurance;
|
|
130
134
|
} catch (error) {
|
|
131
135
|
console.error("[Tela Auth SDK] Failed to get user and organization:", error.message);
|
|
132
136
|
if (!refreshTokenCookie.value) {
|
|
@@ -134,11 +138,10 @@ export default defineNuxtPlugin({
|
|
|
134
138
|
logout();
|
|
135
139
|
return;
|
|
136
140
|
}
|
|
137
|
-
const refreshTokenValue = refreshTokenCookie.value;
|
|
138
141
|
try {
|
|
139
142
|
await refreshToken();
|
|
140
143
|
} catch (error2) {
|
|
141
|
-
console.error(
|
|
144
|
+
console.error("[Tela Auth SDK] Failed to refresh token:", error2.message);
|
|
142
145
|
logout();
|
|
143
146
|
}
|
|
144
147
|
}
|
|
@@ -147,7 +150,7 @@ export default defineNuxtPlugin({
|
|
|
147
150
|
try {
|
|
148
151
|
await refreshToken();
|
|
149
152
|
} catch (error) {
|
|
150
|
-
console.error(
|
|
153
|
+
console.error("[Tela Auth SDK] Failed to refresh token:", error.message);
|
|
151
154
|
logout();
|
|
152
155
|
}
|
|
153
156
|
}
|
|
@@ -156,11 +159,12 @@ export default defineNuxtPlugin({
|
|
|
156
159
|
if (import.meta.client) {
|
|
157
160
|
if (!state.user.value && accessTokenCookie.value) {
|
|
158
161
|
try {
|
|
159
|
-
const { user, organization } = await $fetch("/auth/whoami", {
|
|
162
|
+
const { user, organization, assurance } = await $fetch("/auth/whoami", {
|
|
160
163
|
method: "GET"
|
|
161
164
|
});
|
|
162
165
|
state.user.value = user;
|
|
163
166
|
state.activeOrganization.value = organization;
|
|
167
|
+
state.sessionAssurance.value = assurance;
|
|
164
168
|
} catch (error) {
|
|
165
169
|
console.error("[Tela Auth SDK] Failed to load user info on client startup:", error);
|
|
166
170
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { FullOrganization, User } from '@meistrari/auth-core';
|
|
1
|
+
import type { FullOrganization, JWTPayloadAssurance, User } from '@meistrari/auth-core';
|
|
2
2
|
/**
|
|
3
3
|
* Server route handler for token refresh
|
|
4
4
|
*
|
|
@@ -14,5 +14,6 @@ declare const _default: import("h3").EventHandler<import("h3").EventHandlerReque
|
|
|
14
14
|
success: boolean;
|
|
15
15
|
user: User;
|
|
16
16
|
organization: FullOrganization;
|
|
17
|
+
assurance: JWTPayloadAssurance;
|
|
17
18
|
}>>;
|
|
18
19
|
export default _default;
|
|
@@ -18,7 +18,7 @@ export default defineEventHandler(async (event) => {
|
|
|
18
18
|
() => null,
|
|
19
19
|
() => refreshToken
|
|
20
20
|
);
|
|
21
|
-
const { accessToken, refreshToken: newRefreshToken, user, organization } = await authClient.application.refreshAccessToken(refreshToken);
|
|
21
|
+
const { accessToken, refreshToken: newRefreshToken, user, organization, assurance } = await authClient.application.refreshAccessToken(refreshToken);
|
|
22
22
|
setCookie(event, "tela-access-token", accessToken, {
|
|
23
23
|
secure: !import.meta.dev,
|
|
24
24
|
sameSite: "lax",
|
|
@@ -39,7 +39,8 @@ export default defineEventHandler(async (event) => {
|
|
|
39
39
|
return {
|
|
40
40
|
success: true,
|
|
41
41
|
user,
|
|
42
|
-
organization
|
|
42
|
+
organization,
|
|
43
|
+
assurance
|
|
43
44
|
};
|
|
44
45
|
} catch (error) {
|
|
45
46
|
console.error("[Auth Refresh] Token refresh error:", error);
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { FullOrganization, User } from '@meistrari/auth-core';
|
|
1
|
+
import type { FullOrganization, JWTPayloadAssurance, User } from '@meistrari/auth-core';
|
|
2
2
|
/**
|
|
3
3
|
* Server route handler for switching organizations
|
|
4
4
|
*
|
|
@@ -15,5 +15,6 @@ declare const _default: import("h3").EventHandler<import("h3").EventHandlerReque
|
|
|
15
15
|
success: boolean;
|
|
16
16
|
user: User;
|
|
17
17
|
organization: FullOrganization;
|
|
18
|
+
assurance: JWTPayloadAssurance;
|
|
18
19
|
}>>;
|
|
19
20
|
export default _default;
|
|
@@ -25,7 +25,7 @@ export default defineEventHandler(async (event) => {
|
|
|
25
25
|
authConfig.apiUrl,
|
|
26
26
|
() => accessToken
|
|
27
27
|
);
|
|
28
|
-
const { accessToken: newAccessToken, refreshToken: newRefreshToken, user, organization } = await authClient.application.switchOrganization(body.organizationId, accessToken);
|
|
28
|
+
const { accessToken: newAccessToken, refreshToken: newRefreshToken, user, organization, assurance } = await authClient.application.switchOrganization(body.organizationId, accessToken);
|
|
29
29
|
setCookie(event, "tela-access-token", newAccessToken, {
|
|
30
30
|
secure: !import.meta.dev,
|
|
31
31
|
sameSite: "lax",
|
|
@@ -46,7 +46,8 @@ export default defineEventHandler(async (event) => {
|
|
|
46
46
|
return {
|
|
47
47
|
success: true,
|
|
48
48
|
user,
|
|
49
|
-
organization
|
|
49
|
+
organization,
|
|
50
|
+
assurance
|
|
50
51
|
};
|
|
51
52
|
} catch (error) {
|
|
52
53
|
console.error("[Auth Switch Org] Failed to switch organization:", error);
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { FullOrganization, User } from '@meistrari/auth-core';
|
|
1
|
+
import type { FullOrganization, JWTPayloadAssurance, User } from '@meistrari/auth-core';
|
|
2
2
|
/**
|
|
3
3
|
* Server route handler for retrieving the current user and active organization
|
|
4
4
|
*
|
|
@@ -11,5 +11,6 @@ declare const _default: import("h3").EventHandler<import("h3").EventHandlerReque
|
|
|
11
11
|
success: boolean;
|
|
12
12
|
user: User;
|
|
13
13
|
organization: FullOrganization;
|
|
14
|
+
assurance: JWTPayloadAssurance;
|
|
14
15
|
}>>;
|
|
15
16
|
export default _default;
|
|
@@ -14,13 +14,14 @@ export default defineEventHandler(async (event) => {
|
|
|
14
14
|
});
|
|
15
15
|
}
|
|
16
16
|
try {
|
|
17
|
-
const { user, organization } = await authClient.application.whoAmI(accessToken, {
|
|
17
|
+
const { user, organization, assurance } = await authClient.application.whoAmI(accessToken, {
|
|
18
18
|
include: ["members", "teams", "invitations"]
|
|
19
19
|
});
|
|
20
20
|
return {
|
|
21
21
|
success: true,
|
|
22
22
|
user,
|
|
23
|
-
organization
|
|
23
|
+
organization,
|
|
24
|
+
assurance
|
|
24
25
|
};
|
|
25
26
|
} catch (error) {
|
|
26
27
|
console.error("[Auth WhoAmI] Failed to get user and organization:", error);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@meistrari/auth-nuxt",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.10.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"exports": {
|
|
6
6
|
".": {
|
|
@@ -36,7 +36,7 @@
|
|
|
36
36
|
"docs": "nuxt-module-build prepare && typedoc"
|
|
37
37
|
},
|
|
38
38
|
"dependencies": {
|
|
39
|
-
"@meistrari/auth-core": "1.
|
|
39
|
+
"@meistrari/auth-core": "1.21.0",
|
|
40
40
|
"jose": "6.1.3"
|
|
41
41
|
},
|
|
42
42
|
"peerDependencies": {
|