@thinkingcat/auth-utils 2.0.10 → 2.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/jwt.js +2 -2
- package/dist/core/verify.js +4 -3
- package/dist/middleware/handler.js +1 -1
- package/dist/nextauth/callbacks.js +4 -1
- package/dist/sso/api.d.ts +1 -0
- package/dist/sso/api.js +5 -2
- package/dist/types/index.d.ts +2 -2
- package/package.json +1 -1
package/dist/core/jwt.js
CHANGED
|
@@ -49,7 +49,7 @@ async function verifyToken(accessToken, secret) {
|
|
|
49
49
|
try {
|
|
50
50
|
const secretBytes = new TextEncoder().encode(secret);
|
|
51
51
|
const { payload } = await (0, jose_1.jwtVerify)(accessToken, secretBytes);
|
|
52
|
-
if (payload && typeof payload === 'object' && payload.
|
|
52
|
+
if (payload && typeof payload === 'object' && (payload.id || payload.sub)) {
|
|
53
53
|
return { payload: payload };
|
|
54
54
|
}
|
|
55
55
|
return null;
|
|
@@ -174,7 +174,7 @@ function isValidToken(token) {
|
|
|
174
174
|
return false;
|
|
175
175
|
if (isTokenExpired(token))
|
|
176
176
|
return false;
|
|
177
|
-
if (!token.
|
|
177
|
+
if (!token.id)
|
|
178
178
|
return false;
|
|
179
179
|
return true;
|
|
180
180
|
}
|
package/dist/core/verify.js
CHANGED
|
@@ -19,7 +19,7 @@ async function verifyAndRefreshToken(req, secret, options) {
|
|
|
19
19
|
try {
|
|
20
20
|
const secretBytes = new TextEncoder().encode(secret);
|
|
21
21
|
const { payload } = await (0, jose_1.jwtVerify)(accessToken, secretBytes);
|
|
22
|
-
if (payload && typeof payload === 'object' && payload.
|
|
22
|
+
if (payload && typeof payload === 'object' && (payload.id || payload.sub)) {
|
|
23
23
|
return { isValid: true, payload: payload };
|
|
24
24
|
}
|
|
25
25
|
}
|
|
@@ -37,6 +37,7 @@ async function verifyAndRefreshToken(req, secret, options) {
|
|
|
37
37
|
const refreshResult = await (0, api_1.refreshSSOToken)(refreshToken, {
|
|
38
38
|
ssoBaseURL,
|
|
39
39
|
authServiceKey,
|
|
40
|
+
serviceId,
|
|
40
41
|
});
|
|
41
42
|
if (refreshResult.success && refreshResult.accessToken) {
|
|
42
43
|
const newRefreshToken = refreshResult.refreshToken || refreshToken;
|
|
@@ -44,7 +45,7 @@ async function verifyAndRefreshToken(req, secret, options) {
|
|
|
44
45
|
let payload;
|
|
45
46
|
const secretBytes = new TextEncoder().encode(secret);
|
|
46
47
|
const { payload: tokenPayload } = await (0, jose_1.jwtVerify)(refreshResult.accessToken, secretBytes);
|
|
47
|
-
if (tokenPayload && typeof tokenPayload === 'object' && tokenPayload.
|
|
48
|
+
if (tokenPayload && typeof tokenPayload === 'object' && (tokenPayload.id || tokenPayload.sub)) {
|
|
48
49
|
payload = tokenPayload;
|
|
49
50
|
}
|
|
50
51
|
const { NextResponse: NextResponseClass } = await (0, server_1.getNextServer)();
|
|
@@ -117,7 +118,7 @@ async function verifyAndRefreshTokenWithNextAuth(req, nextAuthToken, secret, opt
|
|
|
117
118
|
try {
|
|
118
119
|
const secretBytes = new TextEncoder().encode(secret);
|
|
119
120
|
const { payload } = await (0, jose_1.jwtVerify)(accessToken, secretBytes);
|
|
120
|
-
if (payload && typeof payload === 'object' && payload.
|
|
121
|
+
if (payload && typeof payload === 'object' && (payload.id || payload.sub)) {
|
|
121
122
|
hasValidAccessToken = true;
|
|
122
123
|
}
|
|
123
124
|
}
|
|
@@ -198,7 +198,7 @@ async function handleMiddleware(req, config, options) {
|
|
|
198
198
|
const ssoBaseURL = options.ssoBaseURL;
|
|
199
199
|
return await (0, redirect_js_1.redirectToSSOLogin)(req, serviceId, ssoBaseURL);
|
|
200
200
|
}
|
|
201
|
-
if (!finalToken.role || !finalToken.
|
|
201
|
+
if (!finalToken.role || !finalToken.id) {
|
|
202
202
|
const ssoBaseURL = options.ssoBaseURL;
|
|
203
203
|
return await (0, redirect_js_1.redirectToSSOLogin)(req, serviceId, ssoBaseURL);
|
|
204
204
|
}
|
|
@@ -118,7 +118,10 @@ async function handleJWTCallback(token, user, account, options) {
|
|
|
118
118
|
'Content-Type': 'application/json',
|
|
119
119
|
'x-auth-service-key': authServiceKey,
|
|
120
120
|
},
|
|
121
|
-
body: JSON.stringify({
|
|
121
|
+
body: JSON.stringify({
|
|
122
|
+
refreshToken,
|
|
123
|
+
serviceId: serviceId || undefined
|
|
124
|
+
}),
|
|
122
125
|
});
|
|
123
126
|
if (response.ok) {
|
|
124
127
|
const result = await response.json();
|
package/dist/sso/api.d.ts
CHANGED
|
@@ -13,6 +13,7 @@ export declare function validateServiceSubscription(services: ServiceInfo[], ser
|
|
|
13
13
|
export declare function refreshSSOToken(refreshToken: string, options: {
|
|
14
14
|
ssoBaseURL: string;
|
|
15
15
|
authServiceKey?: string;
|
|
16
|
+
serviceId?: string;
|
|
16
17
|
}): Promise<SSORefreshTokenResponse>;
|
|
17
18
|
/**
|
|
18
19
|
* SSO 서버에서 사용자의 refresh token을 가져오는 함수
|
package/dist/sso/api.js
CHANGED
|
@@ -37,7 +37,7 @@ function validateServiceSubscription(services, serviceId, ssoBaseURL) {
|
|
|
37
37
|
* SSO 서버에서 refresh token을 사용하여 새로운 access token을 발급받는 함수
|
|
38
38
|
*/
|
|
39
39
|
async function refreshSSOToken(refreshToken, options) {
|
|
40
|
-
const { ssoBaseURL, authServiceKey } = options;
|
|
40
|
+
const { ssoBaseURL, authServiceKey, serviceId } = options;
|
|
41
41
|
if (!authServiceKey) {
|
|
42
42
|
throw new Error('AUTH_SERVICE_SECRET_KEY not configured');
|
|
43
43
|
}
|
|
@@ -47,7 +47,10 @@ async function refreshSSOToken(refreshToken, options) {
|
|
|
47
47
|
'Content-Type': 'application/json',
|
|
48
48
|
'x-auth-service-key': authServiceKey,
|
|
49
49
|
},
|
|
50
|
-
body: JSON.stringify({
|
|
50
|
+
body: JSON.stringify({
|
|
51
|
+
refreshToken,
|
|
52
|
+
serviceId
|
|
53
|
+
}),
|
|
51
54
|
});
|
|
52
55
|
return await refreshResponse.json();
|
|
53
56
|
}
|
package/dist/types/index.d.ts
CHANGED
package/package.json
CHANGED