@workos-inc/authkit-nextjs 0.12.3 → 0.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/esm/auth.js +8 -3
- package/dist/esm/auth.js.map +1 -1
- package/dist/esm/authkit-callback-route.d.ts +2 -2
- package/dist/esm/authkit-callback-route.js +23 -5
- package/dist/esm/authkit-callback-route.js.map +1 -1
- package/dist/esm/get-authorization-url.js +2 -1
- package/dist/esm/get-authorization-url.js.map +1 -1
- package/dist/esm/session.d.ts +1 -1
- package/dist/esm/session.js +29 -12
- package/dist/esm/session.js.map +1 -1
- package/dist/esm/workos.d.ts +1 -1
- package/dist/esm/workos.js +1 -1
- package/package.json +6 -6
- package/src/auth.ts +8 -3
- package/src/authkit-callback-route.ts +26 -10
- package/src/get-authorization-url.ts +2 -1
- package/src/session.ts +34 -16
- package/src/workos.ts +1 -1
package/dist/esm/auth.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
3
3
|
import { cookies } from 'next/headers';
|
|
4
4
|
import { terminateSession } from './session.js';
|
|
5
|
-
import { WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
5
|
+
import { WORKOS_COOKIE_NAME, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
|
|
6
6
|
async function getSignInUrl({ organizationId } = {}) {
|
|
7
7
|
return getAuthorizationUrl({ organizationId, screenHint: 'sign-in' });
|
|
8
8
|
}
|
|
@@ -10,8 +10,13 @@ async function getSignUpUrl() {
|
|
|
10
10
|
return getAuthorizationUrl({ screenHint: 'sign-up' });
|
|
11
11
|
}
|
|
12
12
|
async function signOut() {
|
|
13
|
-
const
|
|
14
|
-
|
|
13
|
+
const cookie = {
|
|
14
|
+
name: WORKOS_COOKIE_NAME || 'wos-session',
|
|
15
|
+
};
|
|
16
|
+
if (WORKOS_COOKIE_DOMAIN)
|
|
17
|
+
cookie.domain = WORKOS_COOKIE_DOMAIN;
|
|
18
|
+
const nextCookies = await cookies();
|
|
19
|
+
nextCookies.delete(cookie);
|
|
15
20
|
await terminateSession();
|
|
16
21
|
}
|
|
17
22
|
export { getSignInUrl, getSignUpUrl, signOut };
|
package/dist/esm/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE9E,KAAK,UAAU,YAAY,CAAC,EAAE,cAAc,KAAkC,EAAE;IAC9E,OAAO,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,OAAO,mBAAmB,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,KAAK,UAAU,OAAO;IACpB,MAAM,MAAM,GAAsC;QAChD,IAAI,EAAE,kBAAkB,IAAI,aAAa;KAC1C,CAAC;IACF,IAAI,oBAAoB;QAAE,MAAM,CAAC,MAAM,GAAG,oBAAoB,CAAC;IAE/D,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3B,MAAM,gBAAgB,EAAE,CAAC;AAC3B,CAAC;AAED,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import { NextRequest
|
|
1
|
+
import { NextRequest } from 'next/server';
|
|
2
2
|
import { HandleAuthOptions } from './interfaces.js';
|
|
3
|
-
export declare function handleAuth(options?: HandleAuthOptions): (request: NextRequest) => Promise<
|
|
3
|
+
export declare function handleAuth(options?: HandleAuthOptions): (request: NextRequest) => Promise<Response>;
|
|
@@ -34,14 +34,24 @@ export function handleAuth(options = {}) {
|
|
|
34
34
|
else {
|
|
35
35
|
url.pathname = returnPathname;
|
|
36
36
|
}
|
|
37
|
-
|
|
37
|
+
// Fall back to standard Response if NextResponse is not available.
|
|
38
|
+
// This is to support Next.js 13.
|
|
39
|
+
const response = (NextResponse === null || NextResponse === void 0 ? void 0 : NextResponse.redirect)
|
|
40
|
+
? NextResponse.redirect(url)
|
|
41
|
+
: new Response(null, {
|
|
42
|
+
status: 302,
|
|
43
|
+
headers: {
|
|
44
|
+
Location: url.toString(),
|
|
45
|
+
},
|
|
46
|
+
});
|
|
38
47
|
if (!accessToken || !refreshToken)
|
|
39
48
|
throw new Error('response is missing tokens');
|
|
40
49
|
// The refreshToken should never be accesible publicly, hence why we encrypt it in the cookie session
|
|
41
50
|
// Alternatively you could persist the refresh token in a backend database
|
|
42
51
|
const session = await encryptSession({ accessToken, refreshToken, user, impersonator });
|
|
43
52
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
44
|
-
|
|
53
|
+
const nextCookies = await cookies();
|
|
54
|
+
nextCookies.set(cookieName, session, getCookieOptions(request.url));
|
|
45
55
|
return response;
|
|
46
56
|
}
|
|
47
57
|
catch (error) {
|
|
@@ -55,12 +65,20 @@ export function handleAuth(options = {}) {
|
|
|
55
65
|
return errorResponse();
|
|
56
66
|
};
|
|
57
67
|
function errorResponse() {
|
|
58
|
-
|
|
68
|
+
const errorBody = {
|
|
59
69
|
error: {
|
|
60
70
|
message: 'Something went wrong',
|
|
61
|
-
description: '
|
|
71
|
+
description: "Couldn't sign in. If you are not sure what happened, please contact your organization admin.",
|
|
62
72
|
},
|
|
63
|
-
}
|
|
73
|
+
};
|
|
74
|
+
// Use NextResponse if available, fallback to standard Response
|
|
75
|
+
// This is to support Next.js 13.
|
|
76
|
+
return (NextResponse === null || NextResponse === void 0 ? void 0 : NextResponse.json)
|
|
77
|
+
? NextResponse.json(errorBody, { status: 500 })
|
|
78
|
+
: new Response(JSON.stringify(errorBody), {
|
|
79
|
+
status: 500,
|
|
80
|
+
headers: { 'Content-Type': 'application/json' },
|
|
81
|
+
});
|
|
64
82
|
}
|
|
65
83
|
}
|
|
66
84
|
//# sourceMappingURL=authkit-callback-route.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,MAAM,UAAU,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IAE/D,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,cAAc,GAAG,KAAK,IAAI,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC;QAE/F,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,+EAA+E;gBAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAAC;oBACzG,QAAQ,EAAE,gBAAgB;oBAC1B,IAAI;iBACL,CAAC,CAAC;gBAEH,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAEpC,iBAAiB;gBACjB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEjC,uDAAuD;gBACvD,cAAc,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,oBAAoB,CAAC;gBAExD,gDAAgD;gBAChD,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,qBAAqB,CAAC,CAAC;oBAC9D,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;oBAE/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;wBAC/C,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,QAAQ,GAAG,cAAc,CAAC;gBAChC,CAAC;gBAED,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,MAAM,UAAU,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IAE/D,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,cAAc,GAAG,KAAK,IAAI,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC;QAE/F,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,+EAA+E;gBAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAAC;oBACzG,QAAQ,EAAE,gBAAgB;oBAC1B,IAAI;iBACL,CAAC,CAAC;gBAEH,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAEpC,iBAAiB;gBACjB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEjC,uDAAuD;gBACvD,cAAc,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,oBAAoB,CAAC;gBAExD,gDAAgD;gBAChD,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,qBAAqB,CAAC,CAAC;oBAC9D,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;oBAE/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;wBAC/C,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,QAAQ,GAAG,cAAc,CAAC;gBAChC,CAAC;gBAED,mEAAmE;gBACnE,iCAAiC;gBACjC,MAAM,QAAQ,GAAG,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,QAAQ;oBACrC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC;oBAC5B,CAAC,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE;wBACjB,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE;4BACP,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE;yBACzB;qBACF,CAAC,CAAC;gBAEP,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;oBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAEjF,qGAAqG;gBACrG,0EAA0E;gBAC1E,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;gBACxF,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;gBACvD,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;gBAEpC,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;gBAEpE,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG;oBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;gBAEF,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAExB,OAAO,aAAa,EAAE,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,aAAa,EAAE,CAAC;IACzB,CAAC,CAAC;IAEF,SAAS,aAAa;QACpB,MAAM,SAAS,GAAG;YAChB,KAAK,EAAE;gBACL,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,8FAA8F;aAC5G;SACF,CAAC;QAEF,+DAA+D;QAC/D,iCAAiC;QACjC,OAAO,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI;YACvB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;YAC/C,CAAC,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;gBACtC,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAC;IACT,CAAC;AACH,CAAC"}
|
|
@@ -2,7 +2,8 @@ import { workos } from './workos.js';
|
|
|
2
2
|
import { WORKOS_CLIENT_ID, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
3
3
|
import { headers } from 'next/headers';
|
|
4
4
|
async function getAuthorizationUrl(options = {}) {
|
|
5
|
-
const
|
|
5
|
+
const headersList = await headers();
|
|
6
|
+
const { returnPathname, screenHint, organizationId, redirectUri = headersList.get('x-redirect-uri') } = options;
|
|
6
7
|
return workos.userManagement.getAuthorizationUrl({
|
|
7
8
|
provider: 'authkit',
|
|
8
9
|
clientId: WORKOS_CLIENT_ID,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE3E,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,GAAG,
|
|
1
|
+
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE3E,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,GAAG,OAAO,CAAC;IAEhH,OAAO,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC;QAC/C,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,gBAAgB;QAC1B,WAAW,EAAE,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,mBAAmB;QAC/C,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;QAC5E,UAAU;QACV,cAAc;KACf,CAAC,CAAC;AACL,CAAC;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
|
package/dist/esm/session.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { NextRequest, NextResponse } from 'next/server';
|
|
2
2
|
import { AuthkitMiddlewareAuth, NoUserInfo, Session, UserInfo } from './interfaces.js';
|
|
3
3
|
declare function encryptSession(session: Session): Promise<string>;
|
|
4
|
-
declare function updateSession(request: NextRequest, debug: boolean, middlewareAuth: AuthkitMiddlewareAuth, redirectUri: string): Promise<
|
|
4
|
+
declare function updateSession(request: NextRequest, debug: boolean, middlewareAuth: AuthkitMiddlewareAuth, redirectUri: string): Promise<Response>;
|
|
5
5
|
declare function refreshSession(options?: {
|
|
6
6
|
organizationId?: string;
|
|
7
7
|
ensureSignedIn: false;
|
package/dist/esm/session.js
CHANGED
|
@@ -57,11 +57,21 @@ async function updateSession(request, debug, middlewareAuth, redirectUri) {
|
|
|
57
57
|
// If the user is logged out and this path isn't on the allowlist for logged out paths, redirect to AuthKit.
|
|
58
58
|
if (middlewareAuth.enabled && matchedPaths.length === 0 && !session) {
|
|
59
59
|
if (debug)
|
|
60
|
-
console.log(
|
|
61
|
-
|
|
60
|
+
console.log(`Unauthenticated user on protected route ${request.url}, redirecting to AuthKit`);
|
|
61
|
+
const redirectTo = await getAuthorizationUrl({
|
|
62
62
|
returnPathname: getReturnPathname(request.url),
|
|
63
63
|
redirectUri: redirectUri !== null && redirectUri !== void 0 ? redirectUri : WORKOS_REDIRECT_URI,
|
|
64
|
-
})
|
|
64
|
+
});
|
|
65
|
+
// Fall back to standard Response if NextResponse is not available.
|
|
66
|
+
// This is to support Next.js 13.
|
|
67
|
+
return (NextResponse === null || NextResponse === void 0 ? void 0 : NextResponse.redirect)
|
|
68
|
+
? NextResponse.redirect(redirectTo)
|
|
69
|
+
: new Response(null, {
|
|
70
|
+
status: 302,
|
|
71
|
+
headers: {
|
|
72
|
+
Location: redirectTo,
|
|
73
|
+
},
|
|
74
|
+
});
|
|
65
75
|
}
|
|
66
76
|
// If no session, just continue
|
|
67
77
|
if (!session) {
|
|
@@ -71,11 +81,12 @@ async function updateSession(request, debug, middlewareAuth, redirectUri) {
|
|
|
71
81
|
}
|
|
72
82
|
const hasValidSession = await verifyAccessToken(session.accessToken);
|
|
73
83
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
84
|
+
const nextCookies = await cookies();
|
|
74
85
|
if (hasValidSession) {
|
|
75
86
|
if (debug)
|
|
76
87
|
console.log('Session is valid');
|
|
77
88
|
// set the x-workos-session header according to the current cookie value
|
|
78
|
-
newRequestHeaders.set(sessionHeaderName,
|
|
89
|
+
newRequestHeaders.set(sessionHeaderName, nextCookies.get(cookieName).value);
|
|
79
90
|
return NextResponse.next({
|
|
80
91
|
request: { headers: newRequestHeaders },
|
|
81
92
|
});
|
|
@@ -139,8 +150,10 @@ async function refreshSession({ organizationId: nextOrganizationId, ensureSigned
|
|
|
139
150
|
impersonator,
|
|
140
151
|
});
|
|
141
152
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
142
|
-
const
|
|
143
|
-
|
|
153
|
+
const headersList = await headers();
|
|
154
|
+
const url = headersList.get('x-url');
|
|
155
|
+
const nextCookies = await cookies();
|
|
156
|
+
nextCookies.set(cookieName, encryptedSession, getCookieOptions(url));
|
|
144
157
|
const { sid: sessionId, org_id: organizationId, role, permissions } = decodeJwt(accessToken);
|
|
145
158
|
return {
|
|
146
159
|
sessionId,
|
|
@@ -167,7 +180,8 @@ function getMiddlewareAuthPathRegex(pathGlob) {
|
|
|
167
180
|
}
|
|
168
181
|
}
|
|
169
182
|
async function redirectToSignIn() {
|
|
170
|
-
const
|
|
183
|
+
const headersList = await headers();
|
|
184
|
+
const url = headersList.get('x-url');
|
|
171
185
|
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
172
186
|
redirect(await getAuthorizationUrl({ returnPathname }));
|
|
173
187
|
}
|
|
@@ -202,13 +216,14 @@ async function verifyAccessToken(accessToken) {
|
|
|
202
216
|
await jwtVerify(accessToken, JWKS);
|
|
203
217
|
return true;
|
|
204
218
|
}
|
|
205
|
-
catch (
|
|
219
|
+
catch (_a) {
|
|
206
220
|
return false;
|
|
207
221
|
}
|
|
208
222
|
}
|
|
209
223
|
async function getSessionFromCookie(response) {
|
|
210
224
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
211
|
-
const
|
|
225
|
+
const nextCookies = await cookies();
|
|
226
|
+
const cookie = response ? response.cookies.get(cookieName) : nextCookies.get(cookieName);
|
|
212
227
|
if (cookie) {
|
|
213
228
|
return unsealData(cookie.value, {
|
|
214
229
|
password: WORKOS_COOKIE_PASSWORD,
|
|
@@ -238,11 +253,13 @@ async function getSession(response) {
|
|
|
238
253
|
}
|
|
239
254
|
}
|
|
240
255
|
async function getSessionFromHeader() {
|
|
241
|
-
const
|
|
256
|
+
const headersList = await headers();
|
|
257
|
+
const hasMiddleware = Boolean(headersList.get(middlewareHeaderName));
|
|
242
258
|
if (!hasMiddleware) {
|
|
243
|
-
|
|
259
|
+
const url = headersList.get('x-url');
|
|
260
|
+
throw new Error(`You are calling 'withAuth' on ${url} that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling 'withAuth' from by updating your middleware config in 'middleware.(js|ts)'.`);
|
|
244
261
|
}
|
|
245
|
-
const authHeader =
|
|
262
|
+
const authHeader = headersList.get(sessionHeaderName);
|
|
246
263
|
if (!authHeader)
|
|
247
264
|
return;
|
|
248
265
|
return unsealData(authHeader, { password: WORKOS_COOKIE_PASSWORD });
|
package/dist/esm/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAGjE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEvD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,gBAAgB,CAAC;AAE/C,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB;IAEnB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,IAAI,GAAG,CAAC;IAER,6EAA6E;IAC7E,IAAI,WAAW,EAAE,CAAC;QAChB,iBAAiB,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,CAAC;QAC1D,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACpE,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAGjE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEvD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,gBAAgB,CAAC;AAE/C,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB;IAEnB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,IAAI,GAAG,CAAC;IAER,6EAA6E;IAC7E,IAAI,WAAW,EAAE,CAAC;QAChB,iBAAiB,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,CAAC;QAC1D,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACpE,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAEzG,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC;YAC3C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;YAC9C,WAAW,EAAE,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,mBAAmB;SAChD,CAAC,CAAC;QAEH,mEAAmE;QACnE,iCAAiC;QACjC,OAAO,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,QAAQ;YAC3B,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC;YACnC,CAAC,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE;gBACjB,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE;oBACP,QAAQ,EAAE,UAAU;iBACrB;aACF,CAAC,CAAC;IACT,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,YAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IAEpC,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3C,wEAAwE;QACxE,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAC7E,OAAO,YAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC;QACH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAEpF,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE/E,kHAAkH;QAClH,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;YACjH,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc;SACf,CAAC,CAAC;QAEH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;QAE5D,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,oBAAoB;QACpB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAC;QAClF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qDAAqD,EAAE,CAAC,CAAC,CAAC;QACjF,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpC,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAOD,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;QACjH,QAAQ,EAAE,gBAAgB;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;KACpE,CAAC,CAAC;IAEH,qDAAqD;IACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;QAC5C,WAAW;QACX,YAAY;QACZ,IAAI;QACJ,YAAY;KACb,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IAErE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAE1G,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,KAAa,CAAC;IAElB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAEtC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACrC,MAAM,cAAc,GAAG,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEhE,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,EAAE,cAAc,GAAG,KAAK,EAAE,GAAG,EAAE;IACrD,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAElH,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB;IAC7B,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,QAAQ,EAAE,CAAC;IACvC,IAAI,SAAS,EAAE,CAAC;QACd,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,QAAuB;IACzD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAEzF,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,UAAU,CAAC,QAAuB;IAC/C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAErD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEpC,IAAI,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACjD,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAElH,OAAO;YACL,SAAS;YACT,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,cAAc;YACd,IAAI;YACJ,WAAW;YACX,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,iLAAiL,CACtN,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,cAAc,EAAE,gBAAgB,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC"}
|
package/dist/esm/workos.d.ts
CHANGED
package/dist/esm/workos.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_KEY, WORKOS_API_HTTPS, WORKOS_API_PORT } from './env-variables.js';
|
|
3
|
-
export const VERSION = '0.
|
|
3
|
+
export const VERSION = '0.13.1';
|
|
4
4
|
const options = {
|
|
5
5
|
apiHostname: WORKOS_API_HOSTNAME,
|
|
6
6
|
https: WORKOS_API_HTTPS ? WORKOS_API_HTTPS === 'true' : true,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@workos-inc/authkit-nextjs",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.13.1",
|
|
4
4
|
"description": "Authentication and session helpers for using WorkOS & AuthKit with Next.js",
|
|
5
5
|
"sideEffects": false,
|
|
6
6
|
"type": "module",
|
|
@@ -21,15 +21,15 @@
|
|
|
21
21
|
"test": "echo \"Error: no test specified\" && exit 1"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@workos-inc/node": "^7.
|
|
24
|
+
"@workos-inc/node": "^7.29.0",
|
|
25
25
|
"iron-session": "^8.0.1",
|
|
26
26
|
"jose": "^5.2.3",
|
|
27
27
|
"path-to-regexp": "^6.2.2"
|
|
28
28
|
},
|
|
29
29
|
"peerDependencies": {
|
|
30
|
-
"next": "^13.5.4 || ^14.0.3",
|
|
31
|
-
"react": "^18.0",
|
|
32
|
-
"react-dom": "^18.0"
|
|
30
|
+
"next": "^13.5.4 || ^14.0.3 || ^15.0.0",
|
|
31
|
+
"react": "^18.0 || ^19.0.0",
|
|
32
|
+
"react-dom": "^18.0 || ^19.0.0"
|
|
33
33
|
},
|
|
34
34
|
"devDependencies": {
|
|
35
35
|
"@types/node": "^20.11.28",
|
|
@@ -38,7 +38,7 @@
|
|
|
38
38
|
"eslint": "^8.29.0",
|
|
39
39
|
"eslint-config-prettier": "^9.1.0",
|
|
40
40
|
"eslint-plugin-require-extensions": "^0.1.3",
|
|
41
|
-
"next": "^
|
|
41
|
+
"next": "^15.0.1",
|
|
42
42
|
"prettier": "^3.3.3",
|
|
43
43
|
"typescript": "5.4.2",
|
|
44
44
|
"typescript-eslint": "^7.2.0"
|
package/src/auth.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
4
4
|
import { cookies } from 'next/headers';
|
|
5
5
|
import { terminateSession } from './session.js';
|
|
6
|
-
import { WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
6
|
+
import { WORKOS_COOKIE_NAME, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
|
|
7
7
|
|
|
8
8
|
async function getSignInUrl({ organizationId }: { organizationId?: string } = {}) {
|
|
9
9
|
return getAuthorizationUrl({ organizationId, screenHint: 'sign-in' });
|
|
@@ -14,8 +14,13 @@ async function getSignUpUrl() {
|
|
|
14
14
|
}
|
|
15
15
|
|
|
16
16
|
async function signOut() {
|
|
17
|
-
const
|
|
18
|
-
|
|
17
|
+
const cookie: { name: string; domain?: string } = {
|
|
18
|
+
name: WORKOS_COOKIE_NAME || 'wos-session',
|
|
19
|
+
};
|
|
20
|
+
if (WORKOS_COOKIE_DOMAIN) cookie.domain = WORKOS_COOKIE_DOMAIN;
|
|
21
|
+
|
|
22
|
+
const nextCookies = await cookies();
|
|
23
|
+
nextCookies.delete(cookie);
|
|
19
24
|
await terminateSession();
|
|
20
25
|
}
|
|
21
26
|
|
|
@@ -43,7 +43,16 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
43
43
|
url.pathname = returnPathname;
|
|
44
44
|
}
|
|
45
45
|
|
|
46
|
-
|
|
46
|
+
// Fall back to standard Response if NextResponse is not available.
|
|
47
|
+
// This is to support Next.js 13.
|
|
48
|
+
const response = NextResponse?.redirect
|
|
49
|
+
? NextResponse.redirect(url)
|
|
50
|
+
: new Response(null, {
|
|
51
|
+
status: 302,
|
|
52
|
+
headers: {
|
|
53
|
+
Location: url.toString(),
|
|
54
|
+
},
|
|
55
|
+
});
|
|
47
56
|
|
|
48
57
|
if (!accessToken || !refreshToken) throw new Error('response is missing tokens');
|
|
49
58
|
|
|
@@ -51,8 +60,9 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
51
60
|
// Alternatively you could persist the refresh token in a backend database
|
|
52
61
|
const session = await encryptSession({ accessToken, refreshToken, user, impersonator });
|
|
53
62
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
63
|
+
const nextCookies = await cookies();
|
|
54
64
|
|
|
55
|
-
|
|
65
|
+
nextCookies.set(cookieName, session, getCookieOptions(request.url));
|
|
56
66
|
|
|
57
67
|
return response;
|
|
58
68
|
} catch (error) {
|
|
@@ -70,14 +80,20 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
70
80
|
};
|
|
71
81
|
|
|
72
82
|
function errorResponse() {
|
|
73
|
-
|
|
74
|
-
{
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
description: 'Couldn’t sign in. If you are not sure what happened, please contact your organization admin.',
|
|
78
|
-
},
|
|
83
|
+
const errorBody = {
|
|
84
|
+
error: {
|
|
85
|
+
message: 'Something went wrong',
|
|
86
|
+
description: "Couldn't sign in. If you are not sure what happened, please contact your organization admin.",
|
|
79
87
|
},
|
|
80
|
-
|
|
81
|
-
|
|
88
|
+
};
|
|
89
|
+
|
|
90
|
+
// Use NextResponse if available, fallback to standard Response
|
|
91
|
+
// This is to support Next.js 13.
|
|
92
|
+
return NextResponse?.json
|
|
93
|
+
? NextResponse.json(errorBody, { status: 500 })
|
|
94
|
+
: new Response(JSON.stringify(errorBody), {
|
|
95
|
+
status: 500,
|
|
96
|
+
headers: { 'Content-Type': 'application/json' },
|
|
97
|
+
});
|
|
82
98
|
}
|
|
83
99
|
}
|
|
@@ -4,7 +4,8 @@ import { GetAuthURLOptions } from './interfaces.js';
|
|
|
4
4
|
import { headers } from 'next/headers';
|
|
5
5
|
|
|
6
6
|
async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
7
|
-
const
|
|
7
|
+
const headersList = await headers();
|
|
8
|
+
const { returnPathname, screenHint, organizationId, redirectUri = headersList.get('x-redirect-uri') } = options;
|
|
8
9
|
|
|
9
10
|
return workos.userManagement.getAuthorizationUrl({
|
|
10
11
|
provider: 'authkit',
|
package/src/session.ts
CHANGED
|
@@ -79,14 +79,23 @@ async function updateSession(
|
|
|
79
79
|
|
|
80
80
|
// If the user is logged out and this path isn't on the allowlist for logged out paths, redirect to AuthKit.
|
|
81
81
|
if (middlewareAuth.enabled && matchedPaths.length === 0 && !session) {
|
|
82
|
-
if (debug) console.log(
|
|
82
|
+
if (debug) console.log(`Unauthenticated user on protected route ${request.url}, redirecting to AuthKit`);
|
|
83
83
|
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
84
|
+
const redirectTo = await getAuthorizationUrl({
|
|
85
|
+
returnPathname: getReturnPathname(request.url),
|
|
86
|
+
redirectUri: redirectUri ?? WORKOS_REDIRECT_URI,
|
|
87
|
+
});
|
|
88
|
+
|
|
89
|
+
// Fall back to standard Response if NextResponse is not available.
|
|
90
|
+
// This is to support Next.js 13.
|
|
91
|
+
return NextResponse?.redirect
|
|
92
|
+
? NextResponse.redirect(redirectTo)
|
|
93
|
+
: new Response(null, {
|
|
94
|
+
status: 302,
|
|
95
|
+
headers: {
|
|
96
|
+
Location: redirectTo,
|
|
97
|
+
},
|
|
98
|
+
});
|
|
90
99
|
}
|
|
91
100
|
|
|
92
101
|
// If no session, just continue
|
|
@@ -99,10 +108,12 @@ async function updateSession(
|
|
|
99
108
|
const hasValidSession = await verifyAccessToken(session.accessToken);
|
|
100
109
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
101
110
|
|
|
111
|
+
const nextCookies = await cookies();
|
|
112
|
+
|
|
102
113
|
if (hasValidSession) {
|
|
103
114
|
if (debug) console.log('Session is valid');
|
|
104
115
|
// set the x-workos-session header according to the current cookie value
|
|
105
|
-
newRequestHeaders.set(sessionHeaderName,
|
|
116
|
+
newRequestHeaders.set(sessionHeaderName, nextCookies.get(cookieName)!.value);
|
|
106
117
|
return NextResponse.next({
|
|
107
118
|
request: { headers: newRequestHeaders },
|
|
108
119
|
});
|
|
@@ -185,9 +196,12 @@ async function refreshSession({
|
|
|
185
196
|
});
|
|
186
197
|
|
|
187
198
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
188
|
-
const url = headers().get('x-url');
|
|
189
199
|
|
|
190
|
-
|
|
200
|
+
const headersList = await headers();
|
|
201
|
+
const url = headersList.get('x-url');
|
|
202
|
+
|
|
203
|
+
const nextCookies = await cookies();
|
|
204
|
+
nextCookies.set(cookieName, encryptedSession, getCookieOptions(url));
|
|
191
205
|
|
|
192
206
|
const { sid: sessionId, org_id: organizationId, role, permissions } = decodeJwt<AccessToken>(accessToken);
|
|
193
207
|
|
|
@@ -221,7 +235,8 @@ function getMiddlewareAuthPathRegex(pathGlob: string) {
|
|
|
221
235
|
}
|
|
222
236
|
|
|
223
237
|
async function redirectToSignIn() {
|
|
224
|
-
const
|
|
238
|
+
const headersList = await headers();
|
|
239
|
+
const url = headersList.get('x-url');
|
|
225
240
|
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
226
241
|
|
|
227
242
|
redirect(await getAuthorizationUrl({ returnPathname }));
|
|
@@ -264,14 +279,15 @@ async function verifyAccessToken(accessToken: string) {
|
|
|
264
279
|
try {
|
|
265
280
|
await jwtVerify(accessToken, JWKS);
|
|
266
281
|
return true;
|
|
267
|
-
} catch
|
|
282
|
+
} catch {
|
|
268
283
|
return false;
|
|
269
284
|
}
|
|
270
285
|
}
|
|
271
286
|
|
|
272
287
|
async function getSessionFromCookie(response?: NextResponse) {
|
|
273
288
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
274
|
-
const
|
|
289
|
+
const nextCookies = await cookies();
|
|
290
|
+
const cookie = response ? response.cookies.get(cookieName) : nextCookies.get(cookieName);
|
|
275
291
|
|
|
276
292
|
if (cookie) {
|
|
277
293
|
return unsealData<Session>(cookie.value, {
|
|
@@ -306,15 +322,17 @@ async function getSession(response?: NextResponse) {
|
|
|
306
322
|
}
|
|
307
323
|
|
|
308
324
|
async function getSessionFromHeader(): Promise<Session | undefined> {
|
|
309
|
-
const
|
|
325
|
+
const headersList = await headers();
|
|
326
|
+
const hasMiddleware = Boolean(headersList.get(middlewareHeaderName));
|
|
310
327
|
|
|
311
328
|
if (!hasMiddleware) {
|
|
329
|
+
const url = headersList.get('x-url');
|
|
312
330
|
throw new Error(
|
|
313
|
-
|
|
331
|
+
`You are calling 'withAuth' on ${url} that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling 'withAuth' from by updating your middleware config in 'middleware.(js|ts)'.`,
|
|
314
332
|
);
|
|
315
333
|
}
|
|
316
334
|
|
|
317
|
-
const authHeader =
|
|
335
|
+
const authHeader = headersList.get(sessionHeaderName);
|
|
318
336
|
if (!authHeader) return;
|
|
319
337
|
|
|
320
338
|
return unsealData<Session>(authHeader, { password: WORKOS_COOKIE_PASSWORD });
|
package/src/workos.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_KEY, WORKOS_API_HTTPS, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
|
|
4
|
-
export const VERSION = '0.
|
|
4
|
+
export const VERSION = '0.13.1';
|
|
5
5
|
|
|
6
6
|
const options = {
|
|
7
7
|
apiHostname: WORKOS_API_HOSTNAME,
|