@quanticjs/auth-web-bff 5.7.0 → 5.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/bff.controller.js +5 -1
  2. package/dist/bff.service.d.ts +1 -0
  3. package/dist/bff.service.js +26 -2
  4. package/package.json +2 -2
package/dist/bff.controller.js CHANGED
@@ -81,13 +81,17 @@ let BffController = class BffController {
81
81
  }
82
82
  const cookieName = this.bffService.getCookieName();
83
83
  const sessionId = req.cookies?.[cookieName];
84
+ let idToken;
84
85
  if (sessionId) {
86
+ const session = await this.bffService.getSession(sessionId);
87
+ idToken = session?.idToken;
85
88
  await this.bffService.destroySession(sessionId);
86
89
  }
90
+ const endSessionUrl = this.bffService.getEndSessionUrl(idToken);
87
91
  res
88
92
  .clearCookie(cookieName, this.bffService.getCookieOptions())
89
93
  .clearCookie(this.bffService.getCsrfCookieName(), this.bffService.getCsrfCookieOptions())
90
- .json({ success: true });
94
+ .json({ success: true, endSessionUrl });
91
95
  }
92
96
  async me(req, res) {
93
97
  const cookieName = this.bffService.getCookieName();
package/dist/bff.service.d.ts CHANGED
@@ -25,6 +25,7 @@ export declare class BffService implements OnModuleInit {
25
25
  getAccessToken(sessionId: string): Promise<string | null>;
26
26
  refreshSession(sessionId: string, session?: SessionData): Promise<string | null>;
27
27
  destroySession(sessionId: string): Promise<void>;
28
+ getEndSessionUrl(idToken?: string): string | null;
28
29
  getUserInfo(sessionId: string): Promise<Record<string, unknown> | null>;
29
30
  getCookieOptions(): Record<string, unknown>;
30
31
  getCookieName(): string;
package/dist/bff.service.js CHANGED
@@ -143,9 +143,19 @@ let BffService = class BffService {
143
143
  const session = await this.getSession(sessionId);
144
144
  if (!this.redis)
145
145
  return;
146
- if (session?.accessToken) {
146
+ if (session) {
147
147
  try {
148
- await this.client.revoke(session.accessToken, 'access_token');
148
+ if (session.refreshToken) {
149
+ await this.client.revoke(session.refreshToken, 'refresh_token');
150
+ }
151
+ }
152
+ catch {
153
+ // best-effort revocation
154
+ }
155
+ try {
156
+ if (session.accessToken) {
157
+ await this.client.revoke(session.accessToken, 'access_token');
158
+ }
149
159
  }
150
160
  catch {
151
161
  // best-effort revocation
@@ -153,6 +163,20 @@ let BffService = class BffService {
153
163
  }
154
164
  await this.redis.del(this.sessionPrefix + sessionId);
155
165
  }
166
+ getEndSessionUrl(idToken) {
167
+ const endSessionEndpoint = this.client.issuer.metadata.end_session_endpoint;
168
+ if (!endSessionEndpoint)
169
+ return null;
170
+ const publicUrl = endSessionEndpoint.replace(this.internalKeycloakBase, this.publicKeycloakBase);
171
+ const redirectUri = this.options.publicUrl ?? 'http://localhost:5173';
172
+ const params = new URLSearchParams({
173
+ client_id: this.options.keycloak.clientId,
174
+ post_logout_redirect_uri: redirectUri,
175
+ });
176
+ if (idToken)
177
+ params.set('id_token_hint', idToken);
178
+ return `${publicUrl}?${params.toString()}`;
179
+ }
156
180
  async getUserInfo(sessionId) {
157
181
  const session = await this.getSession(sessionId);
158
182
  if (!session)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@quanticjs/auth-web-bff",
3
- "version": "5.7.0",
3
+ "version": "5.8.0",
4
4
  "description": "BFF authentication module — Keycloak OIDC, Redis sessions, httpOnly cookies",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -9,7 +9,7 @@
9
9
  "clean": "rm -rf dist"
10
10
  },
11
11
  "dependencies": {
12
- "@quanticjs/core": "^5.7.0"
12
+ "@quanticjs/core": "^5.8.0"
13
13
  },
14
14
  "peerDependencies": {
15
15
  "@nestjs/common": "^10.0.0 || ^11.0.0",