@sourceregistry/sveltekit-oidc 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +51 -0
- package/dist/client/OIDCContext.svelte +207 -205
- package/dist/client/OIDCContext.svelte.d.ts +1 -1
- package/dist/server/cookies.d.ts +2 -2
- package/dist/server/index.d.ts +2 -2
- package/dist/server/store.d.ts +3 -3
- package/dist/server/types.d.ts +27 -26
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -230,6 +230,57 @@ Now `event.locals.oidc?.claims?.roles` is `string[]` and `?.tenant` is `string |
|
|
|
230
230
|
|
|
231
231
|
If `transformClaims` (and friends) are omitted, `TClaims` defaults to `OIDCUserClaims` — existing setups keep working unchanged.
|
|
232
232
|
|
|
233
|
+
## Typed Custom Session
|
|
234
|
+
|
|
235
|
+
Backend apps commonly stash application-specific data on the session itself (e.g. `tenantId`, `permissions`) — not just inside `claims`/`user`. A second generic, `TSession`, is inferred from `transformSession`'s return type and threads through the session store, cookies, `event.locals.oidc`, and `handleCallback`'s result — again with no casts:
|
|
236
|
+
|
|
237
|
+
```ts
|
|
238
|
+
// src/lib/server/auth.ts
|
|
239
|
+
import { createOIDC, type OIDCSession } from 'sveltekit-oidc/server';
|
|
240
|
+
|
|
241
|
+
type AppSession = OIDCSession<AppClaims> & {
|
|
242
|
+
tenantId: string;
|
|
243
|
+
permissions: string[];
|
|
244
|
+
};
|
|
245
|
+
|
|
246
|
+
export const oidc = createOIDC({
|
|
247
|
+
issuer: 'https://your-idp.example.com',
|
|
248
|
+
clientId: process.env.OIDC_CLIENT_ID!,
|
|
249
|
+
cookieSecret: process.env.OIDC_COOKIE_SECRET!,
|
|
250
|
+
transformClaims: (claims) => ({ ...claims, tenant: claims.tenant as string | undefined }),
|
|
251
|
+
transformSession: (session): AppSession => ({
|
|
252
|
+
...session,
|
|
253
|
+
tenantId: session.claims?.tenant ?? 'default',
|
|
254
|
+
permissions: session.user?.roles ?? []
|
|
255
|
+
})
|
|
256
|
+
});
|
|
257
|
+
```
|
|
258
|
+
|
|
259
|
+
Extract the inferred type with `OIDCInferSession` and apply it alongside `OIDCInferClaims`:
|
|
260
|
+
|
|
261
|
+
```ts
|
|
262
|
+
// src/app.d.ts
|
|
263
|
+
import type { OIDCHandleLocals, OIDCInferClaims, OIDCInferSession } from 'sveltekit-oidc/server';
|
|
264
|
+
import { oidc } from '$lib/server/auth';
|
|
265
|
+
|
|
266
|
+
export type AppClaims = OIDCInferClaims<typeof oidc>;
|
|
267
|
+
export type AppSession = OIDCInferSession<typeof oidc>;
|
|
268
|
+
|
|
269
|
+
declare global {
|
|
270
|
+
namespace App {
|
|
271
|
+
interface Locals {
|
|
272
|
+
oidc?: OIDCHandleLocals<AppClaims, AppSession>;
|
|
273
|
+
}
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
|
|
277
|
+
export {};
|
|
278
|
+
```
|
|
279
|
+
|
|
280
|
+
Now `event.locals.oidc?.session?.tenantId` is `string` and `?.permissions` is `string[]` everywhere — and `oidc.requireAuth(event)` / `handleCallback`'s `onsuccess` resolve to `AppSession` directly.
|
|
281
|
+
|
|
282
|
+
If `transformSession` is omitted, `TSession` defaults to `OIDCSession<TClaims>` — existing setups keep working unchanged.
|
|
283
|
+
|
|
233
284
|
## Example App
|
|
234
285
|
|
|
235
286
|
This repository now includes a runnable example under [src/routes](C:/Users/alexa/WebstormProjects/github.com/SourceRegistry/sveltekit-oidc/src/routes) and [src/hooks.server.ts](C:/Users/alexa/WebstormProjects/github.com/SourceRegistry/sveltekit-oidc/src/hooks.server.ts).
|
|
@@ -1,212 +1,214 @@
|
|
|
1
|
+
<script lang="ts" module>
|
|
2
|
+
import type {
|
|
3
|
+
OIDCPublicSession,
|
|
4
|
+
OIDCSessionManagementConfig, OIDCUserClaims
|
|
5
|
+
} from '../server/index.js';
|
|
6
|
+
</script>
|
|
7
|
+
|
|
1
8
|
<script lang="ts" generics="TClaims extends OIDCUserClaims = OIDCUserClaims">
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
return () => {
|
|
196
|
-
window.clearInterval(poll);
|
|
197
|
-
window.removeEventListener('message', onMessage);
|
|
198
|
-
};
|
|
199
|
-
});
|
|
9
|
+
import {goto, invalidateAll} from '$app/navigation';
|
|
10
|
+
import type {Snippet} from 'svelte';
|
|
11
|
+
|
|
12
|
+
import {setOIDCContext} from './context.js';
|
|
13
|
+
|
|
14
|
+
type RedirectMode = 'login' | 'logout' | 'reload' | 'none';
|
|
15
|
+
|
|
16
|
+
let {
|
|
17
|
+
session = null,
|
|
18
|
+
config,
|
|
19
|
+
loginPath,
|
|
20
|
+
logoutPath = '/auth/logout',
|
|
21
|
+
checkSessionIntervalMs = 5000,
|
|
22
|
+
revalidateIntervalMs = 30000,
|
|
23
|
+
redirectOnExpired = 'login',
|
|
24
|
+
redirectOnRevoked = 'login',
|
|
25
|
+
redirectIfUnauthenticated = false,
|
|
26
|
+
children
|
|
27
|
+
}: {
|
|
28
|
+
session?: OIDCPublicSession<TClaims> | null;
|
|
29
|
+
config: OIDCSessionManagementConfig;
|
|
30
|
+
loginPath?: string;
|
|
31
|
+
logoutPath?: string;
|
|
32
|
+
checkSessionIntervalMs?: number;
|
|
33
|
+
revalidateIntervalMs?: number;
|
|
34
|
+
redirectOnExpired?: RedirectMode;
|
|
35
|
+
redirectOnRevoked?: RedirectMode;
|
|
36
|
+
redirectIfUnauthenticated?: boolean;
|
|
37
|
+
children?: Snippet;
|
|
38
|
+
} = $props();
|
|
39
|
+
|
|
40
|
+
let iframe = $state<HTMLIFrameElement | undefined>(undefined);
|
|
41
|
+
let status = $state<'authenticated' | 'unauthenticated' | 'expired' | 'revoked'>('unauthenticated');
|
|
42
|
+
let handledUnauthenticated = $state(false);
|
|
43
|
+
|
|
44
|
+
const metadata = $derived(config.metadata);
|
|
45
|
+
const resolvedLoginPath = $derived(loginPath ?? config.loginPath ?? '/auth/login');
|
|
46
|
+
const iframeUrl = $derived(
|
|
47
|
+
config.metadata.check_session_iframe ?? config.checkSessionIframe ?? undefined
|
|
48
|
+
);
|
|
49
|
+
const canMonitorIframe = $derived(
|
|
50
|
+
Boolean(session?.isAuthenticated && session?.sessionState && iframeUrl)
|
|
51
|
+
);
|
|
52
|
+
|
|
53
|
+
const context = setOIDCContext<TClaims>({
|
|
54
|
+
get isAuthenticated() {
|
|
55
|
+
return Boolean(session?.isAuthenticated);
|
|
56
|
+
},
|
|
57
|
+
get session() {
|
|
58
|
+
return session;
|
|
59
|
+
},
|
|
60
|
+
get user() {
|
|
61
|
+
return session?.user;
|
|
62
|
+
},
|
|
63
|
+
get claims() {
|
|
64
|
+
return session?.claims;
|
|
65
|
+
},
|
|
66
|
+
get groups() {
|
|
67
|
+
return session?.groups ?? [];
|
|
68
|
+
},
|
|
69
|
+
get metadata() {
|
|
70
|
+
return metadata;
|
|
71
|
+
},
|
|
72
|
+
get status() {
|
|
73
|
+
return status;
|
|
74
|
+
},
|
|
75
|
+
login: (returnTo?: string) => login(returnTo),
|
|
76
|
+
logout,
|
|
77
|
+
revalidate
|
|
78
|
+
});
|
|
79
|
+
|
|
80
|
+
void context;
|
|
81
|
+
|
|
82
|
+
function buildLoginUrl(returnTo = `${window.location.pathname}${window.location.search}`) {
|
|
83
|
+
return `${resolvedLoginPath}?returnTo=${encodeURIComponent(returnTo)}`;
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
async function logout(clearSessionOnly = false) {
|
|
87
|
+
const body = new URLSearchParams();
|
|
88
|
+
if (clearSessionOnly) {
|
|
89
|
+
body.set('clearSessionOnly', '1');
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
await fetch(logoutPath, {
|
|
93
|
+
method: 'POST',
|
|
94
|
+
headers: {
|
|
95
|
+
'content-type': 'application/x-www-form-urlencoded'
|
|
96
|
+
},
|
|
97
|
+
body
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
function login(returnTo?: string) {
|
|
102
|
+
void goto(buildLoginUrl(returnTo), {invalidateAll: false});
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
async function revalidate() {
|
|
106
|
+
await invalidateAll();
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
async function handleRedirect(mode: RedirectMode) {
|
|
110
|
+
if (mode === 'none') {
|
|
111
|
+
return;
|
|
112
|
+
}
|
|
113
|
+
if (mode === 'reload') {
|
|
114
|
+
window.location.reload();
|
|
115
|
+
return;
|
|
116
|
+
}
|
|
117
|
+
if (mode === 'logout') {
|
|
118
|
+
await logout(true);
|
|
119
|
+
window.location.reload();
|
|
120
|
+
return;
|
|
121
|
+
}
|
|
122
|
+
|
|
123
|
+
login();
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
$effect(() => {
|
|
127
|
+
const isAuthenticated = Boolean(session?.isAuthenticated);
|
|
128
|
+
status = isAuthenticated ? 'authenticated' : status === 'authenticated' ? 'unauthenticated' : status;
|
|
129
|
+
});
|
|
130
|
+
|
|
131
|
+
$effect(() => {
|
|
132
|
+
if (!session?.isAuthenticated || !session.expiresAt) {
|
|
133
|
+
return;
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
const timeoutMs = Math.max(0, session.expiresAt * 1000 - Date.now());
|
|
137
|
+
const timer = window.setTimeout(() => {
|
|
138
|
+
status = 'expired';
|
|
139
|
+
void handleRedirect(redirectOnExpired);
|
|
140
|
+
}, timeoutMs);
|
|
141
|
+
|
|
142
|
+
return () => window.clearTimeout(timer);
|
|
143
|
+
});
|
|
144
|
+
|
|
145
|
+
$effect(() => {
|
|
146
|
+
if (!session?.isAuthenticated || !revalidateIntervalMs) {
|
|
147
|
+
return;
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
const timer = window.setInterval(() => {
|
|
151
|
+
void revalidate();
|
|
152
|
+
}, revalidateIntervalMs);
|
|
153
|
+
|
|
154
|
+
return () => window.clearInterval(timer);
|
|
155
|
+
});
|
|
156
|
+
|
|
157
|
+
$effect(() => {
|
|
158
|
+
if (session?.isAuthenticated) {
|
|
159
|
+
handledUnauthenticated = false;
|
|
160
|
+
return;
|
|
161
|
+
}
|
|
162
|
+
if (!redirectIfUnauthenticated || handledUnauthenticated) {
|
|
163
|
+
return;
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
handledUnauthenticated = true;
|
|
167
|
+
status = status === 'expired' || status === 'revoked' ? status : 'unauthenticated';
|
|
168
|
+
void handleRedirect(status === 'revoked' ? redirectOnRevoked : redirectOnExpired);
|
|
169
|
+
});
|
|
170
|
+
|
|
171
|
+
$effect(() => {
|
|
172
|
+
if (!canMonitorIframe || !iframeUrl || !iframe) {
|
|
173
|
+
return;
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
const targetOrigin = new URL(iframeUrl).origin;
|
|
177
|
+
const poll = window.setInterval(() => {
|
|
178
|
+
if (!iframe?.contentWindow || !session?.sessionState) {
|
|
179
|
+
return;
|
|
180
|
+
}
|
|
181
|
+
|
|
182
|
+
iframe.contentWindow.postMessage(`${config.clientId} ${session.sessionState}`, targetOrigin);
|
|
183
|
+
}, checkSessionIntervalMs);
|
|
184
|
+
|
|
185
|
+
const onMessage = (event: MessageEvent) => {
|
|
186
|
+
if (event.origin !== targetOrigin || typeof event.data !== 'string') {
|
|
187
|
+
return;
|
|
188
|
+
}
|
|
189
|
+
if (event.data === 'changed' || event.data === 'error') {
|
|
190
|
+
status = 'revoked';
|
|
191
|
+
void logout(true).then(() => handleRedirect(redirectOnRevoked));
|
|
192
|
+
}
|
|
193
|
+
};
|
|
194
|
+
|
|
195
|
+
window.addEventListener('message', onMessage);
|
|
196
|
+
|
|
197
|
+
return () => {
|
|
198
|
+
window.clearInterval(poll);
|
|
199
|
+
window.removeEventListener('message', onMessage);
|
|
200
|
+
};
|
|
201
|
+
});
|
|
200
202
|
</script>
|
|
201
203
|
|
|
202
204
|
{#if canMonitorIframe && iframeUrl}
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
205
|
+
<iframe
|
|
206
|
+
bind:this={iframe}
|
|
207
|
+
title="OIDC session monitor"
|
|
208
|
+
src={iframeUrl}
|
|
209
|
+
hidden
|
|
210
|
+
aria-hidden="true"
|
|
211
|
+
></iframe>
|
|
210
212
|
{/if}
|
|
211
213
|
|
|
212
214
|
{@render children?.()}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { Snippet } from 'svelte';
|
|
2
1
|
import type { OIDCPublicSession, OIDCSessionManagementConfig, OIDCUserClaims } from '../server/index.js';
|
|
2
|
+
import type { Snippet } from 'svelte';
|
|
3
3
|
declare function $$render<TClaims extends OIDCUserClaims = OIDCUserClaims>(): {
|
|
4
4
|
props: {
|
|
5
5
|
session?: OIDCPublicSession<TClaims> | null;
|
package/dist/server/cookies.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import type { CookieOptions, OIDCCookies, OIDCUserClaims } from './types.js';
|
|
2
|
-
export declare function createOIDCCookieStore<TClaims extends OIDCUserClaims = OIDCUserClaims>(cookieSecret: string, sessionCookieName: string, stateCookieName: string, cookieOptions: CookieOptions): OIDCCookies<TClaims>;
|
|
1
|
+
import type { CookieOptions, OIDCCookies, OIDCSession, OIDCUserClaims } from './types.js';
|
|
2
|
+
export declare function createOIDCCookieStore<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>>(cookieSecret: string, sessionCookieName: string, stateCookieName: string, cookieOptions: CookieOptions): OIDCCookies<TClaims, TSession>;
|
package/dist/server/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { OIDCOptions, OIDCInstance, OIDCUserClaims } from './types.js';
|
|
1
|
+
import type { OIDCOptions, OIDCInstance, OIDCSession, OIDCUserClaims } from './types.js';
|
|
2
2
|
export type * from './types.js';
|
|
3
3
|
export { createInMemoryBackChannelLogoutStore, createInMemorySessionStore } from './store.js';
|
|
4
|
-
export declare function createOIDC<TClaims extends OIDCUserClaims = OIDCUserClaims>(options: OIDCOptions<TClaims>): OIDCInstance<TClaims>;
|
|
4
|
+
export declare function createOIDC<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>>(options: OIDCOptions<TClaims, TSession>): OIDCInstance<TClaims, TSession>;
|
|
5
5
|
export declare const OpenIDConnect: typeof createOIDC;
|
package/dist/server/store.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import type { OIDCBackChannelLogoutStore, OIDCSessionStore, OIDCUserClaims } from './types.js';
|
|
2
|
-
export declare function createInMemoryBackChannelLogoutStore<TClaims extends OIDCUserClaims = OIDCUserClaims>(): OIDCBackChannelLogoutStore<TClaims>;
|
|
3
|
-
export declare function createInMemorySessionStore<TClaims extends OIDCUserClaims = OIDCUserClaims>(): OIDCSessionStore<TClaims>;
|
|
1
|
+
import type { OIDCBackChannelLogoutStore, OIDCSession, OIDCSessionStore, OIDCUserClaims } from './types.js';
|
|
2
|
+
export declare function createInMemoryBackChannelLogoutStore<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>>(): OIDCBackChannelLogoutStore<TClaims, TSession>;
|
|
3
|
+
export declare function createInMemorySessionStore<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>>(): OIDCSessionStore<TClaims, TSession>;
|
package/dist/server/types.d.ts
CHANGED
|
@@ -114,13 +114,13 @@ export type OIDCBackChannelLogoutRecord = {
|
|
|
114
114
|
jti: string;
|
|
115
115
|
iat: number;
|
|
116
116
|
};
|
|
117
|
-
export type OIDCBackChannelLogoutStore<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
117
|
+
export type OIDCBackChannelLogoutStore<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>> = {
|
|
118
118
|
revoke(record: OIDCBackChannelLogoutRecord): MaybePromise<void>;
|
|
119
|
-
isRevoked(session:
|
|
119
|
+
isRevoked(session: TSession): MaybePromise<boolean>;
|
|
120
120
|
};
|
|
121
|
-
export type OIDCSessionStore<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
122
|
-
get(sessionId: string): MaybePromise<
|
|
123
|
-
set(sessionId: string, session:
|
|
121
|
+
export type OIDCSessionStore<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>> = {
|
|
122
|
+
get(sessionId: string): MaybePromise<TSession | null>;
|
|
123
|
+
set(sessionId: string, session: TSession): MaybePromise<void>;
|
|
124
124
|
delete(sessionId: string): MaybePromise<void>;
|
|
125
125
|
};
|
|
126
126
|
export type OIDCSessionManagementConfig = {
|
|
@@ -133,7 +133,7 @@ export type OIDCSessionManagementConfig = {
|
|
|
133
133
|
backChannelLogoutSupported: boolean;
|
|
134
134
|
backChannelLogoutSessionSupported: boolean;
|
|
135
135
|
};
|
|
136
|
-
export type OIDCOptions<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
136
|
+
export type OIDCOptions<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>> = {
|
|
137
137
|
issuer?: string;
|
|
138
138
|
discoveryUrl?: string;
|
|
139
139
|
clientId: string;
|
|
@@ -155,8 +155,8 @@ export type OIDCOptions<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
|
155
155
|
refreshToleranceSeconds?: number;
|
|
156
156
|
defaultLoginRedirect?: string;
|
|
157
157
|
defaultLogoutRedirect?: string;
|
|
158
|
-
sessionStore?: OIDCSessionStore<TClaims>;
|
|
159
|
-
backChannelLogoutStore?: OIDCBackChannelLogoutStore<TClaims>;
|
|
158
|
+
sessionStore?: OIDCSessionStore<TClaims, TSession>;
|
|
159
|
+
backChannelLogoutStore?: OIDCBackChannelLogoutStore<TClaims, TSession>;
|
|
160
160
|
transformClaims?: (claims: OIDCUserClaims) => MaybePromise<TClaims>;
|
|
161
161
|
transformUser?: (user: OIDCUserClaims | undefined, context: {
|
|
162
162
|
claims?: TClaims;
|
|
@@ -167,7 +167,7 @@ export type OIDCOptions<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
|
167
167
|
claims?: TClaims;
|
|
168
168
|
user?: TClaims;
|
|
169
169
|
isRefresh: boolean;
|
|
170
|
-
}) => MaybePromise<
|
|
170
|
+
}) => MaybePromise<TSession>;
|
|
171
171
|
endpoints?: Partial<OIDCDiscoveryDocument>;
|
|
172
172
|
};
|
|
173
173
|
export type OIDCLoginOptions = {
|
|
@@ -181,16 +181,16 @@ export type OIDCLogoutOptions = {
|
|
|
181
181
|
state?: string;
|
|
182
182
|
clearSessionOnly?: boolean;
|
|
183
183
|
};
|
|
184
|
-
export type OIDCCallbackResult<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
185
|
-
session:
|
|
184
|
+
export type OIDCCallbackResult<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>> = {
|
|
185
|
+
session: TSession;
|
|
186
186
|
returnTo: string;
|
|
187
187
|
};
|
|
188
|
-
export type OIDCHandleLocals<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
188
|
+
export type OIDCHandleLocals<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>> = {
|
|
189
189
|
isAuthenticated: boolean;
|
|
190
|
-
session:
|
|
190
|
+
session: TSession | null;
|
|
191
191
|
user?: TClaims;
|
|
192
192
|
claims?: TClaims;
|
|
193
|
-
requireAuth: () => Promise<
|
|
193
|
+
requireAuth: () => Promise<TSession>;
|
|
194
194
|
clearSession: () => Promise<void>;
|
|
195
195
|
};
|
|
196
196
|
export type OIDCStateCookie = {
|
|
@@ -200,8 +200,8 @@ export type OIDCStateCookie = {
|
|
|
200
200
|
returnTo: string;
|
|
201
201
|
createdAt: number;
|
|
202
202
|
};
|
|
203
|
-
export type OIDCCallbackHandlerOptions<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
204
|
-
onsuccess?: (event: RequestEvent, result: OIDCCallbackResult<TClaims>) => MaybePromise<Response | void>;
|
|
203
|
+
export type OIDCCallbackHandlerOptions<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>> = {
|
|
204
|
+
onsuccess?: (event: RequestEvent, result: OIDCCallbackResult<TClaims, TSession>) => MaybePromise<Response | void>;
|
|
205
205
|
onfailure?: (event: RequestEvent, err: unknown) => MaybePromise<Response | void>;
|
|
206
206
|
redirectTo?: string;
|
|
207
207
|
};
|
|
@@ -214,9 +214,9 @@ export type OIDCClientAssertionOptions = {
|
|
|
214
214
|
clientId: string;
|
|
215
215
|
clientSecret?: string;
|
|
216
216
|
};
|
|
217
|
-
export type OIDCCookies<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
218
|
-
readSession(cookies: Cookies):
|
|
219
|
-
writeSession(cookies: Cookies, session:
|
|
217
|
+
export type OIDCCookies<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>> = {
|
|
218
|
+
readSession(cookies: Cookies): TSession | null;
|
|
219
|
+
writeSession(cookies: Cookies, session: TSession): void;
|
|
220
220
|
clearSession(cookies: Cookies): void;
|
|
221
221
|
readSessionReference(cookies: Cookies): {
|
|
222
222
|
id: string;
|
|
@@ -229,29 +229,30 @@ export type OIDCCookies<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
|
229
229
|
writeState(cookies: Cookies, state: OIDCStateCookie): void;
|
|
230
230
|
clearState(cookies: Cookies): void;
|
|
231
231
|
};
|
|
232
|
-
export type OIDCPersistedSession<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
232
|
+
export type OIDCPersistedSession<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>> = {
|
|
233
233
|
id?: string;
|
|
234
|
-
session:
|
|
234
|
+
session: TSession;
|
|
235
235
|
};
|
|
236
|
-
export type OIDCInstance<TClaims extends OIDCUserClaims = OIDCUserClaims> = {
|
|
236
|
+
export type OIDCInstance<TClaims extends OIDCUserClaims = OIDCUserClaims, TSession extends OIDCSession<TClaims> = OIDCSession<TClaims>> = {
|
|
237
237
|
handle: Handle;
|
|
238
238
|
getMetadata: () => Promise<OIDCDiscoveryDocument>;
|
|
239
|
-
getSession: (event: RequestEvent) => Promise<
|
|
239
|
+
getSession: (event: RequestEvent) => Promise<TSession | null>;
|
|
240
240
|
getPublicSession: (event: RequestEvent) => Promise<OIDCPublicSession<TClaims> | null>;
|
|
241
241
|
getSessionManagementConfig: () => Promise<OIDCSessionManagementConfig>;
|
|
242
242
|
login: (event: RequestEvent, loginOptions?: OIDCLoginOptions) => Promise<never>;
|
|
243
243
|
logout: (event: RequestEvent, logoutOptions?: OIDCLogoutOptions) => Promise<never>;
|
|
244
|
-
handleCallback: (event: RequestEvent) => Promise<OIDCCallbackResult<TClaims>>;
|
|
244
|
+
handleCallback: (event: RequestEvent) => Promise<OIDCCallbackResult<TClaims, TSession>>;
|
|
245
245
|
handleBackChannelLogout: (event: RequestEvent) => Promise<Response>;
|
|
246
246
|
loginHandler: (defaults?: OIDCLoginOptions) => RequestHandler;
|
|
247
|
-
callbackHandler: (handlerOptions?: OIDCCallbackHandlerOptions<TClaims>) => RequestHandler;
|
|
247
|
+
callbackHandler: (handlerOptions?: OIDCCallbackHandlerOptions<TClaims, TSession>) => RequestHandler;
|
|
248
248
|
logoutHandler: (defaults?: OIDCLogoutOptions) => RequestHandler;
|
|
249
249
|
backChannelLogoutHandler: () => RequestHandler;
|
|
250
250
|
createActions: (actionOptions?: OIDCActionOptions) => Readonly<{
|
|
251
251
|
login: Action;
|
|
252
252
|
logout: Action;
|
|
253
253
|
}>;
|
|
254
|
-
requireAuth: (event: RequestEvent, returnTo?: string) => Promise<
|
|
254
|
+
requireAuth: (event: RequestEvent, returnTo?: string) => Promise<TSession>;
|
|
255
255
|
clearSession: (cookies: Cookies) => Promise<void>;
|
|
256
256
|
};
|
|
257
257
|
export type OIDCInferClaims<T> = T extends OIDCInstance<infer TClaims> ? TClaims : OIDCUserClaims;
|
|
258
|
+
export type OIDCInferSession<T> = T extends OIDCInstance<infer _TClaims, infer TSession> ? TSession : OIDCSession<OIDCUserClaims>;
|