@workos-inc/authkit-nextjs 0.11.1 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/esm/authkit-callback-route.js +2 -2
- package/dist/esm/authkit-callback-route.js.map +1 -1
- package/dist/esm/cookie.d.ts +2 -9
- package/dist/esm/cookie.js +14 -14
- package/dist/esm/cookie.js.map +1 -1
- package/dist/esm/interfaces.d.ts +9 -0
- package/dist/esm/session.d.ts +9 -1
- package/dist/esm/session.js +19 -12
- package/dist/esm/session.js.map +1 -1
- package/dist/esm/workos.d.ts +1 -1
- package/dist/esm/workos.js +1 -1
- package/package.json +2 -2
- package/src/authkit-callback-route.ts +2 -2
- package/src/cookie.ts +15 -15
- package/src/interfaces.ts +10 -0
- package/src/session.ts +21 -13
- package/src/workos.ts +1 -1
|
@@ -3,7 +3,7 @@ import { cookies } from 'next/headers';
|
|
|
3
3
|
import { workos } from './workos.js';
|
|
4
4
|
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
5
5
|
import { encryptSession } from './session.js';
|
|
6
|
-
import {
|
|
6
|
+
import { getCookieOptions } from './cookie.js';
|
|
7
7
|
export function handleAuth(options = {}) {
|
|
8
8
|
const { returnPathname: returnPathnameOption = '/' } = options;
|
|
9
9
|
return async function GET(request) {
|
|
@@ -41,7 +41,7 @@ export function handleAuth(options = {}) {
|
|
|
41
41
|
// Alternatively you could persist the refresh token in a backend database
|
|
42
42
|
const session = await encryptSession({ accessToken, refreshToken, user, impersonator });
|
|
43
43
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
44
|
-
cookies().set(cookieName, session,
|
|
44
|
+
cookies().set(cookieName, session, getCookieOptions(request.url));
|
|
45
45
|
return response;
|
|
46
46
|
}
|
|
47
47
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,MAAM,UAAU,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IAE/D,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC;QAE3E,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,+EAA+E;gBAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAAC;oBACzG,QAAQ,EAAE,gBAAgB;oBAC1B,IAAI;iBACL,CAAC,CAAC;gBAEH,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAEpC,iBAAiB;gBACjB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEjC,uDAAuD;gBACvD,cAAc,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,oBAAoB,CAAC;gBAExD,gDAAgD;gBAChD,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,qBAAqB,CAAC,CAAC;oBAC9D,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;oBAE/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;wBAC/C,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,QAAQ,GAAG,cAAc,CAAC;gBAChC,CAAC;gBAED,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAE5C,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;oBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAEjF,qGAAqG;gBACrG,0EAA0E;gBAC1E,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;gBACxF,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;gBAEvD,OAAO,EAAE,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;gBAElE,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG;oBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;gBAEF,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAExB,OAAO,aAAa,EAAE,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,aAAa,EAAE,CAAC;IACzB,CAAC,CAAC;IAEF,SAAS,aAAa;QACpB,OAAO,YAAY,CAAC,IAAI,CACtB;YACE,KAAK,EAAE;gBACL,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,8FAA8F;aAC5G;SACF,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACJ,CAAC;AACH,CAAC"}
|
package/dist/esm/cookie.d.ts
CHANGED
|
@@ -1,9 +1,2 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
httpOnly: boolean;
|
|
4
|
-
secure: boolean;
|
|
5
|
-
sameSite: "lax";
|
|
6
|
-
maxAge: number;
|
|
7
|
-
domain: string | undefined;
|
|
8
|
-
};
|
|
9
|
-
export { cookieOptions };
|
|
1
|
+
import { CookieOptions } from './interfaces.js';
|
|
2
|
+
export declare function getCookieOptions(redirectUri?: string | null): CookieOptions;
|
package/dist/esm/cookie.js
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
|
|
2
|
-
|
|
3
|
-
const
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
};
|
|
15
|
-
|
|
2
|
+
export function getCookieOptions(redirectUri) {
|
|
3
|
+
const url = new URL(redirectUri || WORKOS_REDIRECT_URI);
|
|
4
|
+
return {
|
|
5
|
+
path: '/',
|
|
6
|
+
httpOnly: true,
|
|
7
|
+
secure: url.protocol === 'https:',
|
|
8
|
+
sameSite: 'lax',
|
|
9
|
+
// Defaults to 400 days, the maximum allowed by Chrome
|
|
10
|
+
// It's fine to have a long cookie expiry date as the access/refresh tokens
|
|
11
|
+
// act as the actual time-limited aspects of the session.
|
|
12
|
+
maxAge: WORKOS_COOKIE_MAX_AGE ? parseInt(WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400,
|
|
13
|
+
domain: WORKOS_COOKIE_DOMAIN,
|
|
14
|
+
};
|
|
15
|
+
}
|
|
16
16
|
//# sourceMappingURL=cookie.js.map
|
package/dist/esm/cookie.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAGtG,MAAM,UAAU,gBAAgB,CAAC,WAA2B;IAC1D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,IAAI,mBAAmB,CAAC,CAAC;IAExD,OAAO;QACL,IAAI,EAAE,GAAG;QACT,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,GAAG,CAAC,QAAQ,KAAK,QAAQ;QACjC,QAAQ,EAAE,KAAc;QACxB,sDAAsD;QACtD,2EAA2E;QAC3E,yDAAyD;QACzD,MAAM,EAAE,qBAAqB,CAAC,CAAC,CAAC,QAAQ,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG;QACxF,MAAM,EAAE,oBAAoB;KAC7B,CAAC;AACJ,CAAC"}
|
package/dist/esm/interfaces.d.ts
CHANGED
|
@@ -26,6 +26,7 @@ export interface NoUserInfo {
|
|
|
26
26
|
sessionId?: undefined;
|
|
27
27
|
organizationId?: undefined;
|
|
28
28
|
role?: undefined;
|
|
29
|
+
permissions?: undefined;
|
|
29
30
|
impersonator?: undefined;
|
|
30
31
|
accessToken?: undefined;
|
|
31
32
|
}
|
|
@@ -50,3 +51,11 @@ export interface AuthkitMiddlewareOptions {
|
|
|
50
51
|
middlewareAuth?: AuthkitMiddlewareAuth;
|
|
51
52
|
redirectUri?: string;
|
|
52
53
|
}
|
|
54
|
+
export interface CookieOptions {
|
|
55
|
+
path: '/';
|
|
56
|
+
httpOnly: true;
|
|
57
|
+
secure: boolean;
|
|
58
|
+
sameSite: 'lax';
|
|
59
|
+
maxAge: number;
|
|
60
|
+
domain: string | undefined;
|
|
61
|
+
}
|
package/dist/esm/session.d.ts
CHANGED
|
@@ -20,9 +20,17 @@ declare function terminateSession(): Promise<void>;
|
|
|
20
20
|
/**
|
|
21
21
|
* Retrieves the session from the cookie. Meant for use in the middleware, for client side use `withAuth` instead.
|
|
22
22
|
*
|
|
23
|
-
* @returns
|
|
23
|
+
* @returns UserInfo | NoUserInfo
|
|
24
24
|
*/
|
|
25
25
|
declare function getSession(response?: NextResponse): Promise<{
|
|
26
|
+
user: null;
|
|
27
|
+
sessionId?: undefined;
|
|
28
|
+
organizationId?: undefined;
|
|
29
|
+
role?: undefined;
|
|
30
|
+
permissions?: undefined;
|
|
31
|
+
impersonator?: undefined;
|
|
32
|
+
accessToken?: undefined;
|
|
33
|
+
} | {
|
|
26
34
|
sessionId: string;
|
|
27
35
|
user: import("@workos-inc/node").User;
|
|
28
36
|
organizationId: string | undefined;
|
package/dist/esm/session.js
CHANGED
|
@@ -4,7 +4,7 @@ import { cookies, headers } from 'next/headers';
|
|
|
4
4
|
import { NextResponse } from 'next/server';
|
|
5
5
|
import { jwtVerify, createRemoteJWKSet, decodeJwt } from 'jose';
|
|
6
6
|
import { sealData, unsealData } from 'iron-session';
|
|
7
|
-
import {
|
|
7
|
+
import { getCookieOptions } from './cookie.js';
|
|
8
8
|
import { workos } from './workos.js';
|
|
9
9
|
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD, WORKOS_COOKIE_NAME, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
10
10
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
@@ -17,6 +17,9 @@ async function encryptSession(session) {
|
|
|
17
17
|
return sealData(session, { password: WORKOS_COOKIE_PASSWORD });
|
|
18
18
|
}
|
|
19
19
|
async function updateSession(request, debug, middlewareAuth, redirectUri) {
|
|
20
|
+
if (!redirectUri && !WORKOS_REDIRECT_URI) {
|
|
21
|
+
throw new Error('You must provide a redirect URI in the AuthKit middleware or in the environment variables.');
|
|
22
|
+
}
|
|
20
23
|
const session = await getSessionFromCookie();
|
|
21
24
|
const newRequestHeaders = new Headers(request.headers);
|
|
22
25
|
// We store the current request url in a custom header, so we can always have access to it
|
|
@@ -25,12 +28,16 @@ async function updateSession(request, debug, middlewareAuth, redirectUri) {
|
|
|
25
28
|
newRequestHeaders.set('x-url', request.url);
|
|
26
29
|
// Record that the request was routed through the middleware so we can check later for DX purposes
|
|
27
30
|
newRequestHeaders.set(middlewareHeaderName, 'true');
|
|
31
|
+
let url;
|
|
28
32
|
// If the redirect URI is set, store it in the headers so we can use it later
|
|
29
33
|
if (redirectUri) {
|
|
30
34
|
newRequestHeaders.set(redirectUriHeaderName, redirectUri);
|
|
35
|
+
url = new URL(redirectUri);
|
|
36
|
+
}
|
|
37
|
+
else {
|
|
38
|
+
url = new URL(WORKOS_REDIRECT_URI);
|
|
31
39
|
}
|
|
32
40
|
newRequestHeaders.delete(sessionHeaderName);
|
|
33
|
-
const url = new URL(WORKOS_REDIRECT_URI);
|
|
34
41
|
if (middlewareAuth.enabled &&
|
|
35
42
|
url.pathname === request.nextUrl.pathname &&
|
|
36
43
|
!middlewareAuth.unauthenticatedPaths.includes(url.pathname)) {
|
|
@@ -94,7 +101,7 @@ async function updateSession(request, debug, middlewareAuth, redirectUri) {
|
|
|
94
101
|
request: { headers: newRequestHeaders },
|
|
95
102
|
});
|
|
96
103
|
// update the cookie
|
|
97
|
-
response.cookies.set(cookieName, encryptedSession,
|
|
104
|
+
response.cookies.set(cookieName, encryptedSession, getCookieOptions(redirectUri));
|
|
98
105
|
return response;
|
|
99
106
|
}
|
|
100
107
|
catch (e) {
|
|
@@ -129,23 +136,23 @@ async function refreshSession({ organizationId: nextOrganizationId, ensureSigned
|
|
|
129
136
|
impersonator,
|
|
130
137
|
});
|
|
131
138
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
132
|
-
|
|
139
|
+
const url = headers().get('x-url');
|
|
140
|
+
cookies().set(cookieName, encryptedSession, getCookieOptions(url));
|
|
133
141
|
const { sid: sessionId, org_id: organizationId, role, permissions } = decodeJwt(accessToken);
|
|
134
142
|
return {
|
|
135
143
|
sessionId,
|
|
136
|
-
user
|
|
144
|
+
user,
|
|
137
145
|
organizationId,
|
|
138
146
|
role,
|
|
139
147
|
permissions,
|
|
140
|
-
impersonator
|
|
141
|
-
accessToken
|
|
148
|
+
impersonator,
|
|
149
|
+
accessToken,
|
|
142
150
|
};
|
|
143
151
|
}
|
|
144
152
|
function getMiddlewareAuthPathRegex(pathGlob) {
|
|
145
153
|
let regex;
|
|
146
154
|
try {
|
|
147
|
-
|
|
148
|
-
const url = new URL(pathGlob, WORKOS_REDIRECT_URI);
|
|
155
|
+
const url = new URL(pathGlob, 'https://example.com');
|
|
149
156
|
const path = `${url.pathname}${url.hash || ''}`;
|
|
150
157
|
const tokens = parse(path);
|
|
151
158
|
regex = tokensToRegexp(tokens).source;
|
|
@@ -208,12 +215,12 @@ async function getSessionFromCookie(response) {
|
|
|
208
215
|
/**
|
|
209
216
|
* Retrieves the session from the cookie. Meant for use in the middleware, for client side use `withAuth` instead.
|
|
210
217
|
*
|
|
211
|
-
* @returns
|
|
218
|
+
* @returns UserInfo | NoUserInfo
|
|
212
219
|
*/
|
|
213
220
|
async function getSession(response) {
|
|
214
221
|
const session = await getSessionFromCookie(response);
|
|
215
222
|
if (!session)
|
|
216
|
-
return;
|
|
223
|
+
return { user: null };
|
|
217
224
|
if (await verifyAccessToken(session.accessToken)) {
|
|
218
225
|
const { sid: sessionId, org_id: organizationId, role, permissions } = decodeJwt(session.accessToken);
|
|
219
226
|
return {
|
|
@@ -230,7 +237,7 @@ async function getSession(response) {
|
|
|
230
237
|
async function getSessionFromHeader() {
|
|
231
238
|
const hasMiddleware = Boolean(headers().get(middlewareHeaderName));
|
|
232
239
|
if (!hasMiddleware) {
|
|
233
|
-
throw new Error("You are calling 'withAuth' on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling
|
|
240
|
+
throw new Error("You are calling 'withAuth' on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling withAuth from by updating your middleware config in `middleware.(js|ts)`.");
|
|
234
241
|
}
|
|
235
242
|
const authHeader = headers().get(sessionHeaderName);
|
|
236
243
|
if (!authHeader)
|
package/dist/esm/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAGjE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEvD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,gBAAgB,CAAC;AAE/C,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB;IAEnB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,IAAI,GAAG,CAAC;IAER,6EAA6E;IAC7E,IAAI,WAAW,EAAE,CAAC;QAChB,iBAAiB,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,CAAC;QAC1D,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACpE,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QAE1F,OAAO,YAAY,CAAC,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9G,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,YAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3C,wEAAwE;QACxE,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAC3E,OAAO,YAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC;QACH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAEpF,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE/E,kHAAkH;QAClH,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;YACjH,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc;SACf,CAAC,CAAC;QAEH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;QAE5D,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,oBAAoB;QACpB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAC;QAClF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qDAAqD,EAAE,CAAC,CAAC,CAAC;QACjF,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpC,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAOD,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;QACjH,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;KACpE,CAAC,CAAC;IAEH,qDAAqD;IACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;QAC5C,WAAW;QACX,YAAY;QACZ,IAAI;QACJ,YAAY;KACb,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEnC,OAAO,EAAE,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IAEnE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAE1G,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,KAAa,CAAC;IAElB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAEtC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;IAC7B,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,cAAc,GAAG,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEhE,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,EAAE,cAAc,GAAG,KAAK,EAAE,GAAG,EAAE;IACrD,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAElH,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB;IAC7B,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,QAAQ,EAAE,CAAC;IACvC,IAAI,SAAS,EAAE,CAAC;QACd,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,QAAuB;IACzD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAEvF,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,UAAU,CAAC,QAAuB;IAC/C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAErD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEpC,IAAI,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACjD,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAElH,OAAO;YACL,SAAS;YACT,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,cAAc;YACd,IAAI;YACJ,WAAW;YACX,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAEnE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,mNAAmN,CACpN,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,EAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,cAAc,EAAE,gBAAgB,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC"}
|
package/dist/esm/workos.d.ts
CHANGED
package/dist/esm/workos.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_KEY, WORKOS_API_HTTPS, WORKOS_API_PORT } from './env-variables.js';
|
|
3
|
-
export const VERSION = '0.
|
|
3
|
+
export const VERSION = '0.12.0';
|
|
4
4
|
const options = {
|
|
5
5
|
apiHostname: WORKOS_API_HOSTNAME,
|
|
6
6
|
https: WORKOS_API_HTTPS ? WORKOS_API_HTTPS === 'true' : true,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@workos-inc/authkit-nextjs",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.12.0",
|
|
4
4
|
"description": "Authentication and session helpers for using WorkOS & AuthKit with Next.js",
|
|
5
5
|
"sideEffects": false,
|
|
6
6
|
"type": "module",
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
"test": "echo \"Error: no test specified\" && exit 1"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@workos-inc/node": "7.
|
|
24
|
+
"@workos-inc/node": "7.27.4",
|
|
25
25
|
"iron-session": "^8.0.1",
|
|
26
26
|
"jose": "^5.2.3",
|
|
27
27
|
"path-to-regexp": "^6.2.2"
|
|
@@ -3,7 +3,7 @@ import { cookies } from 'next/headers';
|
|
|
3
3
|
import { workos } from './workos.js';
|
|
4
4
|
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
5
5
|
import { encryptSession } from './session.js';
|
|
6
|
-
import {
|
|
6
|
+
import { getCookieOptions } from './cookie.js';
|
|
7
7
|
import { HandleAuthOptions } from './interfaces.js';
|
|
8
8
|
|
|
9
9
|
export function handleAuth(options: HandleAuthOptions = {}) {
|
|
@@ -52,7 +52,7 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
52
52
|
const session = await encryptSession({ accessToken, refreshToken, user, impersonator });
|
|
53
53
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
54
54
|
|
|
55
|
-
cookies().set(cookieName, session,
|
|
55
|
+
cookies().set(cookieName, session, getCookieOptions(request.url));
|
|
56
56
|
|
|
57
57
|
return response;
|
|
58
58
|
} catch (error) {
|
package/src/cookie.ts
CHANGED
|
@@ -1,18 +1,18 @@
|
|
|
1
1
|
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
|
|
2
|
+
import { CookieOptions } from './interfaces.js';
|
|
2
3
|
|
|
3
|
-
|
|
4
|
-
const
|
|
4
|
+
export function getCookieOptions(redirectUri?: string | null): CookieOptions {
|
|
5
|
+
const url = new URL(redirectUri || WORKOS_REDIRECT_URI);
|
|
5
6
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
};
|
|
17
|
-
|
|
18
|
-
export { cookieOptions };
|
|
7
|
+
return {
|
|
8
|
+
path: '/',
|
|
9
|
+
httpOnly: true,
|
|
10
|
+
secure: url.protocol === 'https:',
|
|
11
|
+
sameSite: 'lax' as const,
|
|
12
|
+
// Defaults to 400 days, the maximum allowed by Chrome
|
|
13
|
+
// It's fine to have a long cookie expiry date as the access/refresh tokens
|
|
14
|
+
// act as the actual time-limited aspects of the session.
|
|
15
|
+
maxAge: WORKOS_COOKIE_MAX_AGE ? parseInt(WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400,
|
|
16
|
+
domain: WORKOS_COOKIE_DOMAIN,
|
|
17
|
+
};
|
|
18
|
+
}
|
package/src/interfaces.ts
CHANGED
|
@@ -29,6 +29,7 @@ export interface NoUserInfo {
|
|
|
29
29
|
sessionId?: undefined;
|
|
30
30
|
organizationId?: undefined;
|
|
31
31
|
role?: undefined;
|
|
32
|
+
permissions?: undefined;
|
|
32
33
|
impersonator?: undefined;
|
|
33
34
|
accessToken?: undefined;
|
|
34
35
|
}
|
|
@@ -57,3 +58,12 @@ export interface AuthkitMiddlewareOptions {
|
|
|
57
58
|
middlewareAuth?: AuthkitMiddlewareAuth;
|
|
58
59
|
redirectUri?: string;
|
|
59
60
|
}
|
|
61
|
+
|
|
62
|
+
export interface CookieOptions {
|
|
63
|
+
path: '/';
|
|
64
|
+
httpOnly: true;
|
|
65
|
+
secure: boolean;
|
|
66
|
+
sameSite: 'lax';
|
|
67
|
+
maxAge: number;
|
|
68
|
+
domain: string | undefined;
|
|
69
|
+
}
|
package/src/session.ts
CHANGED
|
@@ -5,7 +5,7 @@ import { cookies, headers } from 'next/headers';
|
|
|
5
5
|
import { NextRequest, NextResponse } from 'next/server';
|
|
6
6
|
import { jwtVerify, createRemoteJWKSet, decodeJwt } from 'jose';
|
|
7
7
|
import { sealData, unsealData } from 'iron-session';
|
|
8
|
-
import {
|
|
8
|
+
import { getCookieOptions } from './cookie.js';
|
|
9
9
|
import { workos } from './workos.js';
|
|
10
10
|
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD, WORKOS_COOKIE_NAME, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
11
11
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
@@ -29,6 +29,10 @@ async function updateSession(
|
|
|
29
29
|
middlewareAuth: AuthkitMiddlewareAuth,
|
|
30
30
|
redirectUri: string,
|
|
31
31
|
) {
|
|
32
|
+
if (!redirectUri && !WORKOS_REDIRECT_URI) {
|
|
33
|
+
throw new Error('You must provide a redirect URI in the AuthKit middleware or in the environment variables.');
|
|
34
|
+
}
|
|
35
|
+
|
|
32
36
|
const session = await getSessionFromCookie();
|
|
33
37
|
const newRequestHeaders = new Headers(request.headers);
|
|
34
38
|
|
|
@@ -40,15 +44,18 @@ async function updateSession(
|
|
|
40
44
|
// Record that the request was routed through the middleware so we can check later for DX purposes
|
|
41
45
|
newRequestHeaders.set(middlewareHeaderName, 'true');
|
|
42
46
|
|
|
47
|
+
let url;
|
|
48
|
+
|
|
43
49
|
// If the redirect URI is set, store it in the headers so we can use it later
|
|
44
50
|
if (redirectUri) {
|
|
45
51
|
newRequestHeaders.set(redirectUriHeaderName, redirectUri);
|
|
52
|
+
url = new URL(redirectUri);
|
|
53
|
+
} else {
|
|
54
|
+
url = new URL(WORKOS_REDIRECT_URI);
|
|
46
55
|
}
|
|
47
56
|
|
|
48
57
|
newRequestHeaders.delete(sessionHeaderName);
|
|
49
58
|
|
|
50
|
-
const url = new URL(WORKOS_REDIRECT_URI);
|
|
51
|
-
|
|
52
59
|
if (
|
|
53
60
|
middlewareAuth.enabled &&
|
|
54
61
|
url.pathname === request.nextUrl.pathname &&
|
|
@@ -124,7 +131,7 @@ async function updateSession(
|
|
|
124
131
|
request: { headers: newRequestHeaders },
|
|
125
132
|
});
|
|
126
133
|
// update the cookie
|
|
127
|
-
response.cookies.set(cookieName, encryptedSession,
|
|
134
|
+
response.cookies.set(cookieName, encryptedSession, getCookieOptions(redirectUri));
|
|
128
135
|
return response;
|
|
129
136
|
} catch (e) {
|
|
130
137
|
if (debug) console.log('Failed to refresh. Deleting cookie and redirecting.', e);
|
|
@@ -173,18 +180,20 @@ async function refreshSession({
|
|
|
173
180
|
});
|
|
174
181
|
|
|
175
182
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
176
|
-
|
|
183
|
+
const url = headers().get('x-url');
|
|
184
|
+
|
|
185
|
+
cookies().set(cookieName, encryptedSession, getCookieOptions(url));
|
|
177
186
|
|
|
178
187
|
const { sid: sessionId, org_id: organizationId, role, permissions } = decodeJwt<AccessToken>(accessToken);
|
|
179
188
|
|
|
180
189
|
return {
|
|
181
190
|
sessionId,
|
|
182
|
-
user
|
|
191
|
+
user,
|
|
183
192
|
organizationId,
|
|
184
193
|
role,
|
|
185
194
|
permissions,
|
|
186
|
-
impersonator
|
|
187
|
-
accessToken
|
|
195
|
+
impersonator,
|
|
196
|
+
accessToken,
|
|
188
197
|
};
|
|
189
198
|
}
|
|
190
199
|
|
|
@@ -192,8 +201,7 @@ function getMiddlewareAuthPathRegex(pathGlob: string) {
|
|
|
192
201
|
let regex: string;
|
|
193
202
|
|
|
194
203
|
try {
|
|
195
|
-
|
|
196
|
-
const url = new URL(pathGlob, WORKOS_REDIRECT_URI);
|
|
204
|
+
const url = new URL(pathGlob, 'https://example.com');
|
|
197
205
|
const path = `${url.pathname!}${url.hash || ''}`;
|
|
198
206
|
|
|
199
207
|
const tokens = parse(path);
|
|
@@ -270,12 +278,12 @@ async function getSessionFromCookie(response?: NextResponse) {
|
|
|
270
278
|
/**
|
|
271
279
|
* Retrieves the session from the cookie. Meant for use in the middleware, for client side use `withAuth` instead.
|
|
272
280
|
*
|
|
273
|
-
* @returns
|
|
281
|
+
* @returns UserInfo | NoUserInfo
|
|
274
282
|
*/
|
|
275
283
|
async function getSession(response?: NextResponse) {
|
|
276
284
|
const session = await getSessionFromCookie(response);
|
|
277
285
|
|
|
278
|
-
if (!session) return;
|
|
286
|
+
if (!session) return { user: null };
|
|
279
287
|
|
|
280
288
|
if (await verifyAccessToken(session.accessToken)) {
|
|
281
289
|
const { sid: sessionId, org_id: organizationId, role, permissions } = decodeJwt<AccessToken>(session.accessToken);
|
|
@@ -297,7 +305,7 @@ async function getSessionFromHeader(): Promise<Session | undefined> {
|
|
|
297
305
|
|
|
298
306
|
if (!hasMiddleware) {
|
|
299
307
|
throw new Error(
|
|
300
|
-
"You are calling 'withAuth' on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling
|
|
308
|
+
"You are calling 'withAuth' on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling withAuth from by updating your middleware config in `middleware.(js|ts)`.",
|
|
301
309
|
);
|
|
302
310
|
}
|
|
303
311
|
|
package/src/workos.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_KEY, WORKOS_API_HTTPS, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
|
|
4
|
-
export const VERSION = '0.
|
|
4
|
+
export const VERSION = '0.12.0';
|
|
5
5
|
|
|
6
6
|
const options = {
|
|
7
7
|
apiHostname: WORKOS_API_HOSTNAME,
|