@sourceregistry/sveltekit-oidc 1.1.1 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -160,6 +160,76 @@ export async function load(event) {
160
160
  - periodic `invalidateAll()` revalidation so revoked server sessions are detected
161
161
  - a client context for nested auth-aware components through `useOIDC()` / `getOIDCContext()`
162
162
 
163
+ ## Typed Custom Claims
164
+
165
+ `createOIDC` infers a `TClaims` type from whatever `transformClaims` / `transformUser` / `transformSession` return, and threads it through the session, `event.locals.oidc`, `OIDCPublicSession`, and the client context — no casts needed.
166
+
167
+ ```ts
168
+ // src/lib/server/auth.ts
169
+ export const oidc = createOIDC({
170
+ issuer: 'https://your-idp.example.com',
171
+ clientId: process.env.OIDC_CLIENT_ID!,
172
+ cookieSecret: process.env.OIDC_COOKIE_SECRET!,
173
+ transformClaims: (claims) => ({
174
+ ...claims,
175
+ roles: (claims.roles as string[]) ?? [],
176
+ tenant: claims.tenant as string | undefined
177
+ })
178
+ });
179
+ ```
180
+
181
+ Extract the inferred type with `OIDCInferClaims` and apply it to `App.Locals` so `event.locals.oidc` is typed everywhere:
182
+
183
+ ```ts
184
+ // src/app.d.ts
185
+ import type { OIDCHandleLocals, OIDCInferClaims } from 'sveltekit-oidc/server';
186
+ import { oidc } from '$lib/server/auth';
187
+
188
+ export type AppClaims = OIDCInferClaims<typeof oidc>;
189
+
190
+ declare global {
191
+ namespace App {
192
+ interface Locals {
193
+ oidc?: OIDCHandleLocals<AppClaims>;
194
+ }
195
+ }
196
+ }
197
+
198
+ export {};
199
+ ```
200
+
201
+ Now `event.locals.oidc?.claims?.roles` is `string[]` and `?.tenant` is `string | undefined` in every hook, load function, and action.
202
+
203
+ `OIDCContext` is a generic component, but Svelte doesn't support passing explicit type arguments in markup — `TClaims` is inferred from the `session` prop instead. Since `data.session` comes from `oidc.getPublicSession(event)`, it's already typed `OIDCPublicSession<AppClaims> | null`, so the inference flows through automatically:
204
+
205
+ ```html
206
+ <!-- src/routes/+layout.svelte -->
207
+ <script lang="ts">
208
+ import { OIDCContext } from 'sveltekit-oidc';
209
+ let { data, children } = $props();
210
+ </script>
211
+
212
+ <OIDCContext session={data.session} config={data.sessionManagement}>
213
+ {@render children()}
214
+ </OIDCContext>
215
+ ```
216
+
217
+ ```html
218
+ <!-- src/lib/Account.svelte -->
219
+ <script lang="ts">
220
+ import { useOIDC } from 'sveltekit-oidc';
221
+ import type { AppClaims } from '../../app.d.ts';
222
+
223
+ const oidc = useOIDC<AppClaims>();
224
+ </script>
225
+
226
+ {#if oidc.isAuthenticated}
227
+ <p>Roles: {oidc.claims?.roles.join(', ')}</p>
228
+ {/if}
229
+ ```
230
+
231
+ If `transformClaims` (and friends) are omitted, `TClaims` defaults to `OIDCUserClaims` — existing setups keep working unchanged.
232
+
163
233
  ## Example App
164
234
 
165
235
  This repository now includes a runnable example under [src/routes](C:/Users/alexa/WebstormProjects/github.com/SourceRegistry/sveltekit-oidc/src/routes) and [src/hooks.server.ts](C:/Users/alexa/WebstormProjects/github.com/SourceRegistry/sveltekit-oidc/src/hooks.server.ts).
@@ -183,4 +253,4 @@ Set these environment variables to enable it:
183
253
  - Use `transformClaims`, `transformUser`, and `transformSession` to project provider-specific claims into your own session shape.
184
254
  - `check_session_iframe` monitoring only runs when the provider advertises that endpoint and the session includes `session_state`.
185
255
  - Refresh token handling is automatic when a valid refresh token is present.
186
- - `event.locals.oidc` is attached by the hook, but you should add your own `app.d.ts` augmentation in the consuming app for full typing.
256
+ - `event.locals.oidc` is attached by the hook and typed via `OIDCHandleLocals<TClaims>`; see [Typed Custom Claims](#typed-custom-claims) for wiring your own claim shapes through `app.d.ts`.
@@ -1,9 +1,13 @@
1
- <script lang="ts">
1
+ <script lang="ts" generics="TClaims extends OIDCUserClaims = OIDCUserClaims">
2
2
  import { goto, invalidateAll } from '$app/navigation';
3
3
  import type { Snippet } from 'svelte';
4
4
 
5
5
  import { setOIDCContext } from './context.js';
6
- import type { OIDCPublicSession, OIDCSessionManagementConfig } from '../server/index.js';
6
+ import type {
7
+ OIDCPublicSession,
8
+ OIDCSessionManagementConfig,
9
+ OIDCUserClaims
10
+ } from '../server/index.js';
7
11
 
8
12
  type RedirectMode = 'login' | 'logout' | 'reload' | 'none';
9
13
 
@@ -19,7 +23,7 @@
19
23
  redirectIfUnauthenticated = false,
20
24
  children
21
25
  }: {
22
- session?: OIDCPublicSession | null;
26
+ session?: OIDCPublicSession<TClaims> | null;
23
27
  config: OIDCSessionManagementConfig;
24
28
  loginPath?: string;
25
29
  logoutPath?: string;
@@ -44,7 +48,7 @@
44
48
  Boolean(session?.isAuthenticated && session?.sessionState && iframeUrl)
45
49
  );
46
50
 
47
- const context = setOIDCContext({
51
+ const context = setOIDCContext<TClaims>({
48
52
  get isAuthenticated() {
49
53
  return Boolean(session?.isAuthenticated);
50
54
  },
@@ -1,18 +1,37 @@
1
1
  import type { Snippet } from 'svelte';
2
- import type { OIDCPublicSession, OIDCSessionManagementConfig } from '../server/index.js';
3
- type RedirectMode = 'login' | 'logout' | 'reload' | 'none';
4
- type $$ComponentProps = {
5
- session?: OIDCPublicSession | null;
6
- config: OIDCSessionManagementConfig;
7
- loginPath?: string;
8
- logoutPath?: string;
9
- checkSessionIntervalMs?: number;
10
- revalidateIntervalMs?: number;
11
- redirectOnExpired?: RedirectMode;
12
- redirectOnRevoked?: RedirectMode;
13
- redirectIfUnauthenticated?: boolean;
14
- children?: Snippet;
2
+ import type { OIDCPublicSession, OIDCSessionManagementConfig, OIDCUserClaims } from '../server/index.js';
3
+ declare function $$render<TClaims extends OIDCUserClaims = OIDCUserClaims>(): {
4
+ props: {
5
+ session?: OIDCPublicSession<TClaims> | null;
6
+ config: OIDCSessionManagementConfig;
7
+ loginPath?: string;
8
+ logoutPath?: string;
9
+ checkSessionIntervalMs?: number;
10
+ revalidateIntervalMs?: number;
11
+ redirectOnExpired?: "none" | "login" | "logout" | "reload";
12
+ redirectOnRevoked?: "none" | "login" | "logout" | "reload";
13
+ redirectIfUnauthenticated?: boolean;
14
+ children?: Snippet;
15
+ };
16
+ exports: {};
17
+ bindings: "";
18
+ slots: {};
19
+ events: {};
15
20
  };
16
- declare const OIDCContext: import("svelte").Component<$$ComponentProps, {}, "">;
17
- type OIDCContext = ReturnType<typeof OIDCContext>;
21
+ declare class __sveltets_Render<TClaims extends OIDCUserClaims = OIDCUserClaims> {
22
+ props(): ReturnType<typeof $$render<TClaims>>['props'];
23
+ events(): ReturnType<typeof $$render<TClaims>>['events'];
24
+ slots(): ReturnType<typeof $$render<TClaims>>['slots'];
25
+ bindings(): "";
26
+ exports(): {};
27
+ }
28
+ interface $$IsomorphicComponent {
29
+ new <TClaims extends OIDCUserClaims = OIDCUserClaims>(options: import('svelte').ComponentConstructorOptions<ReturnType<__sveltets_Render<TClaims>['props']>>): import('svelte').SvelteComponent<ReturnType<__sveltets_Render<TClaims>['props']>, ReturnType<__sveltets_Render<TClaims>['events']>, ReturnType<__sveltets_Render<TClaims>['slots']>> & {
30
+ $$bindings?: ReturnType<__sveltets_Render<TClaims>['bindings']>;
31
+ } & ReturnType<__sveltets_Render<TClaims>['exports']>;
32
+ <TClaims extends OIDCUserClaims = OIDCUserClaims>(internal: unknown, props: ReturnType<__sveltets_Render<TClaims>['props']> & {}): ReturnType<__sveltets_Render<TClaims>['exports']>;
33
+ z_$$bindings?: ReturnType<__sveltets_Render<any>['bindings']>;
34
+ }
35
+ declare const OIDCContext: $$IsomorphicComponent;
36
+ type OIDCContext<TClaims extends OIDCUserClaims = OIDCUserClaims> = InstanceType<typeof OIDCContext<TClaims>>;
18
37
  export default OIDCContext;
@@ -1,16 +1,16 @@
1
- import type { OIDCDiscoveryDocument, OIDCPublicSession } from '../server/index.js';
2
- export type OIDCClientContextValue = {
1
+ import type { OIDCDiscoveryDocument, OIDCPublicSession, OIDCUserClaims } from '../server/index.js';
2
+ export type OIDCClientContextValue<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
3
3
  isAuthenticated: boolean;
4
- session: OIDCPublicSession | null;
5
- user: OIDCPublicSession['user'];
6
- claims: OIDCPublicSession['claims'];
7
- groups: OIDCPublicSession['groups'];
4
+ session: OIDCPublicSession<TClaims> | null;
5
+ user: OIDCPublicSession<TClaims>['user'];
6
+ claims: OIDCPublicSession<TClaims>['claims'];
7
+ groups: OIDCPublicSession<TClaims>['groups'];
8
8
  metadata?: Pick<OIDCDiscoveryDocument, 'issuer' | 'check_session_iframe' | 'end_session_endpoint' | 'backchannel_logout_supported' | 'backchannel_logout_session_supported'>;
9
9
  status: 'authenticated' | 'unauthenticated' | 'expired' | 'revoked';
10
10
  login: (returnTo?: string) => void;
11
11
  logout: (clearSessionOnly?: boolean) => Promise<void>;
12
12
  revalidate: () => Promise<void>;
13
13
  };
14
- export declare function setOIDCContext(value: OIDCClientContextValue): OIDCClientContextValue;
15
- export declare function getOIDCContext(): OIDCClientContextValue;
16
- export declare function useOIDC(): OIDCClientContextValue;
14
+ export declare function setOIDCContext<TClaims extends OIDCUserClaims = OIDCUserClaims>(value: OIDCClientContextValue<TClaims>): OIDCClientContextValue<TClaims>;
15
+ export declare function getOIDCContext<TClaims extends OIDCUserClaims = OIDCUserClaims>(): OIDCClientContextValue<TClaims>;
16
+ export declare function useOIDC<TClaims extends OIDCUserClaims = OIDCUserClaims>(): OIDCClientContextValue<TClaims>;
@@ -1,2 +1,2 @@
1
- import type { CookieOptions, OIDCCookies } from './types.js';
2
- export declare function createOIDCCookieStore(cookieSecret: string, sessionCookieName: string, stateCookieName: string, cookieOptions: CookieOptions): OIDCCookies;
1
+ import type { CookieOptions, OIDCCookies, OIDCUserClaims } from './types.js';
2
+ export declare function createOIDCCookieStore<TClaims extends OIDCUserClaims = OIDCUserClaims>(cookieSecret: string, sessionCookieName: string, stateCookieName: string, cookieOptions: CookieOptions): OIDCCookies<TClaims>;
@@ -1,5 +1,5 @@
1
- import type { OIDCOptions, OIDCInstance } from './types.js';
1
+ import type { OIDCOptions, OIDCInstance, OIDCUserClaims } from './types.js';
2
2
  export type * from './types.js';
3
3
  export { createInMemoryBackChannelLogoutStore, createInMemorySessionStore } from './store.js';
4
- export declare function createOIDC(options: OIDCOptions): OIDCInstance;
4
+ export declare function createOIDC<TClaims extends OIDCUserClaims = OIDCUserClaims>(options: OIDCOptions<TClaims>): OIDCInstance<TClaims>;
5
5
  export declare const OpenIDConnect: typeof createOIDC;
@@ -199,7 +199,9 @@ export function createOIDC(options) {
199
199
  algorithms: metadata.id_token_signing_alg_values_supported,
200
200
  clockSkew: clockSkewSeconds
201
201
  });
202
- const transformedClaims = options.transformClaims ? await options.transformClaims(claims) : claims;
202
+ const transformedClaims = options.transformClaims
203
+ ? await options.transformClaims(claims)
204
+ : claims;
203
205
  if (transformedClaims.nonce !== nonce) {
204
206
  throw error(401, { message: 'Invalid id_token nonce' });
205
207
  }
@@ -258,7 +260,9 @@ export function createOIDC(options) {
258
260
  ? await validateIdToken(tokenResponse.id_token, session.nonce)
259
261
  : session.claims;
260
262
  const rawUser = options.fetchUserInfo !== false ? await fetchUserInfo(tokenResponse.access_token) : session.user;
261
- const user = options.transformUser ? await options.transformUser(rawUser, { claims }) : rawUser;
263
+ const user = options.transformUser
264
+ ? await options.transformUser(rawUser, { claims })
265
+ : rawUser;
262
266
  const nextSession = {
263
267
  ...session,
264
268
  sub: claims?.sub ?? session.sub,
@@ -347,7 +351,9 @@ export function createOIDC(options) {
347
351
  const rawUser = options.fetchUserInfo === false
348
352
  ? undefined
349
353
  : await fetchUserInfo(tokenResponse.access_token).catch(() => undefined);
350
- const user = options.transformUser ? await options.transformUser(rawUser, { claims }) : rawUser;
354
+ const user = options.transformUser
355
+ ? await options.transformUser(rawUser, { claims })
356
+ : rawUser;
351
357
  const metadata = await getMetadata();
352
358
  const now = Math.floor(Date.now() / 1000);
353
359
  const session = {
@@ -1,3 +1,3 @@
1
- import type { OIDCSession, OIDCSessionTokens, OIDCTokenResponse } from './types.js';
1
+ import type { OIDCSession, OIDCSessionTokens, OIDCTokenResponse, OIDCUserClaims } from './types.js';
2
2
  export declare function normalizeTokens(tokenResponse: OIDCTokenResponse, defaultScope: string[], existing?: OIDCSessionTokens, now?: number): OIDCSessionTokens;
3
- export declare function shouldRefresh(session: OIDCSession, refreshToleranceSeconds: number, now?: number): boolean;
3
+ export declare function shouldRefresh<TClaims extends OIDCUserClaims = OIDCUserClaims>(session: OIDCSession<TClaims>, refreshToleranceSeconds: number, now?: number): boolean;
@@ -1,3 +1,3 @@
1
- import type { OIDCBackChannelLogoutStore, OIDCSessionStore } from './types.js';
2
- export declare function createInMemoryBackChannelLogoutStore(): OIDCBackChannelLogoutStore;
3
- export declare function createInMemorySessionStore(): OIDCSessionStore;
1
+ import type { OIDCBackChannelLogoutStore, OIDCSessionStore, OIDCUserClaims } from './types.js';
2
+ export declare function createInMemoryBackChannelLogoutStore<TClaims extends OIDCUserClaims = OIDCUserClaims>(): OIDCBackChannelLogoutStore<TClaims>;
3
+ export declare function createInMemorySessionStore<TClaims extends OIDCUserClaims = OIDCUserClaims>(): OIDCSessionStore<TClaims>;
@@ -56,7 +56,7 @@ export type OIDCUserClaims = Record<string, unknown> & {
56
56
  nbf?: number;
57
57
  nonce?: string;
58
58
  };
59
- export type OIDCSession = {
59
+ export type OIDCSession<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
60
60
  issuer: string;
61
61
  clientId: string;
62
62
  nonce?: string;
@@ -64,16 +64,16 @@ export type OIDCSession = {
64
64
  sid?: string;
65
65
  sessionState?: string;
66
66
  groups: string[];
67
- user?: OIDCUserClaims;
68
- claims?: OIDCUserClaims;
67
+ user?: TClaims;
68
+ claims?: TClaims;
69
69
  tokens: OIDCSessionTokens;
70
70
  createdAt: number;
71
71
  refreshedAt: number;
72
72
  };
73
- export type OIDCPublicSession = {
73
+ export type OIDCPublicSession<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
74
74
  isAuthenticated: boolean;
75
- user?: OIDCUserClaims;
76
- claims?: OIDCUserClaims;
75
+ user?: TClaims;
76
+ claims?: TClaims;
77
77
  groups: string[];
78
78
  scope: string[];
79
79
  expiresAt?: number;
@@ -114,13 +114,13 @@ export type OIDCBackChannelLogoutRecord = {
114
114
  jti: string;
115
115
  iat: number;
116
116
  };
117
- export type OIDCBackChannelLogoutStore = {
117
+ export type OIDCBackChannelLogoutStore<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
118
118
  revoke(record: OIDCBackChannelLogoutRecord): MaybePromise<void>;
119
- isRevoked(session: OIDCSession): MaybePromise<boolean>;
119
+ isRevoked(session: OIDCSession<TClaims>): MaybePromise<boolean>;
120
120
  };
121
- export type OIDCSessionStore = {
122
- get(sessionId: string): MaybePromise<OIDCSession | null>;
123
- set(sessionId: string, session: OIDCSession): MaybePromise<void>;
121
+ export type OIDCSessionStore<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
122
+ get(sessionId: string): MaybePromise<OIDCSession<TClaims> | null>;
123
+ set(sessionId: string, session: OIDCSession<TClaims>): MaybePromise<void>;
124
124
  delete(sessionId: string): MaybePromise<void>;
125
125
  };
126
126
  export type OIDCSessionManagementConfig = {
@@ -133,7 +133,7 @@ export type OIDCSessionManagementConfig = {
133
133
  backChannelLogoutSupported: boolean;
134
134
  backChannelLogoutSessionSupported: boolean;
135
135
  };
136
- export type OIDCOptions = {
136
+ export type OIDCOptions<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
137
137
  issuer?: string;
138
138
  discoveryUrl?: string;
139
139
  clientId: string;
@@ -155,19 +155,19 @@ export type OIDCOptions = {
155
155
  refreshToleranceSeconds?: number;
156
156
  defaultLoginRedirect?: string;
157
157
  defaultLogoutRedirect?: string;
158
- sessionStore?: OIDCSessionStore;
159
- backChannelLogoutStore?: OIDCBackChannelLogoutStore;
160
- transformClaims?: (claims: OIDCUserClaims) => MaybePromise<OIDCUserClaims>;
158
+ sessionStore?: OIDCSessionStore<TClaims>;
159
+ backChannelLogoutStore?: OIDCBackChannelLogoutStore<TClaims>;
160
+ transformClaims?: (claims: OIDCUserClaims) => MaybePromise<TClaims>;
161
161
  transformUser?: (user: OIDCUserClaims | undefined, context: {
162
- claims?: OIDCUserClaims;
163
- }) => MaybePromise<OIDCUserClaims | undefined>;
164
- transformSession?: (session: OIDCSession, context: {
162
+ claims?: TClaims;
163
+ }) => MaybePromise<TClaims | undefined>;
164
+ transformSession?: (session: OIDCSession<TClaims>, context: {
165
165
  event?: RequestEvent;
166
166
  tokenResponse?: OIDCTokenResponse;
167
- claims?: OIDCUserClaims;
168
- user?: OIDCUserClaims;
167
+ claims?: TClaims;
168
+ user?: TClaims;
169
169
  isRefresh: boolean;
170
- }) => MaybePromise<OIDCSession>;
170
+ }) => MaybePromise<OIDCSession<TClaims>>;
171
171
  endpoints?: Partial<OIDCDiscoveryDocument>;
172
172
  };
173
173
  export type OIDCLoginOptions = {
@@ -181,16 +181,16 @@ export type OIDCLogoutOptions = {
181
181
  state?: string;
182
182
  clearSessionOnly?: boolean;
183
183
  };
184
- export type OIDCCallbackResult = {
185
- session: OIDCSession;
184
+ export type OIDCCallbackResult<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
185
+ session: OIDCSession<TClaims>;
186
186
  returnTo: string;
187
187
  };
188
- export type OIDCHandleLocals = {
188
+ export type OIDCHandleLocals<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
189
189
  isAuthenticated: boolean;
190
- session: OIDCSession | null;
191
- user?: OIDCUserClaims;
192
- claims?: OIDCUserClaims;
193
- requireAuth: () => Promise<OIDCSession>;
190
+ session: OIDCSession<TClaims> | null;
191
+ user?: TClaims;
192
+ claims?: TClaims;
193
+ requireAuth: () => Promise<OIDCSession<TClaims>>;
194
194
  clearSession: () => Promise<void>;
195
195
  };
196
196
  export type OIDCStateCookie = {
@@ -200,8 +200,8 @@ export type OIDCStateCookie = {
200
200
  returnTo: string;
201
201
  createdAt: number;
202
202
  };
203
- export type OIDCCallbackHandlerOptions = {
204
- onsuccess?: (event: RequestEvent, result: OIDCCallbackResult) => MaybePromise<Response | void>;
203
+ export type OIDCCallbackHandlerOptions<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
204
+ onsuccess?: (event: RequestEvent, result: OIDCCallbackResult<TClaims>) => MaybePromise<Response | void>;
205
205
  onfailure?: (event: RequestEvent, err: unknown) => MaybePromise<Response | void>;
206
206
  redirectTo?: string;
207
207
  };
@@ -214,9 +214,9 @@ export type OIDCClientAssertionOptions = {
214
214
  clientId: string;
215
215
  clientSecret?: string;
216
216
  };
217
- export type OIDCCookies = {
218
- readSession(cookies: Cookies): OIDCSession | null;
219
- writeSession(cookies: Cookies, session: OIDCSession): void;
217
+ export type OIDCCookies<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
218
+ readSession(cookies: Cookies): OIDCSession<TClaims> | null;
219
+ writeSession(cookies: Cookies, session: OIDCSession<TClaims>): void;
220
220
  clearSession(cookies: Cookies): void;
221
221
  readSessionReference(cookies: Cookies): {
222
222
  id: string;
@@ -229,28 +229,29 @@ export type OIDCCookies = {
229
229
  writeState(cookies: Cookies, state: OIDCStateCookie): void;
230
230
  clearState(cookies: Cookies): void;
231
231
  };
232
- export type OIDCPersistedSession = {
232
+ export type OIDCPersistedSession<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
233
233
  id?: string;
234
- session: OIDCSession;
234
+ session: OIDCSession<TClaims>;
235
235
  };
236
- export type OIDCInstance = {
236
+ export type OIDCInstance<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
237
237
  handle: Handle;
238
238
  getMetadata: () => Promise<OIDCDiscoveryDocument>;
239
- getSession: (event: RequestEvent) => Promise<OIDCSession | null>;
240
- getPublicSession: (event: RequestEvent) => Promise<OIDCPublicSession | null>;
239
+ getSession: (event: RequestEvent) => Promise<OIDCSession<TClaims> | null>;
240
+ getPublicSession: (event: RequestEvent) => Promise<OIDCPublicSession<TClaims> | null>;
241
241
  getSessionManagementConfig: () => Promise<OIDCSessionManagementConfig>;
242
242
  login: (event: RequestEvent, loginOptions?: OIDCLoginOptions) => Promise<never>;
243
243
  logout: (event: RequestEvent, logoutOptions?: OIDCLogoutOptions) => Promise<never>;
244
- handleCallback: (event: RequestEvent) => Promise<OIDCCallbackResult>;
244
+ handleCallback: (event: RequestEvent) => Promise<OIDCCallbackResult<TClaims>>;
245
245
  handleBackChannelLogout: (event: RequestEvent) => Promise<Response>;
246
246
  loginHandler: (defaults?: OIDCLoginOptions) => RequestHandler;
247
- callbackHandler: (handlerOptions?: OIDCCallbackHandlerOptions) => RequestHandler;
247
+ callbackHandler: (handlerOptions?: OIDCCallbackHandlerOptions<TClaims>) => RequestHandler;
248
248
  logoutHandler: (defaults?: OIDCLogoutOptions) => RequestHandler;
249
249
  backChannelLogoutHandler: () => RequestHandler;
250
250
  createActions: (actionOptions?: OIDCActionOptions) => Readonly<{
251
251
  login: Action;
252
252
  logout: Action;
253
253
  }>;
254
- requireAuth: (event: RequestEvent, returnTo?: string) => Promise<OIDCSession>;
254
+ requireAuth: (event: RequestEvent, returnTo?: string) => Promise<OIDCSession<TClaims>>;
255
255
  clearSession: (cookies: Cookies) => Promise<void>;
256
256
  };
257
+ export type OIDCInferClaims<T> = T extends OIDCInstance<infer TClaims> ? TClaims : OIDCUserClaims;
@@ -8,7 +8,7 @@ export declare function createPKCEPair(length?: number): {
8
8
  export declare function normalizeIssuer(issuer: string): string;
9
9
  export declare function normalizeScope(scope?: string[]): string[];
10
10
  export declare function normalizeStringArray(value: unknown): string[];
11
- export declare function collectGroups(...sources: Array<OIDCUserClaims | undefined>): string[];
11
+ export declare function collectGroups<TClaims extends OIDCUserClaims = OIDCUserClaims>(...sources: Array<TClaims | undefined>): string[];
12
12
  export declare function createSignedValue(value: string, secret: string): string;
13
13
  export declare function verifySignedValue(value: string, secret: string): string | null;
14
14
  export declare function serializeSignedCookie(payload: unknown, secret: string): string;
@@ -16,4 +16,4 @@ export declare function parseSignedCookie<T>(value: string | undefined, secret:
16
16
  export declare function buildCookieOptions(options?: Partial<CookieOptions>): CookieOptions;
17
17
  export declare function parseProviderError(event: RequestEvent): null;
18
18
  export declare function absoluteUrl(event: RequestEvent, pathOrUrl: string): string;
19
- export declare function toPublicSession(session: OIDCSession | null): OIDCPublicSession | null;
19
+ export declare function toPublicSession<TClaims extends OIDCUserClaims = OIDCUserClaims>(session: OIDCSession<TClaims> | null): OIDCPublicSession<TClaims> | null;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sourceregistry/sveltekit-oidc",
3
- "version": "1.1.1",
3
+ "version": "1.2.0",
4
4
  "description": "OIDC authentication helpers for SvelteKit applications.",
5
5
  "license": "Apache-2.0",
6
6
  "scripts": {
@@ -57,22 +57,22 @@
57
57
  "svelte": "^5.0.0"
58
58
  },
59
59
  "devDependencies": {
60
- "@sveltejs/adapter-auto": "^7.0.0",
61
- "@sveltejs/kit": "^2.50.2",
62
- "@sveltejs/package": "^2.5.7",
63
- "@sveltejs/vite-plugin-svelte": "^6.2.4",
64
- "@types/node": "^25.5.2",
60
+ "@sveltejs/adapter-auto": "^7.0.1",
61
+ "@sveltejs/kit": "^2.63.1",
62
+ "@sveltejs/package": "^2.5.8",
63
+ "@sveltejs/vite-plugin-svelte": "^7.1.2",
64
+ "@types/node": "^25.9.2",
65
65
  "@semantic-release/changelog": "^6.0.3",
66
66
  "@semantic-release/git": "^10.0.1",
67
- "publint": "^0.3.17",
68
- "svelte": "^5.54.0",
69
- "svelte-check": "^4.4.2",
70
- "typescript": "^5.9.3",
71
- "vite": "^7.3.1",
72
- "@vitest/coverage-v8": "^4.1.2",
73
- "vitest": "^4.1.2",
74
- "@sourceregistry/semantic-release-jsr": "^1.0.1",
75
- "typedoc": "^0.28.18"
67
+ "publint": "^0.3.21",
68
+ "svelte": "^5.56.3",
69
+ "svelte-check": "^4.6.0",
70
+ "typescript": "^6.0.3",
71
+ "vite": "^8.0.16",
72
+ "@vitest/coverage-v8": "^4.1.8",
73
+ "vitest": "^4.1.8",
74
+ "@sourceregistry/semantic-release-jsr": "^1.1.1",
75
+ "typedoc": "^0.28.19"
76
76
  },
77
77
  "keywords": [
78
78
  "sveltekit",
@@ -83,7 +83,7 @@
83
83
  "oauth"
84
84
  ],
85
85
  "dependencies": {
86
- "@sourceregistry/node-jwt": "^1.5.9"
86
+ "@sourceregistry/node-jwt": "^1.5.10"
87
87
  },
88
88
  "release": {
89
89
  "branches": [