npm - @propelauth/nextjs - Versions diffs - 0.0.118 → 0.0.120 - Mend

@propelauth/nextjs 0.0.118 → 0.0.120

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/client/index.d.ts +69 -2
package/dist/client/index.js +142 -8
package/dist/client/index.js.map +1 -1
package/dist/client/index.mjs +142 -8
package/dist/client/index.mjs.map +1 -1
package/dist/server/app-router/index.d.ts +73 -4
package/dist/server/app-router/index.js +266 -46
package/dist/server/app-router/index.js.map +1 -1
package/dist/server/app-router/index.mjs +265 -46
package/dist/server/app-router/index.mjs.map +1 -1
package/dist/server/index.d.ts +61 -1
package/dist/server/index.js +38 -13
package/dist/server/index.js.map +1 -1
package/dist/server/index.mjs +38 -13
package/dist/server/index.mjs.map +1 -1
package/dist/server/pages/index.d.ts +61 -1
package/dist/server/pages/index.js +53 -21
package/dist/server/pages/index.js.map +1 -1
package/dist/server/pages/index.mjs +53 -21
package/dist/server/pages/index.mjs.map +1 -1
package/package.json +1 -1

package/dist/server/app-router/index.js CHANGED Viewed

@@ -54,6 +54,7 @@ __export(app_router_index_exports, {
   UnauthorizedException: () => UnauthorizedException,
   authMiddleware: () => authMiddleware,
   getAccessToken: () => getAccessToken,
+  getCurrentUrl: () => getCurrentUrl,
   getRouteHandlers: () => getRouteHandlers,
   getUser: () => getUser,
   getUserOrRedirect: () => getUserOrRedirect
@@ -108,8 +109,9 @@ function toLoginMethod(snake_case) {
 // src/user.ts
 var UserFromToken = class {
-  constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) {
+  constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
     this.userId = userId;
+    this.activeOrgId = activeOrgId;
     this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
     this.email = email;
     this.firstName = firstName;
@@ -120,6 +122,15 @@ var UserFromToken = class {
     this.properties = properties;
     this.loginMethod = loginMethod;
   }
+  getActiveOrg() {
+    if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
+      return void 0;
+    }
+    return this.orgIdToOrgMemberInfo[this.activeOrgId];
+  }
+  getActiveOrgId() {
+    return this.activeOrgId;
+  }
   getOrg(orgId) {
     if (!this.orgIdToOrgMemberInfo) {
       return void 0;
@@ -164,9 +175,35 @@ var UserFromToken = class {
       obj.legacyUserId,
       obj.impersonatorUserId,
       obj.properties,
+      obj.activeOrgId,
       obj.loginMethod
     );
   }
+  static fromJwtPayload(payload) {
+    let activeOrgId;
+    let orgIdToOrgMemberInfo;
+    if (payload.org_member_info) {
+      activeOrgId = payload.org_member_info.org_id;
+      orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
+    } else {
+      activeOrgId = void 0;
+      orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
+    }
+    const loginMethod = toLoginMethod(payload.login_method);
+    return new UserFromToken(
+      payload.user_id,
+      payload.email,
+      orgIdToOrgMemberInfo,
+      payload.first_name,
+      payload.last_name,
+      payload.username,
+      payload.legacy_user_id,
+      payload.impersonatorUserId,
+      payload.properties,
+      activeOrgId,
+      loginMethod
+    );
+  }
 };
 var OrgMemberInfo = class {
   constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -215,18 +252,7 @@ var OrgMemberInfo = class {
   }
 };
 function toUser(snake_case) {
-  return new UserFromToken(
-    snake_case.user_id,
-    snake_case.email,
-    toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
-    snake_case.first_name,
-    snake_case.last_name,
-    snake_case.username,
-    snake_case.legacy_user_id,
-    snake_case.impersonatorUserId,
-    snake_case.properties,
-    toLoginMethod(snake_case.login_method)
-  );
+  return UserFromToken.fromJwtPayload(snake_case);
 }
 function toOrgIdToOrgMemberInfo(snake_case) {
   if (snake_case === void 0) {
@@ -260,6 +286,7 @@ var ACCESS_TOKEN_COOKIE_NAME = "__pa_at";
 var REFRESH_TOKEN_COOKIE_NAME = "__pa_rt";
 var STATE_COOKIE_NAME = "__pa_state";
 var CUSTOM_HEADER_FOR_ACCESS_TOKEN = "x-propelauth-access-token";
+var CUSTOM_HEADER_FOR_URL = "x-propelauth-current-url";
 var RETURN_TO_PATH_COOKIE_NAME = "__pa_return_to_path";
 var COOKIE_OPTIONS = {
   httpOnly: true,
@@ -298,12 +325,17 @@ function getVerifierKey() {
   }
   return verifierKey.replace(/\\n/g, "\n");
 }
-function refreshTokenWithAccessAndRefreshToken(refreshToken) {
+function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
   return __async(this, null, function* () {
     const body = {
       refresh_token: refreshToken
     };
-    const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
+    const queryParams = new URLSearchParams();
+    if (activeOrgId) {
+      queryParams.set("with_active_org_support", "true");
+      queryParams.set("active_org_id", activeOrgId);
+    }
+    const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
     const response = yield fetch(url, {
       method: "POST",
       body: JSON.stringify(body),
@@ -315,10 +347,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
     if (response.ok) {
       const data = yield response.json();
       const newRefreshToken = data.refresh_token;
-      const {
-        access_token: accessToken,
-        expires_at_seconds: expiresAtSeconds
-      } = data.access_token;
+      const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
       return {
         refreshToken: newRefreshToken,
         accessToken,
@@ -379,22 +408,24 @@ function validateAccessToken(accessToken) {
   });
 }
+// src/shared.ts
+var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
 // src/server/app-router.ts
-function getUserOrRedirect() {
+function getUserOrRedirect(redirectOptions) {
   return __async(this, null, function* () {
     const user = yield getUser();
     if (user) {
       return user;
     } else {
-      (0, import_navigation.redirect)(LOGIN_PATH);
+      redirectToLogin(redirectOptions);
       throw new Error("Redirecting to login");
     }
   });
 }
 function getUser() {
   return __async(this, null, function* () {
-    var _a;
-    const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
+    const accessToken = getAccessToken();
     if (accessToken) {
       const user = yield validateAccessTokenOrUndefined(accessToken);
       if (user) {
@@ -405,50 +436,57 @@ function getUser() {
   });
 }
 function getAccessToken() {
-  return __async(this, null, function* () {
-    var _a;
-    return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
-  });
+  var _a;
+  return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
 }
 function authMiddleware(req) {
   return __async(this, null, function* () {
-    var _a, _b;
+    var _a, _b, _c;
     if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
       throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
+    } else if (req.headers.has(CUSTOM_HEADER_FOR_URL)) {
+      throw new Error(`${CUSTOM_HEADER_FOR_URL} is set which is for internal use only`);
     } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
-      return import_server.NextResponse.next();
+      return getNextResponse(req);
     }
     const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
     const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
+    const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
     if (accessToken) {
       const user = yield validateAccessTokenOrUndefined(accessToken);
       if (user) {
-        return import_server.NextResponse.next();
+        return getNextResponse(req);
       }
     }
     if (refreshToken) {
-      const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
+      const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
       if (response.error === "unexpected") {
         throw new Error("Unexpected error while refreshing access token");
       } else if (response.error === "unauthorized") {
-        const response2 = import_server.NextResponse.next();
+        const response2 = getNextResponse(req);
         response2.cookies.delete(ACCESS_TOKEN_COOKIE_NAME);
         response2.cookies.delete(REFRESH_TOKEN_COOKIE_NAME);
         return response2;
       } else {
-        const headers2 = new Headers(req.headers);
-        headers2.append(CUSTOM_HEADER_FOR_ACCESS_TOKEN, response.accessToken);
-        const nextResponse = import_server.NextResponse.next({
-          request: {
-            headers: headers2
-          }
-        });
+        const nextResponse = getNextResponse(req, response.accessToken);
         nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
         nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
         return nextResponse;
       }
     }
-    return import_server.NextResponse.next();
+    return getNextResponse(req);
+  });
+}
+function getNextResponse(request, newAccessToken) {
+  const headers2 = new Headers(request.headers);
+  headers2.set(CUSTOM_HEADER_FOR_URL, request.nextUrl.toString());
+  if (newAccessToken) {
+    headers2.set(CUSTOM_HEADER_FOR_ACCESS_TOKEN, newAccessToken);
+  }
+  return import_server.NextResponse.next({
+    request: {
+      headers: headers2
+    }
   });
 }
 function getRouteHandlers(args) {
@@ -488,7 +526,7 @@ function getRouteHandlers(args) {
   }
   function callbackGetHandler(req) {
     return __async(this, null, function* () {
-      var _a, _b;
+      var _a, _b, _c;
       const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
       if (!oauthState || oauthState.length !== 64) {
         return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -524,6 +562,49 @@ function getRouteHandlers(args) {
           console.error("postLoginRedirectPathFn returned undefined");
           return new Response("Unexpected error", { status: 500 });
         }
+        const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
+        const user = yield validateAccessToken(accessToken);
+        const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
+        let activeOrgId = void 0;
+        if (isUserInCurrentActiveOrg) {
+          activeOrgId = currentActiveOrgId;
+        } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
+          activeOrgId = args.getDefaultActiveOrgId(req, user);
+        }
+        if (activeOrgId) {
+          const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
+          if (response2.error === "unexpected") {
+            throw new Error("Unexpected error while setting active org");
+          } else if (response2.error === "unauthorized") {
+            console.error(
+              "Unauthorized error while setting active org. Your user may not have access to this org"
+            );
+            return new Response("Unauthorized", { status: 401 });
+          } else {
+            const headers3 = new Headers();
+            headers3.append("Location", returnToPath);
+            headers3.append(
+              "Set-Cookie",
+              `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
+            );
+            headers3.append(
+              "Set-Cookie",
+              `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
+            );
+            headers3.append(
+              "Set-Cookie",
+              `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
+            );
+            headers3.append(
+              "Set-Cookie",
+              `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+            );
+            return new Response(null, {
+              status: 302,
+              headers: headers3
+            });
+          }
+        }
         const headers2 = new Headers();
         headers2.append("Location", returnToPath);
         headers2.append(
@@ -534,6 +615,10 @@ function getRouteHandlers(args) {
           "Set-Cookie",
           `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
         );
+        headers2.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+        );
         headers2.append(
           "Set-Cookie",
           `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -554,10 +639,11 @@ function getRouteHandlers(args) {
   }
   function userinfoGetHandler(req) {
     return __async(this, null, function* () {
-      var _a;
+      var _a, _b;
       const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
+      const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
       if (oldRefreshToken) {
-        const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
+        const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
         if (refreshResponse.error === "unexpected") {
           throw new Error("Unexpected error while refreshing access token");
         } else if (refreshResponse.error === "unauthorized") {
@@ -570,6 +656,10 @@ function getRouteHandlers(args) {
             "Set-Cookie",
             `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
           );
+          headers3.append(
+            "Set-Cookie",
+            `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+          );
           return new Response("Unauthorized", { status: 401, headers: headers3 });
         }
         const refreshToken = refreshResponse.refreshToken;
@@ -588,7 +678,8 @@ function getRouteHandlers(args) {
           const jsonResponse = {
             userinfo: data,
             accessToken,
-            impersonatorUserId: userFromToken.impersonatorUserId
+            impersonatorUserId: userFromToken.impersonatorUserId,
+            activeOrgId
           };
           const headers3 = new Headers();
           headers3.append(
@@ -614,6 +705,10 @@ function getRouteHandlers(args) {
             "Set-Cookie",
             `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
           );
+          headers3.append(
+            "Set-Cookie",
+            `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+          );
           return new Response(null, {
             status: 401,
             headers: headers3
@@ -625,12 +720,13 @@ function getRouteHandlers(args) {
       const headers2 = new Headers();
       headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
       headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+      headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
       return new Response(null, { status: 401 });
     });
   }
   function logoutGetHandler(req) {
     return __async(this, null, function* () {
-      var _a;
+      var _a, _b;
       const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
       if (!path) {
         console.error("postLoginPathFn returned undefined");
@@ -648,12 +744,17 @@ function getRouteHandlers(args) {
           "Set-Cookie",
           `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
         );
+        headers2.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+        );
         return new Response(null, {
           status: 302,
           headers: headers2
         });
       }
-      const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
+      const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
+      const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
       if (refreshResponse.error === "unexpected") {
         console.error("Unexpected error while refreshing access token");
         return new Response("Unexpected error", { status: 500 });
@@ -668,6 +769,10 @@ function getRouteHandlers(args) {
           "Set-Cookie",
           `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
         );
+        headers2.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+        );
         return new Response(null, {
           status: 302,
           headers: headers2
@@ -696,6 +801,10 @@ function getRouteHandlers(args) {
           "Set-Cookie",
           `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
         );
+        headers3.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+        );
         return new Response(null, { status: 200, headers: headers3 });
       }
       const authUrlOrigin = getAuthUrlOrigin();
@@ -720,9 +829,78 @@ function getRouteHandlers(args) {
       const headers2 = new Headers();
       headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
       headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+      headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
       return new Response(null, { status: 200, headers: headers2 });
     });
   }
+  function setActiveOrgHandler(req) {
+    return __async(this, null, function* () {
+      var _a;
+      const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
+      const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
+      if (!oldRefreshToken) {
+        const headers2 = new Headers();
+        headers2.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+        );
+        return new Response(null, { status: 401, headers: headers2 });
+      }
+      if (!activeOrgId) {
+        return new Response(null, { status: 400 });
+      }
+      const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
+      if (refreshResponse.error === "unexpected") {
+        throw new Error("Unexpected error while setting active org id");
+      } else if (refreshResponse.error === "unauthorized") {
+        return new Response("Unauthorized", { status: 401 });
+      }
+      const refreshToken = refreshResponse.refreshToken;
+      const accessToken = refreshResponse.accessToken;
+      const authUrlOrigin = getAuthUrlOrigin();
+      const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
+      const response = yield fetch(path, {
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: "Bearer " + accessToken
+        }
+      });
+      if (response.ok) {
+        const userFromToken = yield validateAccessToken(accessToken);
+        const data = yield response.json();
+        const jsonResponse = {
+          userinfo: data,
+          accessToken,
+          impersonatorUserId: userFromToken.impersonatorUserId,
+          activeOrgId
+        };
+        const headers2 = new Headers();
+        headers2.append(
+          "Set-Cookie",
+          `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
+        );
+        headers2.append(
+          "Set-Cookie",
+          `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
+        );
+        headers2.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
+        );
+        headers2.append("Content-Type", "application/json");
+        return new Response(JSON.stringify(jsonResponse), {
+          status: 200,
+          headers: headers2
+        });
+      } else if (response.status === 401) {
+        return new Response(null, {
+          status: 401
+        });
+      } else {
+        return new Response(null, { status: 500 });
+      }
+    });
+  }
   function getRouteHandler(req, { params }) {
     if (params.slug === "login") {
       return loginGetHandler(req);
@@ -741,6 +919,8 @@ function getRouteHandlers(args) {
   function postRouteHandler(req, { params }) {
     if (params.slug === "logout") {
       return logoutPostHandler(req);
+    } else if (params.slug === "set-active-org") {
+      return setActiveOrgHandler(req);
     } else {
       return new Response("", { status: 404 });
     }
@@ -754,12 +934,52 @@ function randomState() {
   const randomBytes = crypto.getRandomValues(new Uint8Array(32));
   return Array.from(randomBytes).map((b) => b.toString(16).padStart(2, "0")).join("");
 }
+function redirectToLogin(redirectOptions) {
+  if (!redirectOptions) {
+    (0, import_navigation.redirect)(LOGIN_PATH);
+  } else if (redirectOptions.returnToPath) {
+    const loginPath = LOGIN_PATH + "?return_to_path=" + encodeURI(redirectOptions.returnToPath);
+    (0, import_navigation.redirect)(loginPath);
+  } else if (redirectOptions.returnToCurrentPath) {
+    const encodedPath = getUrlEncodedRedirectPathForCurrentUrl();
+    if (encodedPath) {
+      const loginPath = LOGIN_PATH + "?return_to_path=" + encodedPath;
+      (0, import_navigation.redirect)(loginPath);
+    } else {
+      console.warn("Could not get current URL to redirect to");
+      (0, import_navigation.redirect)(LOGIN_PATH);
+    }
+  }
+}
+function getUrlEncodedRedirectPathForCurrentUrl() {
+  const url = getCurrentUrl();
+  if (!url) {
+    return void 0;
+  }
+  try {
+    const urlObj = new URL(url);
+    return encodeURIComponent(urlObj.pathname + urlObj.search);
+  } catch (e) {
+    console.warn("Current URL is not a valid URL");
+    return void 0;
+  }
+}
+function getCurrentUrl() {
+  const url = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_URL);
+  if (!url) {
+    console.warn("Attempting to redirect to the current URL, but we could not find the current URL in the headers. Is the middleware set up?");
+    return void 0;
+  } else {
+    return url;
+  }
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ConfigurationException,
   UnauthorizedException,
   authMiddleware,
   getAccessToken,
+  getCurrentUrl,
   getRouteHandlers,
   getUser,
   getUserOrRedirect