@propelauth/nextjs 0.0.118 → 0.0.120

package/dist/server/app-router/index.mjs

@@ -67,8 +67,9 @@ function toLoginMethod(snake_case) {
 
 // src/user.ts
 var UserFromToken = class {
-  constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) {
+  constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
     this.userId = userId;
+    this.activeOrgId = activeOrgId;
     this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
     this.email = email;
     this.firstName = firstName;
@@ -79,6 +80,15 @@ var UserFromToken = class {
     this.properties = properties;
     this.loginMethod = loginMethod;
   }
+  getActiveOrg() {
+    if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
+      return void 0;
+    }
+    return this.orgIdToOrgMemberInfo[this.activeOrgId];
+  }
+  getActiveOrgId() {
+    return this.activeOrgId;
+  }
   getOrg(orgId) {
     if (!this.orgIdToOrgMemberInfo) {
       return void 0;
@@ -123,9 +133,35 @@ var UserFromToken = class {
       obj.legacyUserId,
       obj.impersonatorUserId,
       obj.properties,
+      obj.activeOrgId,
       obj.loginMethod
     );
   }
+  static fromJwtPayload(payload) {
+    let activeOrgId;
+    let orgIdToOrgMemberInfo;
+    if (payload.org_member_info) {
+      activeOrgId = payload.org_member_info.org_id;
+      orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
+    } else {
+      activeOrgId = void 0;
+      orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
+    }
+    const loginMethod = toLoginMethod(payload.login_method);
+    return new UserFromToken(
+      payload.user_id,
+      payload.email,
+      orgIdToOrgMemberInfo,
+      payload.first_name,
+      payload.last_name,
+      payload.username,
+      payload.legacy_user_id,
+      payload.impersonatorUserId,
+      payload.properties,
+      activeOrgId,
+      loginMethod
+    );
+  }
 };
 var OrgMemberInfo = class {
   constructor(orgId, orgName, orgMetadata, urlSafeOrgName, userAssignedRole, userInheritedRolesPlusCurrentRole, userPermissions) {
@@ -174,18 +210,7 @@ var OrgMemberInfo = class {
   }
 };
 function toUser(snake_case) {
-  return new UserFromToken(
-    snake_case.user_id,
-    snake_case.email,
-    toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
-    snake_case.first_name,
-    snake_case.last_name,
-    snake_case.username,
-    snake_case.legacy_user_id,
-    snake_case.impersonatorUserId,
-    snake_case.properties,
-    toLoginMethod(snake_case.login_method)
-  );
+  return UserFromToken.fromJwtPayload(snake_case);
 }
 function toOrgIdToOrgMemberInfo(snake_case) {
   if (snake_case === void 0) {
@@ -219,6 +244,7 @@ var ACCESS_TOKEN_COOKIE_NAME = "__pa_at";
 var REFRESH_TOKEN_COOKIE_NAME = "__pa_rt";
 var STATE_COOKIE_NAME = "__pa_state";
 var CUSTOM_HEADER_FOR_ACCESS_TOKEN = "x-propelauth-access-token";
+var CUSTOM_HEADER_FOR_URL = "x-propelauth-current-url";
 var RETURN_TO_PATH_COOKIE_NAME = "__pa_return_to_path";
 var COOKIE_OPTIONS = {
   httpOnly: true,
@@ -257,12 +283,17 @@ function getVerifierKey() {
   }
   return verifierKey.replace(/\\n/g, "\n");
 }
-function refreshTokenWithAccessAndRefreshToken(refreshToken) {
+function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
   return __async(this, null, function* () {
     const body = {
       refresh_token: refreshToken
     };
-    const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`;
+    const queryParams = new URLSearchParams();
+    if (activeOrgId) {
+      queryParams.set("with_active_org_support", "true");
+      queryParams.set("active_org_id", activeOrgId);
+    }
+    const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
     const response = yield fetch(url, {
       method: "POST",
       body: JSON.stringify(body),
@@ -274,10 +305,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
     if (response.ok) {
       const data = yield response.json();
       const newRefreshToken = data.refresh_token;
-      const {
-        access_token: accessToken,
-        expires_at_seconds: expiresAtSeconds
-      } = data.access_token;
+      const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
       return {
         refreshToken: newRefreshToken,
         accessToken,
@@ -338,22 +366,24 @@ function validateAccessToken(accessToken) {
   });
 }
 
+// src/shared.ts
+var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
+
 // src/server/app-router.ts
-function getUserOrRedirect() {
+function getUserOrRedirect(redirectOptions) {
   return __async(this, null, function* () {
     const user = yield getUser();
     if (user) {
       return user;
     } else {
-      redirect(LOGIN_PATH);
+      redirectToLogin(redirectOptions);
       throw new Error("Redirecting to login");
     }
   });
 }
 function getUser() {
   return __async(this, null, function* () {
-    var _a;
-    const accessToken = headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
+    const accessToken = getAccessToken();
     if (accessToken) {
       const user = yield validateAccessTokenOrUndefined(accessToken);
       if (user) {
@@ -364,50 +394,57 @@ function getUser() {
   });
 }
 function getAccessToken() {
-  return __async(this, null, function* () {
-    var _a;
-    return headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
-  });
+  var _a;
+  return headers().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = cookies().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value);
 }
 function authMiddleware(req) {
   return __async(this, null, function* () {
-    var _a, _b;
+    var _a, _b, _c;
     if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) {
       throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`);
+    } else if (req.headers.has(CUSTOM_HEADER_FOR_URL)) {
+      throw new Error(`${CUSTOM_HEADER_FOR_URL} is set which is for internal use only`);
     } else if (req.nextUrl.pathname === CALLBACK_PATH || req.nextUrl.pathname === LOGOUT_PATH || req.nextUrl.pathname === USERINFO_PATH) {
-      return NextResponse.next();
+      return getNextResponse(req);
     }
     const accessToken = (_a = req.cookies.get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
     const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value;
+    const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
     if (accessToken) {
       const user = yield validateAccessTokenOrUndefined(accessToken);
       if (user) {
-        return NextResponse.next();
+        return getNextResponse(req);
       }
     }
     if (refreshToken) {
-      const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
+      const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
       if (response.error === "unexpected") {
         throw new Error("Unexpected error while refreshing access token");
       } else if (response.error === "unauthorized") {
-        const response2 = NextResponse.next();
+        const response2 = getNextResponse(req);
         response2.cookies.delete(ACCESS_TOKEN_COOKIE_NAME);
         response2.cookies.delete(REFRESH_TOKEN_COOKIE_NAME);
         return response2;
       } else {
-        const headers2 = new Headers(req.headers);
-        headers2.append(CUSTOM_HEADER_FOR_ACCESS_TOKEN, response.accessToken);
-        const nextResponse = NextResponse.next({
-          request: {
-            headers: headers2
-          }
-        });
+        const nextResponse = getNextResponse(req, response.accessToken);
         nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
         nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
         return nextResponse;
       }
     }
-    return NextResponse.next();
+    return getNextResponse(req);
+  });
+}
+function getNextResponse(request, newAccessToken) {
+  const headers2 = new Headers(request.headers);
+  headers2.set(CUSTOM_HEADER_FOR_URL, request.nextUrl.toString());
+  if (newAccessToken) {
+    headers2.set(CUSTOM_HEADER_FOR_ACCESS_TOKEN, newAccessToken);
+  }
+  return NextResponse.next({
+    request: {
+      headers: headers2
+    }
   });
 }
 function getRouteHandlers(args) {
@@ -447,7 +484,7 @@ function getRouteHandlers(args) {
   }
   function callbackGetHandler(req) {
     return __async(this, null, function* () {
-      var _a, _b;
+      var _a, _b, _c;
       const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
       if (!oauthState || oauthState.length !== 64) {
         return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -483,6 +520,49 @@ function getRouteHandlers(args) {
           console.error("postLoginRedirectPathFn returned undefined");
           return new Response("Unexpected error", { status: 500 });
         }
+        const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value;
+        const user = yield validateAccessToken(accessToken);
+        const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId);
+        let activeOrgId = void 0;
+        if (isUserInCurrentActiveOrg) {
+          activeOrgId = currentActiveOrgId;
+        } else if (args == null ? void 0 : args.getDefaultActiveOrgId) {
+          activeOrgId = args.getDefaultActiveOrgId(req, user);
+        }
+        if (activeOrgId) {
+          const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId);
+          if (response2.error === "unexpected") {
+            throw new Error("Unexpected error while setting active org");
+          } else if (response2.error === "unauthorized") {
+            console.error(
+              "Unauthorized error while setting active org. Your user may not have access to this org"
+            );
+            return new Response("Unauthorized", { status: 401 });
+          } else {
+            const headers3 = new Headers();
+            headers3.append("Location", returnToPath);
+            headers3.append(
+              "Set-Cookie",
+              `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
+            );
+            headers3.append(
+              "Set-Cookie",
+              `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
+            );
+            headers3.append(
+              "Set-Cookie",
+              `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
+            );
+            headers3.append(
+              "Set-Cookie",
+              `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+            );
+            return new Response(null, {
+              status: 302,
+              headers: headers3
+            });
+          }
+        }
         const headers2 = new Headers();
         headers2.append("Location", returnToPath);
         headers2.append(
@@ -493,6 +573,10 @@ function getRouteHandlers(args) {
           "Set-Cookie",
           `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
         );
+        headers2.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+        );
         headers2.append(
           "Set-Cookie",
           `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
@@ -513,10 +597,11 @@ function getRouteHandlers(args) {
   }
   function userinfoGetHandler(req) {
     return __async(this, null, function* () {
-      var _a;
+      var _a, _b;
       const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
+      const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
       if (oldRefreshToken) {
-        const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken);
+        const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
         if (refreshResponse.error === "unexpected") {
           throw new Error("Unexpected error while refreshing access token");
         } else if (refreshResponse.error === "unauthorized") {
@@ -529,6 +614,10 @@ function getRouteHandlers(args) {
             "Set-Cookie",
             `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
           );
+          headers3.append(
+            "Set-Cookie",
+            `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+          );
           return new Response("Unauthorized", { status: 401, headers: headers3 });
         }
         const refreshToken = refreshResponse.refreshToken;
@@ -547,7 +636,8 @@ function getRouteHandlers(args) {
           const jsonResponse = {
             userinfo: data,
             accessToken,
-            impersonatorUserId: userFromToken.impersonatorUserId
+            impersonatorUserId: userFromToken.impersonatorUserId,
+            activeOrgId
           };
           const headers3 = new Headers();
           headers3.append(
@@ -573,6 +663,10 @@ function getRouteHandlers(args) {
             "Set-Cookie",
             `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
           );
+          headers3.append(
+            "Set-Cookie",
+            `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+          );
           return new Response(null, {
             status: 401,
             headers: headers3
@@ -584,12 +678,13 @@ function getRouteHandlers(args) {
       const headers2 = new Headers();
       headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
       headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+      headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
       return new Response(null, { status: 401 });
     });
   }
   function logoutGetHandler(req) {
     return __async(this, null, function* () {
-      var _a;
+      var _a, _b;
       const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/";
       if (!path) {
         console.error("postLoginPathFn returned undefined");
@@ -607,12 +702,17 @@ function getRouteHandlers(args) {
           "Set-Cookie",
           `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
         );
+        headers2.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+        );
         return new Response(null, {
           status: 302,
           headers: headers2
         });
       }
-      const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
+      const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
+      const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
       if (refreshResponse.error === "unexpected") {
         console.error("Unexpected error while refreshing access token");
         return new Response("Unexpected error", { status: 500 });
@@ -627,6 +727,10 @@ function getRouteHandlers(args) {
           "Set-Cookie",
           `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
         );
+        headers2.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+        );
         return new Response(null, {
           status: 302,
           headers: headers2
@@ -655,6 +759,10 @@ function getRouteHandlers(args) {
           "Set-Cookie",
           `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
         );
+        headers3.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+        );
         return new Response(null, { status: 200, headers: headers3 });
       }
       const authUrlOrigin = getAuthUrlOrigin();
@@ -679,9 +787,78 @@ function getRouteHandlers(args) {
       const headers2 = new Headers();
       headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
       headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
+      headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
       return new Response(null, { status: 200, headers: headers2 });
     });
   }
+  function setActiveOrgHandler(req) {
+    return __async(this, null, function* () {
+      var _a;
+      const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
+      const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
+      if (!oldRefreshToken) {
+        const headers2 = new Headers();
+        headers2.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
+        );
+        return new Response(null, { status: 401, headers: headers2 });
+      }
+      if (!activeOrgId) {
+        return new Response(null, { status: 400 });
+      }
+      const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
+      if (refreshResponse.error === "unexpected") {
+        throw new Error("Unexpected error while setting active org id");
+      } else if (refreshResponse.error === "unauthorized") {
+        return new Response("Unauthorized", { status: 401 });
+      }
+      const refreshToken = refreshResponse.refreshToken;
+      const accessToken = refreshResponse.accessToken;
+      const authUrlOrigin = getAuthUrlOrigin();
+      const path = `${authUrlOrigin}/propelauth/oauth/userinfo`;
+      const response = yield fetch(path, {
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: "Bearer " + accessToken
+        }
+      });
+      if (response.ok) {
+        const userFromToken = yield validateAccessToken(accessToken);
+        const data = yield response.json();
+        const jsonResponse = {
+          userinfo: data,
+          accessToken,
+          impersonatorUserId: userFromToken.impersonatorUserId,
+          activeOrgId
+        };
+        const headers2 = new Headers();
+        headers2.append(
+          "Set-Cookie",
+          `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
+        );
+        headers2.append(
+          "Set-Cookie",
+          `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
+        );
+        headers2.append(
+          "Set-Cookie",
+          `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
+        );
+        headers2.append("Content-Type", "application/json");
+        return new Response(JSON.stringify(jsonResponse), {
+          status: 200,
+          headers: headers2
+        });
+      } else if (response.status === 401) {
+        return new Response(null, {
+          status: 401
+        });
+      } else {
+        return new Response(null, { status: 500 });
+      }
+    });
+  }
   function getRouteHandler(req, { params }) {
     if (params.slug === "login") {
       return loginGetHandler(req);
@@ -700,6 +877,8 @@ function getRouteHandlers(args) {
   function postRouteHandler(req, { params }) {
     if (params.slug === "logout") {
       return logoutPostHandler(req);
+    } else if (params.slug === "set-active-org") {
+      return setActiveOrgHandler(req);
     } else {
       return new Response("", { status: 404 });
     }
@@ -713,11 +892,51 @@ function randomState() {
   const randomBytes = crypto.getRandomValues(new Uint8Array(32));
   return Array.from(randomBytes).map((b) => b.toString(16).padStart(2, "0")).join("");
 }
+function redirectToLogin(redirectOptions) {
+  if (!redirectOptions) {
+    redirect(LOGIN_PATH);
+  } else if (redirectOptions.returnToPath) {
+    const loginPath = LOGIN_PATH + "?return_to_path=" + encodeURI(redirectOptions.returnToPath);
+    redirect(loginPath);
+  } else if (redirectOptions.returnToCurrentPath) {
+    const encodedPath = getUrlEncodedRedirectPathForCurrentUrl();
+    if (encodedPath) {
+      const loginPath = LOGIN_PATH + "?return_to_path=" + encodedPath;
+      redirect(loginPath);
+    } else {
+      console.warn("Could not get current URL to redirect to");
+      redirect(LOGIN_PATH);
+    }
+  }
+}
+function getUrlEncodedRedirectPathForCurrentUrl() {
+  const url = getCurrentUrl();
+  if (!url) {
+    return void 0;
+  }
+  try {
+    const urlObj = new URL(url);
+    return encodeURIComponent(urlObj.pathname + urlObj.search);
+  } catch (e) {
+    console.warn("Current URL is not a valid URL");
+    return void 0;
+  }
+}
+function getCurrentUrl() {
+  const url = headers().get(CUSTOM_HEADER_FOR_URL);
+  if (!url) {
+    console.warn("Attempting to redirect to the current URL, but we could not find the current URL in the headers. Is the middleware set up?");
+    return void 0;
+  } else {
+    return url;
+  }
+}
 export {
   ConfigurationException,
   UnauthorizedException,
   authMiddleware,
   getAccessToken,
+  getCurrentUrl,
   getRouteHandlers,
   getUser,
   getUserOrRedirect