npm - @thinkingcat/auth-utils - Versions diffs - 1.0.35 → 1.0.36 - Mend

@thinkingcat/auth-utils 1.0.35 → 1.0.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +9 -59
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -435,45 +435,20 @@ async function createAuthResponse(accessToken, secret, options) {
     }
     // accessTokenExpires 추가 (15분)
     jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
-    debugLog('createAuthResponse', 'JWT created:', {
+    debugLog('createAuthResponse', 'JWT prepared (NextAuth will encode it in API Routes):', {
         hasId: !!jwt.id,
         hasEmail: !!jwt.email,
         hasRole: !!jwt.role,
         hasRefreshToken: !!jwt.refreshToken,
     });
-    // 3. NextAuth session cookie 생성 (jose 사용으로 Edge/Node.js Runtime 호환)
-    const nextAuthToken = await encodeNextAuthToken(jwt, secret);
-    debugLog('createAuthResponse', 'NextAuth session token encoded:', {
-        tokenLength: nextAuthToken.length,
-        tokenPrefix: nextAuthToken.substring(0, 30) + '...',
-    });
-    // 4. Response 생성 (HTTP 302 리다이렉트 사용)
+    // 3. Response 생성 (HTTP 302 리다이렉트 사용)
     const { NextResponse: NextResponseClass } = await getNextServer();
     // redirectPath가 있으면 302 리다이렉트, 없으면 200 OK
     const response = redirectPath
         ? NextResponseClass.redirect(new URL(redirectPath, req.url), { status: 302 })
         : NextResponseClass.json({ success: true, message: text || 'Authentication successful' }, { status: 200 });
-    // 5. NextAuth session cookie 설정
-    const nextAuthCookieName = isProduction
-        ? '__Secure-next-auth.session-token'
-        : 'next-auth.session-token';
-    const cookieOptions = {
-        httpOnly: true,
-        secure: isProduction,
-        sameSite: isProduction ? 'none' : 'lax',
-        path: '/',
-        maxAge: 30 * 24 * 60 * 60, // 30일
-    };
-    if (cookieDomain) {
-        cookieOptions.domain = cookieDomain;
-    }
-    response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
-    debugLog('createAuthResponse', 'NextAuth session cookie set:', {
-        name: nextAuthCookieName,
-        valueLength: nextAuthToken.length,
-        ...cookieOptions,
-    });
-    // 6. 커스텀 토큰 쿠키 설정
+    // 4. 커스텀 토큰 쿠키만 설정
+    // NextAuth 쿠키는 handleJWTCallback에서 커스텀 토큰을 읽어서 자동 생성됨
     if (refreshToken) {
         setCustomTokens(response, accessToken, refreshToken, {
             cookiePrefix,
@@ -638,37 +613,12 @@ async function verifyAndRefreshToken(req, secret, options) {
                     catch {
                         // 토큰 검증 실패
                     }
-                    debugLog('verifyAndRefreshToken', 'Updating cookies with NextAuth session...');
-                    // NextResponse.next()를 생성하고 쿠키 설정
+                    debugLog('verifyAndRefreshToken', 'Updating custom cookies only (NextAuth will handle session)...');
+                    // NextResponse.next()를 생성하고 커스텀 토큰만 설정
                     const { NextResponse: NextResponseClass } = await getNextServer();
                     const response = NextResponseClass.next();
-                    // NextAuth JWT 생성
-                    const jwt = createNextAuthJWT(payload, serviceId);
-                    if (newRefreshToken) {
-                        jwt.refreshToken = newRefreshToken;
-                    }
-                    jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
-                    // NextAuth 세션 쿠키 설정 (jose 사용으로 Edge/Node.js Runtime 호환)
-                    const nextAuthToken = await encodeNextAuthToken(jwt, secret);
-                    const nextAuthCookieName = isProduction
-                        ? '__Secure-next-auth.session-token'
-                        : 'next-auth.session-token';
-                    const cookieOptions = {
-                        httpOnly: true,
-                        secure: isProduction,
-                        sameSite: isProduction ? 'none' : 'lax',
-                        path: '/',
-                        maxAge: 30 * 24 * 60 * 60,
-                    };
-                    if (cookieDomain) {
-                        cookieOptions.domain = cookieDomain;
-                    }
-                    response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
-                    debugLog('verifyAndRefreshToken', 'NextAuth session cookie set:', {
-                        name: nextAuthCookieName,
-                        valueLength: nextAuthToken.length,
-                    });
-                    // 커스텀 토큰 쿠키 설정
+                    // 커스텀 토큰 쿠키만 설정
+                    // NextAuth 쿠키는 handleJWTCallback에서 커스텀 토큰을 읽어서 자동 생성됨
                     if (newRefreshToken) {
                         setCustomTokens(response, refreshResult.accessToken, newRefreshToken, {
                             cookiePrefix,
@@ -683,7 +633,7 @@ async function verifyAndRefreshToken(req, secret, options) {
                             cookieDomain,
                         });
                     }
-                    debugLog('verifyAndRefreshToken', 'All cookies updated, continuing with current request');
+                    debugLog('verifyAndRefreshToken', 'Custom cookies updated, NextAuth will pick them up via handleJWTCallback');
                     return { isValid: true, response, payload };
                 }
                 catch (error) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.35",
+  "version": "1.0.36",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",