@startsimpli/auth 0.4.13 → 0.4.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/src/client/auth-client.ts +2 -0
  3. package/src/client/auth-context.tsx +18 -1
  4. package/src/types/index.ts +15 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@startsimpli/auth",
3
- "version": "0.4.13",
3
+ "version": "0.4.14",
4
4
  "description": "Shared authentication package for StartSimpli Next.js apps",
5
5
  "main": "./src/index.ts",
6
6
  "types": "./src/index.ts",
package/src/client/auth-client.ts CHANGED
@@ -53,6 +53,8 @@ export class AuthClient {
53
53
  tokenRefreshInterval: 4 * 60 * 1000, // 4 minutes
54
54
  onSessionExpired: () => {},
55
55
  onUnauthorized: () => {},
56
+ loginPath: '',
57
+ callbackParam: 'callbackUrl',
56
58
  ...config,
57
59
  };
58
60
  }
package/src/client/auth-context.tsx CHANGED
@@ -110,13 +110,30 @@ export function AuthProvider({
110
110
 
111
111
  // Session expiration handler — covers both AuthClient timer and authFetch 401
112
112
  useEffect(() => {
113
+ // Capture the consumer's onSessionExpired before we overwrite it below.
114
+ const consumerCallback = config.onSessionExpired;
115
+ const loginPath = config.loginPath;
116
+ const callbackParam = config.callbackParam ?? 'callbackUrl';
117
+
113
118
  const handleExpired = () => {
114
119
  setState({
115
120
  session: null,
116
121
  isLoading: false,
117
122
  isAuthenticated: false,
118
123
  });
119
- config.onSessionExpired?.();
124
+ consumerCallback?.();
125
+
126
+ // Redirect to login if configured. Done after state reset + consumer
127
+ // callback so any cleanup runs first. window.location avoids pulling
128
+ // a router dep into the shared package — works in any framework.
129
+ if (loginPath && typeof window !== 'undefined') {
130
+ const here = window.location.pathname + window.location.search;
131
+ const isOnLogin = window.location.pathname.startsWith(loginPath);
132
+ if (!isOnLogin) {
133
+ const callback = encodeURIComponent(here);
134
+ window.location.href = `${loginPath}?${callbackParam}=${callback}`;
135
+ }
136
+ }
120
137
  };
121
138
 
122
139
  config.onSessionExpired = handleExpired;
package/src/types/index.ts CHANGED
@@ -111,6 +111,21 @@ export interface AuthConfig {
111
111
  tokenRefreshInterval?: number; // milliseconds, default 4 minutes
112
112
  onSessionExpired?: () => void;
113
113
  onUnauthorized?: () => void;
114
+ /**
115
+ * If set, AuthProvider redirects the browser here when the session is
116
+ * lost (refresh-token rejected, manual logout, etc.). The current path
117
+ * is appended as a query param so the login page can return the user.
118
+ * Same value the server-side middleware uses, e.g. `/auth/signin`.
119
+ * Without this set, session loss only resets React state and the user
120
+ * can be left on a page where every subsequent request silently 403s
121
+ * (raise-simpli-lxv).
122
+ */
123
+ loginPath?: string;
124
+ /**
125
+ * Query-param name appended to `loginPath` to carry the return URL.
126
+ * Defaults to `callbackUrl` to match the shared server middleware.
127
+ */
128
+ callbackParam?: string;
114
129
  }
115
130
 
116
131
  /**