@thinkingcat/auth-utils 1.0.22 → 1.0.24

package/dist/index.js

@@ -419,14 +419,21 @@ async function createAuthResponse(accessToken, secret, options) {
     const { payload } = tokenResult;
     // 2. NextAuth JWT 생성
     const jwt = createNextAuthJWT(payload, serviceId);
+    // refreshToken 추가
+    if (refreshToken) {
+        jwt.refreshToken = refreshToken;
+    }
+    // accessTokenExpires 추가 (15분)
+    jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
     debugLog('createAuthResponse', 'JWT created:', {
         hasId: !!jwt.id,
         hasEmail: !!jwt.email,
         hasRole: !!jwt.role,
+        hasRefreshToken: !!jwt.refreshToken,
     });
-    // 3. NextAuth 세션 토큰 생성 전략
-    // NextAuth의 JWT 콜백이 custom tokens를 읽어서 자동으로 NextAuth 세션을 생성
-    debugLog('createAuthResponse', 'Custom tokens will be set, NextAuth JWT callback will handle session creation');
+    // 3. NextAuth session cookie 생성
+    const nextAuthToken = await encodeNextAuthToken(jwt, secret);
+    debugLog('createAuthResponse', 'NextAuth session token encoded');
     // 5. HTML 생성
     const displayText = text || serviceId;
     const html = redirectPath
@@ -440,7 +447,23 @@ async function createAuthResponse(accessToken, secret, options) {
             'Content-Type': 'text/html',
         },
     });
-    // 4. 쿠키 설정
+    // 4. NextAuth session cookie 설정
+    const nextAuthCookieName = isProduction
+        ? '__Secure-next-auth.session-token'
+        : 'next-auth.session-token';
+    const cookieOptions = {
+        httpOnly: true,
+        secure: isProduction,
+        sameSite: isProduction ? 'none' : 'lax',
+        path: '/',
+        maxAge: 30 * 24 * 60 * 60, // 30일
+    };
+    if (cookieDomain) {
+        cookieOptions.domain = cookieDomain;
+    }
+    response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
+    debugLog('createAuthResponse', 'NextAuth session cookie set:', nextAuthCookieName);
+    // 5. 커스텀 토큰 쿠키 설정
     if (refreshToken) {
         setCustomTokens(response, accessToken, refreshToken, {
             cookiePrefix,
@@ -1233,20 +1256,25 @@ async function verifyAndRefreshTokenWithNextAuth(req, nextAuthToken, secret, opt
         hasValidAccess: hasValidAccessToken,
         hasRefresh: !!refreshToken,
     });
-    // NextAuth 토큰 또는 access token 중 하나라도 유효하면 통과
-    if (hasValidNextAuthToken || hasValidAccessToken) {
-        debugLog('verifyAndRefreshTokenWithNextAuth', 'At least one token is valid');
+    // NextAuth cookie와 access token이 모두 유효하면 통과
+    if (hasValidNextAuthToken && hasValidAccessToken) {
+        debugLog('verifyAndRefreshTokenWithNextAuth', 'Both NextAuth and access tokens are valid');
         return { isValid: true };
     }
-    // 둘 다 없으면 refresh token으로 갱신 시도
-    if (refreshToken) {
-        debugLog('verifyAndRefreshTokenWithNextAuth', 'No valid tokens, attempting refresh');
+    // NextAuth cookie가 없거나 access token이 없으면 refresh 시도
+    if (refreshToken && (!hasValidNextAuthToken || !hasValidAccessToken)) {
+        debugLog('verifyAndRefreshTokenWithNextAuth', 'Missing NextAuth or access token, attempting refresh');
         const authCheck = await verifyAndRefreshToken(req, secret, {
             ...options,
             forceRefresh: true,
         });
         return authCheck;
     }
+    // 하나라도 유효하면 일단 통과 (refresh token이 없는 경우)
+    if (hasValidNextAuthToken || hasValidAccessToken) {
+        debugLog('verifyAndRefreshTokenWithNextAuth', 'At least one token is valid (no refresh token)');
+        return { isValid: true };
+    }
     debugLog('verifyAndRefreshTokenWithNextAuth', 'No tokens available');
     return { isValid: false, error: 'NO_TOKEN' };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.22",
+  "version": "1.0.24",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",