@thinkingcat/auth-utils 1.0.37 → 1.0.38

package/dist/index.js

@@ -435,20 +435,44 @@ async function createAuthResponse(accessToken, secret, options) {
     }
     // accessTokenExpires 추가 (15분)
     jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
-    debugLog('createAuthResponse', 'JWT prepared (NextAuth will encode it in API Routes):', {
+    debugLog('createAuthResponse', 'JWT created:', {
         hasId: !!jwt.id,
         hasEmail: !!jwt.email,
         hasRole: !!jwt.role,
         hasRefreshToken: !!jwt.refreshToken,
     });
-    // 3. Response 생성 (HTTP 302 리다이렉트 사용)
+    // 3. NextAuth 세션 쿠키 생성 (jose 사용)
+    const nextAuthToken = await encodeNextAuthToken(jwt, secret);
+    debugLog('createAuthResponse', 'NextAuth session token encoded:', {
+        tokenLength: nextAuthToken.length,
+    });
+    // 4. Response 생성 (HTTP 302 리다이렉트 사용)
     const { NextResponse: NextResponseClass } = await getNextServer();
     // redirectPath가 있으면 302 리다이렉트, 없으면 200 OK
     const response = redirectPath
         ? NextResponseClass.redirect(new URL(redirectPath, req.url), { status: 302 })
         : NextResponseClass.json({ success: true, message: text || 'Authentication successful' }, { status: 200 });
-    // 4. 커스텀 토큰 쿠키만 설정
-    // NextAuth 쿠키는 handleJWTCallback에서 커스텀 토큰을 읽어서 자동 생성됨
+    // 5. NextAuth 세션 쿠키 설정
+    const nextAuthCookieName = isProduction
+        ? '__Secure-next-auth.session-token'
+        : 'next-auth.session-token';
+    const cookieOptions = {
+        httpOnly: true,
+        secure: isProduction,
+        sameSite: isProduction ? 'none' : 'lax',
+        path: '/',
+        maxAge: 30 * 24 * 60 * 60, // 30일
+    };
+    if (cookieDomain) {
+        cookieOptions.domain = cookieDomain;
+    }
+    response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
+    debugLog('createAuthResponse', 'NextAuth session cookie set:', {
+        name: nextAuthCookieName,
+        valueLength: nextAuthToken.length,
+        ...cookieOptions,
+    });
+    // 6. 커스텀 토큰 쿠키 설정
     if (refreshToken) {
         setCustomTokens(response, accessToken, refreshToken, {
             cookiePrefix,
@@ -613,12 +637,43 @@ async function verifyAndRefreshToken(req, secret, options) {
                     catch {
                         // 토큰 검증 실패
                     }
-                    debugLog('verifyAndRefreshToken', 'Updating custom cookies only (NextAuth will handle session)...');
-                    // NextResponse.next()를 생성하고 커스텀 토큰만 설정
+                    debugLog('verifyAndRefreshToken', 'Updating cookies including NextAuth session...');
+                    // NextResponse.next()를 생성
                     const { NextResponse: NextResponseClass } = await getNextServer();
                     const response = NextResponseClass.next();
-                    // 커스텀 토큰 쿠키만 설정
-                    // NextAuth 쿠키는 handleJWTCallback에서 커스텀 토큰을 읽어서 자동 생성됨
+                    // NextAuth JWT 생성
+                    const jwt = createNextAuthJWT(payload, serviceId);
+                    if (newRefreshToken) {
+                        jwt.refreshToken = newRefreshToken;
+                    }
+                    jwt.accessTokenExpires = Date.now() + (15 * 60 * 1000);
+                    // NextAuth 세션 쿠키 생성 (jose 사용)
+                    try {
+                        const nextAuthToken = await encodeNextAuthToken(jwt, secret);
+                        const nextAuthCookieName = isProduction
+                            ? '__Secure-next-auth.session-token'
+                            : 'next-auth.session-token';
+                        const cookieOptions = {
+                            httpOnly: true,
+                            secure: isProduction,
+                            sameSite: isProduction ? 'none' : 'lax',
+                            path: '/',
+                            maxAge: 30 * 24 * 60 * 60,
+                        };
+                        if (cookieDomain) {
+                            cookieOptions.domain = cookieDomain;
+                        }
+                        response.cookies.set(nextAuthCookieName, nextAuthToken, cookieOptions);
+                        debugLog('verifyAndRefreshToken', 'NextAuth session cookie set:', {
+                            name: nextAuthCookieName,
+                            valueLength: nextAuthToken.length,
+                        });
+                    }
+                    catch (error) {
+                        debugError('verifyAndRefreshToken', 'Failed to set NextAuth cookie:', error);
+                        // Continue even if NextAuth cookie fails
+                    }
+                    // 커스텀 토큰 쿠키 설정
                     if (newRefreshToken) {
                         setCustomTokens(response, refreshResult.accessToken, newRefreshToken, {
                             cookiePrefix,
@@ -633,7 +688,7 @@ async function verifyAndRefreshToken(req, secret, options) {
                             cookieDomain,
                         });
                     }
-                    debugLog('verifyAndRefreshToken', 'Custom cookies updated, NextAuth will pick them up via handleJWTCallback');
+                    debugLog('verifyAndRefreshToken', 'All cookies updated');
                     return { isValid: true, response, payload };
                 }
                 catch (error) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thinkingcat/auth-utils",
-  "version": "1.0.37",
+  "version": "1.0.38",
   "description": "Authentication utilities for ThinkingCat SSO services with conditional logging",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",