@workos-inc/authkit-nextjs 0.4.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 WorkOS
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,145 @@
+# AuthKit Next.js Library
+
+The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js.
+
+## Installation
+
+Install the package with:
+
+```
+npm i @workos-inc/authkit-nextjs
+```
+
+or
+
+```
+yarn add @workos-inc/authkit-nextjs
+```
+
+## Pre-flight
+
+Make sure the following values are present in your `.env.local` environment variables file. The client ID and API key can be found in the [WorkOS dashboard](https://dashboard.workos.com), and the redirect URI can also be configured there.
+
+```sh
+WORKOS_CLIENT_ID="client_..." # retrieved from the WorkOS dashboard
+WORKOS_API_KEY="sk_test_..." # retrieved from the WorkOS dashboard
+WORKOS_REDIRECT_URI="http://localhost:3000/callback" # configured in the WorkOS dashboard
+WORKOS_COOKIE_PASSWORD="<your password>" # generate a secure password here
+```
+
+`WORKOS_COOKIE_PASSWORD` is the private key used to encrypt the session cookie. It has to be at least 32 characters long. You can use the [1Password generator](https://1password.com/password-generator/) or the `openssl` library to generate a strong password via the command line:
+
+```
+openssl rand -base64 24
+```
+
+To use the `signOut` method, you'll need to set your app's homepage in your WorkOS dashboard settings under "Redirects".
+
+## Setup
+
+### Callback route
+
+WorkOS requires that you have a callback URL to redirect users back to after they've authenticated. In your Next.js app, [expose an API route](https://nextjs.org/docs/app/building-your-application/routing/route-handlers) and add the following.
+
+```ts
+import { handleAuth } from '@workos-inc/authkit-nextjs';
+
+export const GET = handleAuth();
+```
+
+Make sure this route matches the `WORKOS_REDIRECT_URI` variable and the configured redirect URI in your WorkOS dashboard. For instance if your redirect URI is `http://localhost:3000/auth/callback` then you'd put the above code in `/app/auth/callback/route.ts`.
+
+You can also control the pathname the user will be sent to after signing-in by passing a `returnPathname` option to `handleAuth` like so:
+
+```ts
+export const GET = handleAuth({ returnPathname: '/dashboard' });
+```
+
+### Middleware
+
+This library relies on [Next.js middleware](https://nextjs.org/docs/app/building-your-application/routing/middleware) to provide session management for routes. Put the following in your `middleware.ts` file in the root of your project:
+
+```ts
+import { authkitMiddleware } from '@workos-inc/authkit-nextjs';
+
+export default authkitMiddleware();
+
+// Match against pages that require auth
+// Leave this out if you want auth on every page in your application
+export const config = { matcher: ['/admin'] };
+```
+
+## Usage
+
+### Get the current user
+
+For pages where you want to display a signed-in and signed-out view, use `getUser` to retrieve the user profile from WorkOS.
+
+```jsx
+import Link from 'next/link';
+import { getSignInUrl, getUser, signOut } from '@workos-inc/authkit-nextjs';
+
+export default async function HomePage() {
+  // Retrieves the user from the session or returns `null` if no user is signed in
+  const { user } = await getUser();
+
+  // Get the URL to redirect the user to AuthKit to sign in
+  const signInUrl = await getSignInUrl();
+
+  return user ? (
+    <form
+      action={async () => {
+        'use server';
+        await signOut();
+      }}
+    >
+      <p>Welcome back {user?.firstName && `, ${user?.firstName}`}</p>
+      <button type="submit">Sign out</button>
+    </form>
+  ) : (
+    <Link href={signInUrl}>Sign in</Link>
+  );
+}
+```
+
+### Requiring auth
+
+For pages where a signed-in user is mandatory, you can use the `ensureSignedIn` option:
+
+```jsx
+const { user } = await getUser({ ensureSignedIn: true });
+```
+
+Enabling `ensureSignedIn` will redirect users to AuthKit if they attempt to access the page without being authenticated.
+
+### Signing out
+
+Use the `signOut` method to sign out the current logged in user and redirect to your app's homepage. The homepage redirect is set in your WorkOS dashboard settings under "Redirect".
+
+### Visualizing an impersonation
+
+Render the `Impersonation` component in your app so that it is clear when someone is [impersonating a user](https://workos.com/docs/user-management/impersonation).
+The component will display a frame with some information about the impersonated user, as well as a button to stop impersonating.
+
+```jsx
+import { Impersonation } from '@workos-inc/authkit-nextjs';
+
+export default function App() {
+  return (
+    <div>
+      <Impersonation />
+      {/* Your app content */}
+    </div>
+  );
+}
+```
+
+### Debugging
+
+To enable debug logs, initialize the middleware with the debug flag enabled.
+
+```js
+import { authkitMiddleware } from '@workos-inc/authkit-nextjs';
+
+export default authkitMiddleware({ debug: true });
+```

package/dist/cjs/auth.d.ts

@@ -0,0 +1,3 @@
+declare function getSignInUrl(): Promise<string>;
+declare function signOut(): Promise<void>;
+export { getSignInUrl, signOut };

package/dist/cjs/auth.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signOut = exports.getSignInUrl = void 0;
+const get_authorization_url_js_1 = require("./get-authorization-url.js");
+const headers_1 = require("next/headers");
+const cookie_js_1 = require("./cookie.js");
+const session_js_1 = require("./session.js");
+async function getSignInUrl() {
+    return (0, get_authorization_url_js_1.getAuthorizationUrl)();
+}
+exports.getSignInUrl = getSignInUrl;
+async function signOut() {
+    (0, headers_1.cookies)().delete(cookie_js_1.cookieName);
+    await (0, session_js_1.terminateSession)();
+}
+exports.signOut = signOut;
+//# sourceMappingURL=auth.js.map

package/dist/cjs/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":";;;AAAA,yEAAiE;AACjE,0CAAuC;AACvC,2CAAyC;AACzC,6CAAgD;AAEhD,KAAK,UAAU,YAAY;IACzB,OAAO,IAAA,8CAAmB,GAAE,CAAC;AAC/B,CAAC;AAOQ,oCAAY;AALrB,KAAK,UAAU,OAAO;IACpB,IAAA,iBAAO,GAAE,CAAC,MAAM,CAAC,sBAAU,CAAC,CAAC;IAC7B,MAAM,IAAA,6BAAgB,GAAE,CAAC;AAC3B,CAAC;AAEsB,0BAAO"}

package/dist/cjs/authkit-callback-route.d.ts

@@ -0,0 +1,3 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { HandleAuthOptions } from './interfaces.js';
+export declare function handleAuth(options?: HandleAuthOptions): (request: NextRequest) => Promise<NextResponse<unknown>>;

package/dist/cjs/authkit-callback-route.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleAuth = void 0;
+const server_1 = require("next/server");
+const headers_1 = require("next/headers");
+const workos_js_1 = require("./workos.js");
+const env_variables_js_1 = require("./env-variables.js");
+const session_js_1 = require("./session.js");
+const cookie_js_1 = require("./cookie.js");
+function handleAuth(options = {}) {
+    const { returnPathname: returnPathnameOption = '/' } = options;
+    return async function GET(request) {
+        const code = request.nextUrl.searchParams.get('code');
+        const state = request.nextUrl.searchParams.get('state');
+        const returnPathname = state ? JSON.parse(atob(state)).returnPathname : null;
+        if (code) {
+            try {
+                // Use the code returned to us by AuthKit and authenticate the user with WorkOS
+                const { accessToken, refreshToken, user, impersonator } = await workos_js_1.workos.userManagement.authenticateWithCode({
+                    clientId: env_variables_js_1.WORKOS_CLIENT_ID,
+                    code,
+                });
+                const url = request.nextUrl.clone();
+                // Cleanup params
+                url.searchParams.delete('code');
+                url.searchParams.delete('state');
+                // Redirect to the requested path and store the session
+                url.pathname = returnPathname !== null && returnPathname !== void 0 ? returnPathname : returnPathnameOption;
+                const response = server_1.NextResponse.redirect(url);
+                if (!accessToken || !refreshToken)
+                    throw new Error('response is missing tokens');
+                // The refreshToken should never be accesible publicly, hence why we encrypt it in the cookie session
+                // Alternatively you could persist the refresh token in a backend database
+                const session = await (0, session_js_1.encryptSession)({ accessToken, refreshToken, user, impersonator });
+                (0, headers_1.cookies)().set(cookie_js_1.cookieName, session, cookie_js_1.cookieOptions);
+                return response;
+            }
+            catch (error) {
+                const errorRes = {
+                    error: error instanceof Error ? error.message : String(error),
+                };
+                console.error(errorRes);
+                return errorResponse();
+            }
+        }
+        return errorResponse();
+    };
+    function errorResponse() {
+        return server_1.NextResponse.json({
+            error: {
+                message: 'Something went wrong',
+                description: 'Couldn’t sign in. If you are not sure what happened, please contact your organization admin.',
+            },
+        }, { status: 500 });
+    }
+}
+exports.handleAuth = handleAuth;
+//# sourceMappingURL=authkit-callback-route.js.map

package/dist/cjs/authkit-callback-route.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":";;;AAAA,wCAAwD;AACxD,0CAAuC;AACvC,2CAAqC;AACrC,yDAAsD;AACtD,6CAA8C;AAC9C,2CAAwD;AAGxD,SAAgB,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC;IAE/D,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC;QAE7E,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,+EAA+E;gBAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAM,CAAC,cAAc,CAAC,oBAAoB,CAAC;oBACzG,QAAQ,EAAE,mCAAgB;oBAC1B,IAAI;iBACL,CAAC,CAAC;gBAEH,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAEpC,iBAAiB;gBACjB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEjC,uDAAuD;gBACvD,GAAG,CAAC,QAAQ,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,oBAAoB,CAAC;gBAEtD,MAAM,QAAQ,GAAG,qBAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAE5C,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;oBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAEjF,qGAAqG;gBACrG,0EAA0E;gBAC1E,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAc,EAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;gBACxF,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,EAAE,OAAO,EAAE,yBAAa,CAAC,CAAC;gBAElD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG;oBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;gBAEF,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAExB,OAAO,aAAa,EAAE,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,aAAa,EAAE,CAAC;IACzB,CAAC,CAAC;IAEF,SAAS,aAAa;QACpB,OAAO,qBAAY,CAAC,IAAI,CACtB;YACE,KAAK,EAAE;gBACL,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,8FAA8F;aAC5G;SACF,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACJ,CAAC;AACH,CAAC;AA5DD,gCA4DC"}

package/dist/cjs/button.d.ts

@@ -0,0 +1,3 @@
+import * as React from 'react';
+declare const Button: React.ForwardRefExoticComponent<Omit<React.DetailedHTMLProps<React.ButtonHTMLAttributes<HTMLButtonElement>, HTMLButtonElement>, "ref"> & React.RefAttributes<HTMLButtonElement>>;
+export { Button };

package/dist/cjs/button.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Button = void 0;
+const tslib_1 = require("tslib");
+const React = tslib_1.__importStar(require("react"));
+const Button = React.forwardRef((props, forwardedRef) => {
+    return (React.createElement("button", { ref: forwardedRef, type: "button", ...props, style: {
+            display: 'inline-flex',
+            alignItems: 'center',
+            justifyContent: 'center',
+            flexShrink: 0,
+            height: '1.714em',
+            padding: '0 0.6em',
+            fontFamily: 'inherit',
+            fontSize: 'inherit',
+            borderRadius: 'min(max(calc(var(--wi-s) * 0.6), 1px), 7px)',
+            border: 'none',
+            backgroundColor: 'var(--wi-c)',
+            color: 'white',
+            ...props.style,
+        } }));
+});
+exports.Button = Button;
+Button.displayName = 'Button';
+//# sourceMappingURL=button.js.map

package/dist/cjs/button.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"button.js","sourceRoot":"","sources":["../../src/button.tsx"],"names":[],"mappings":";;;;AAAA,qDAA+B;AAE/B,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,CAA8D,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;IACnH,OAAO,CACL,gCACE,GAAG,EAAE,YAAY,EACjB,IAAI,EAAC,QAAQ,KACT,KAAK,EACT,KAAK,EAAE;YACL,OAAO,EAAE,aAAa;YACtB,UAAU,EAAE,QAAQ;YACpB,cAAc,EAAE,QAAQ;YACxB,UAAU,EAAE,CAAC;YACb,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,SAAS;YAElB,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,6CAA6C;YAC3D,MAAM,EAAE,MAAM;YACd,eAAe,EAAE,aAAa;YAC9B,KAAK,EAAE,OAAO;YAEd,GAAG,KAAK,CAAC,KAAK;SACf,GACD,CACH,CAAC;AACJ,CAAC,CAAC,CAAC;AAIM,wBAAM;AAFf,MAAM,CAAC,WAAW,GAAG,QAAQ,CAAC"}

package/dist/cjs/cookie.d.ts

@@ -0,0 +1,8 @@
+declare const cookieName = "wos-session";
+declare const cookieOptions: {
+    path: string;
+    httpOnly: boolean;
+    secure: boolean;
+    sameSite: "lax";
+};
+export { cookieName, cookieOptions };

package/dist/cjs/cookie.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cookieOptions = exports.cookieName = void 0;
+const cookieName = 'wos-session';
+exports.cookieName = cookieName;
+const cookieOptions = {
+    path: '/',
+    httpOnly: true,
+    secure: true,
+    sameSite: 'lax',
+};
+exports.cookieOptions = cookieOptions;
+//# sourceMappingURL=cookie.js.map

package/dist/cjs/cookie.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":";;;AAAA,MAAM,UAAU,GAAG,aAAa,CAAC;AAQxB,gCAAU;AAPnB,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,GAAG;IACT,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,KAAc;CACzB,CAAC;AAEmB,sCAAa"}

package/dist/cjs/env-variables.d.ts

@@ -0,0 +1,5 @@
+declare const WORKOS_CLIENT_ID: string;
+declare const WORKOS_API_KEY: string;
+declare const WORKOS_REDIRECT_URI: string;
+declare const WORKOS_COOKIE_PASSWORD: string;
+export { WORKOS_CLIENT_ID, WORKOS_API_KEY, WORKOS_REDIRECT_URI, WORKOS_COOKIE_PASSWORD };

package/dist/cjs/env-variables.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WORKOS_COOKIE_PASSWORD = exports.WORKOS_REDIRECT_URI = exports.WORKOS_API_KEY = exports.WORKOS_CLIENT_ID = void 0;
+function getEnvVariable(name) {
+    const envVariable = process.env[name];
+    if (!envVariable) {
+        throw new Error(`${name} environment variable is not set`);
+    }
+    return envVariable;
+}
+const WORKOS_CLIENT_ID = getEnvVariable('WORKOS_CLIENT_ID');
+exports.WORKOS_CLIENT_ID = WORKOS_CLIENT_ID;
+const WORKOS_API_KEY = getEnvVariable('WORKOS_API_KEY');
+exports.WORKOS_API_KEY = WORKOS_API_KEY;
+const WORKOS_REDIRECT_URI = getEnvVariable('WORKOS_REDIRECT_URI');
+exports.WORKOS_REDIRECT_URI = WORKOS_REDIRECT_URI;
+const WORKOS_COOKIE_PASSWORD = getEnvVariable('WORKOS_COOKIE_PASSWORD');
+exports.WORKOS_COOKIE_PASSWORD = WORKOS_COOKIE_PASSWORD;
+if (WORKOS_COOKIE_PASSWORD.length < 32) {
+    throw new Error('WORKOS_COOKIE_PASSWORD must be at least 32 characters long');
+}
+//# sourceMappingURL=env-variables.js.map

package/dist/cjs/env-variables.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":";;;AAAA,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,kCAAkC,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;AASnD,4CAAgB;AARzB,MAAM,cAAc,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;AAQ7B,wCAAc;AAPzC,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAOvB,kDAAmB;AAN9D,MAAM,sBAAsB,GAAG,cAAc,CAAC,wBAAwB,CAAC,CAAC;AAMR,wDAAsB;AAJtF,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;IACvC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;AAChF,CAAC"}

package/dist/cjs/get-authorization-url.d.ts

@@ -0,0 +1,2 @@
+declare function getAuthorizationUrl(returnPathname?: string): Promise<string>;
+export { getAuthorizationUrl };

package/dist/cjs/get-authorization-url.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAuthorizationUrl = void 0;
+const workos_js_1 = require("./workos.js");
+const env_variables_js_1 = require("./env-variables.js");
+async function getAuthorizationUrl(returnPathname) {
+    return workos_js_1.workos.userManagement.getAuthorizationUrl({
+        provider: 'authkit',
+        clientId: env_variables_js_1.WORKOS_CLIENT_ID,
+        redirectUri: env_variables_js_1.WORKOS_REDIRECT_URI,
+        state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
+    });
+}
+exports.getAuthorizationUrl = getAuthorizationUrl;
+//# sourceMappingURL=get-authorization-url.js.map

package/dist/cjs/get-authorization-url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":";;;AAAA,2CAAqC;AACrC,yDAA2E;AAE3E,KAAK,UAAU,mBAAmB,CAAC,cAAuB;IACxD,OAAO,kBAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC;QAC/C,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,mCAAgB;QAC1B,WAAW,EAAE,sCAAmB;QAChC,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;KAC7E,CAAC,CAAC;AACL,CAAC;AAEQ,kDAAmB"}

package/dist/cjs/impersonation.d.ts

@@ -0,0 +1,6 @@
+import * as React from 'react';
+interface ImpersonationProps extends React.ComponentPropsWithoutRef<'div'> {
+    side?: 'top' | 'bottom';
+}
+export declare function Impersonation({ side, ...props }: ImpersonationProps): Promise<React.JSX.Element | null>;
+export {};

package/dist/cjs/impersonation.js

@@ -0,0 +1,119 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Impersonation = void 0;
+const tslib_1 = require("tslib");
+const React = tslib_1.__importStar(require("react"));
+const session_js_1 = require("./session.js");
+const auth_js_1 = require("./auth.js");
+const workos_js_1 = require("./workos.js");
+const button_js_1 = require("./button.js");
+const min_max_button_js_1 = require("./min-max-button.js");
+async function Impersonation({ side = 'bottom', ...props }) {
+    const { impersonator, user, organizationId } = await (0, session_js_1.getUser)();
+    if (!impersonator)
+        return null;
+    const organization = organizationId ? await workos_js_1.workos.organizations.getOrganization(organizationId) : null;
+    return (React.createElement("div", { ...props, "data-workos-impersonation-root": "", style: {
+            'position': 'fixed',
+            'inset': 0,
+            'pointerEvents': 'none',
+            'zIndex': 9999,
+            // short properties with defaults for authoring convenience
+            '--wi-minimized': '0',
+            '--wi-s': 'min(max(var(--workos-impersonation-size, 4px), 2px), 15px)',
+            '--wi-bgc': 'var(--workos-impersonation-background-color, #fce654)',
+            '--wi-c': 'var(--workos-impersonation-color, #1a1600)',
+            '--wi-bc': 'var(--workos-impersonation-border-color, #e0c36c)',
+            '--wi-bw': 'var(--workos-impersonation-border-width, 1px)',
+            ...props.style,
+        } },
+        React.createElement("div", { style: {
+                '--wi-frame-size': 'calc(var(--wi-s) * (1 - var(--wi-minimized)) + var(--wi-minimized) * var(--wi-bw) * -1)',
+                'position': 'absolute',
+                'inset': 'calc(var(--wi-frame-size) * -1)',
+                'borderRadius': 'calc(var(--wi-frame-size) * 3)',
+                'boxShadow': `
+						inset 0 0 0 calc(var(--wi-frame-size) * 2) var(--wi-bgc),
+						inset 0 0 0 calc(var(--wi-frame-size) * 2 + var(--wi-bw)) var(--wi-bc)
+					`,
+                'transition': 'all 500ms cubic-bezier(0.16, 1, 0.3, 1)',
+            } }),
+        React.createElement("div", { style: {
+                display: 'flex',
+                justifyContent: 'center',
+                position: 'fixed',
+                left: 0,
+                right: 0,
+                ...(side === 'top' && { top: 'var(--wi-s)' }),
+                ...(side === 'bottom' && { bottom: 'var(--wi-s)' }),
+                fontFamily: "system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif",
+                fontSize: 'calc(12px + var(--wi-s) * 0.5)',
+                lineHeight: '1.4',
+            } },
+            React.createElement("form", { action: async () => {
+                    'use server';
+                    await (0, auth_js_1.signOut)();
+                }, style: {
+                    display: 'flex',
+                    alignItems: 'baseline',
+                    paddingLeft: 'var(--wi-s)',
+                    paddingRight: 'var(--wi-s)',
+                    position: 'relative',
+                    marginLeft: 'calc(var(--wi-s) * 2)',
+                    marginRight: 'calc(var(--wi-s) * 2)',
+                    pointerEvents: 'auto',
+                    backgroundColor: 'var(--wi-bgc)',
+                    borderStyle: 'solid',
+                    borderColor: 'var(--wi-bc)',
+                    borderLeftWidth: 'var(--wi-bw)',
+                    borderRightWidth: 'var(--wi-bw)',
+                    transition: 'all 500ms cubic-bezier(0.16, 1, 0.3, 1)',
+                    transform: `translateX(calc(var(--wi-minimized) * (var(--wi-s) * 10 - 5%)))`,
+                    opacity: 'calc(1 - var(--wi-minimized))',
+                    zIndex: 'calc(1 - var(--wi-minimized))',
+                    ...(side === 'top' && {
+                        paddingTop: 0,
+                        paddingBottom: 'var(--wi-s)',
+                        borderTopWidth: 0,
+                        borderBottomWidth: 'var(--wi-bw)',
+                        borderBottomLeftRadius: 'var(--wi-s)',
+                        borderBottomRightRadius: 'var(--wi-s)',
+                    }),
+                    ...(side === 'bottom' && {
+                        paddingTop: 'var(--wi-s)',
+                        paddingBottom: 0,
+                        borderTopWidth: 'var(--wi-bw)',
+                        borderBottomWidth: 0,
+                        borderTopLeftRadius: 'var(--wi-s)',
+                        borderTopRightRadius: 'var(--wi-s)',
+                    }),
+                } },
+                React.createElement("p", { style: { all: 'unset', color: 'var(--wi-c)', textWrap: 'balance', marginLeft: 'var(--wi-s)' } },
+                    "You are impersonating ",
+                    React.createElement("b", null, user.email),
+                    ' ',
+                    organization !== null && (React.createElement(React.Fragment, null,
+                        "within the ",
+                        React.createElement("b", null, organization.name),
+                        " organization"))),
+                React.createElement(button_js_1.Button, { type: "submit", style: { marginLeft: 'calc(var(--wi-s) * 2)', marginRight: 'var(--wi-s)' } }, "Stop"),
+                React.createElement(min_max_button_js_1.MinMaxButton, { minimizedValue: "1" }, side === 'top' ? '↗' : '↘')),
+            React.createElement("div", { style: {
+                    padding: 'var(--wi-s)',
+                    position: 'fixed',
+                    right: 'var(--wi-s)',
+                    pointerEvents: 'auto',
+                    backgroundColor: 'var(--wi-bgc)',
+                    border: 'var(--wi-bw) solid var(--wi-bc)',
+                    borderRadius: 'var(--wi-s)',
+                    transition: 'all 500ms cubic-bezier(0.16, 1, 0.3, 1)',
+                    transform: 'translateX(calc((1 - var(--wi-minimized)) * var(--wi-s) * -5))',
+                    opacity: 'var(--wi-minimized)',
+                    zIndex: 'var(--wi-minimized)',
+                    ...(side === 'top' && { top: 'var(--wi-s)' }),
+                    ...(side === 'bottom' && { bottom: 'var(--wi-s)' }),
+                } },
+                React.createElement(min_max_button_js_1.MinMaxButton, { minimizedValue: "0" }, side === 'top' ? '↙' : '↖')))));
+}
+exports.Impersonation = Impersonation;
+//# sourceMappingURL=impersonation.js.map

package/dist/cjs/impersonation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"impersonation.js","sourceRoot":"","sources":["../../src/impersonation.tsx"],"names":[],"mappings":";;;;AAAA,qDAA+B;AAC/B,6CAAuC;AACvC,uCAAoC;AACpC,2CAAqC;AACrC,2CAAqC;AACrC,2DAAmD;AAM5C,KAAK,UAAU,aAAa,CAAC,EAAE,IAAI,GAAG,QAAQ,EAAE,GAAG,KAAK,EAAsB;IACnF,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,MAAM,IAAA,oBAAO,GAAE,CAAC;IAE/D,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAE/B,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,kBAAM,CAAC,aAAa,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAExG,OAAO,CACL,gCACM,KAAK,oCACsB,EAAE,EACjC,KAAK,EAAE;YACL,UAAU,EAAE,OAAO;YACnB,OAAO,EAAE,CAAC;YACV,eAAe,EAAE,MAAM;YACvB,QAAQ,EAAE,IAAI;YAEd,2DAA2D;YAC3D,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,4DAA4D;YACtE,UAAU,EAAE,uDAAuD;YACnE,QAAQ,EAAE,4CAA4C;YACtD,SAAS,EAAE,mDAAmD;YAC9D,SAAS,EAAE,+CAA+C;YAE1D,GAAG,KAAK,CAAC,KAAK;SACf;QAED,6BACE,KAAK,EAAE;gBACL,iBAAiB,EAAE,yFAAyF;gBAC5G,UAAU,EAAE,UAAU;gBACtB,OAAO,EAAE,iCAAiC;gBAC1C,cAAc,EAAE,gCAAgC;gBAChD,WAAW,EAAE;;;MAGjB;gBACI,YAAY,EAAE,yCAAyC;aACxD,GACD;QAEF,6BACE,KAAK,EAAE;gBACL,OAAO,EAAE,MAAM;gBACf,cAAc,EAAE,QAAQ;gBAExB,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,CAAC;gBACR,GAAG,CAAC,IAAI,KAAK,KAAK,IAAI,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC;gBAC7C,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;gBAEnD,UAAU,EACR,wIAAwI;gBAC1I,QAAQ,EAAE,gCAAgC;gBAC1C,UAAU,EAAE,KAAK;aAClB;YAED,8BACE,MAAM,EAAE,KAAK,IAAI,EAAE;oBACjB,YAAY,CAAC;oBACb,MAAM,IAAA,iBAAO,GAAE,CAAC;gBAClB,CAAC,EACD,KAAK,EAAE;oBACL,OAAO,EAAE,MAAM;oBACf,UAAU,EAAE,UAAU;oBACtB,WAAW,EAAE,aAAa;oBAC1B,YAAY,EAAE,aAAa;oBAE3B,QAAQ,EAAE,UAAU;oBACpB,UAAU,EAAE,uBAAuB;oBACnC,WAAW,EAAE,uBAAuB;oBAEpC,aAAa,EAAE,MAAM;oBACrB,eAAe,EAAE,eAAe;oBAChC,WAAW,EAAE,OAAO;oBACpB,WAAW,EAAE,cAAc;oBAC3B,eAAe,EAAE,cAAc;oBAC/B,gBAAgB,EAAE,cAAc;oBAEhC,UAAU,EAAE,yCAAyC;oBACrD,SAAS,EAAE,iEAAiE;oBAC5E,OAAO,EAAE,+BAA+B;oBACxC,MAAM,EAAE,+BAA+B;oBAEvC,GAAG,CAAC,IAAI,KAAK,KAAK,IAAI;wBACpB,UAAU,EAAE,CAAC;wBACb,aAAa,EAAE,aAAa;wBAC5B,cAAc,EAAE,CAAC;wBACjB,iBAAiB,EAAE,cAAc;wBACjC,sBAAsB,EAAE,aAAa;wBACrC,uBAAuB,EAAE,aAAa;qBACvC,CAAC;oBAEF,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI;wBACvB,UAAU,EAAE,aAAa;wBACzB,aAAa,EAAE,CAAC;wBAChB,cAAc,EAAE,cAAc;wBAC9B,iBAAiB,EAAE,CAAC;wBACpB,mBAAmB,EAAE,aAAa;wBAClC,oBAAoB,EAAE,aAAa;qBACpC,CAAC;iBACH;gBAED,2BAAG,KAAK,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE;;oBACxE,+BAAI,IAAI,CAAC,KAAK,CAAK;oBAAC,GAAG;oBAC5C,YAAY,KAAK,IAAI,IAAI,CACxB;;wBACa,+BAAI,YAAY,CAAC,IAAI,CAAK;wCACpC,CACJ,CACC;gBACJ,oBAAC,kBAAM,IAAC,IAAI,EAAC,QAAQ,EAAC,KAAK,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE,WAAW,EAAE,aAAa,EAAE,WAEvF;gBACT,oBAAC,gCAAY,IAAC,cAAc,EAAC,GAAG,IAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAgB,CACvE;YAEP,6BACE,KAAK,EAAE;oBACL,OAAO,EAAE,aAAa;oBAEtB,QAAQ,EAAE,OAAO;oBACjB,KAAK,EAAE,aAAa;oBAEpB,aAAa,EAAE,MAAM;oBACrB,eAAe,EAAE,eAAe;oBAChC,MAAM,EAAE,iCAAiC;oBACzC,YAAY,EAAE,aAAa;oBAE3B,UAAU,EAAE,yCAAyC;oBACrD,SAAS,EAAE,gEAAgE;oBAC3E,OAAO,EAAE,qBAAqB;oBAC9B,MAAM,EAAE,qBAAqB;oBAE7B,GAAG,CAAC,IAAI,KAAK,KAAK,IAAI,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC;oBAC7C,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;iBACpD;gBAED,oBAAC,gCAAY,IAAC,cAAc,EAAC,GAAG,IAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAgB,CACxE,CACF,CACF,CACP,CAAC;AACJ,CAAC;AAjJD,sCAiJC"}

package/dist/cjs/index.d.ts

@@ -0,0 +1,6 @@
+import { handleAuth } from './authkit-callback-route.js';
+import { authkitMiddleware } from './middleware.js';
+import { getUser } from './session.js';
+import { getSignInUrl, signOut } from './auth.js';
+import { Impersonation } from './impersonation.js';
+export { handleAuth, authkitMiddleware, getSignInUrl, getUser, signOut, Impersonation, };

package/dist/cjs/index.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Impersonation = exports.signOut = exports.getUser = exports.getSignInUrl = exports.authkitMiddleware = exports.handleAuth = void 0;
+const authkit_callback_route_js_1 = require("./authkit-callback-route.js");
+Object.defineProperty(exports, "handleAuth", { enumerable: true, get: function () { return authkit_callback_route_js_1.handleAuth; } });
+const middleware_js_1 = require("./middleware.js");
+Object.defineProperty(exports, "authkitMiddleware", { enumerable: true, get: function () { return middleware_js_1.authkitMiddleware; } });
+const session_js_1 = require("./session.js");
+Object.defineProperty(exports, "getUser", { enumerable: true, get: function () { return session_js_1.getUser; } });
+const auth_js_1 = require("./auth.js");
+Object.defineProperty(exports, "getSignInUrl", { enumerable: true, get: function () { return auth_js_1.getSignInUrl; } });
+Object.defineProperty(exports, "signOut", { enumerable: true, get: function () { return auth_js_1.signOut; } });
+const impersonation_js_1 = require("./impersonation.js");
+Object.defineProperty(exports, "Impersonation", { enumerable: true, get: function () { return impersonation_js_1.Impersonation; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,2EAAyD;AAOvD,2FAPO,sCAAU,OAOP;AANZ,mDAAoD;AAQlD,kGARO,iCAAiB,OAQP;AAPnB,6CAAuC;AAUrC,wFAVO,oBAAO,OAUP;AATT,uCAAkD;AAQhD,6FARO,sBAAY,OAQP;AAEZ,wFAVqB,iBAAO,OAUrB;AATT,yDAAmD;AAWjD,8FAXO,gCAAa,OAWP"}

package/dist/cjs/interfaces.d.ts

@@ -0,0 +1,33 @@
+import { User } from '@workos-inc/node';
+export interface HandleAuthOptions {
+    returnPathname?: string;
+}
+export interface Impersonator {
+    email: string;
+    reason: string | null;
+}
+export interface Session {
+    accessToken: string;
+    refreshToken: string;
+    user: User;
+    impersonator?: Impersonator;
+}
+export interface UserInfo {
+    user: User;
+    sessionId: string;
+    organizationId?: string;
+    role?: string;
+    impersonator?: Impersonator;
+}
+export interface NoUserInfo {
+    user: null;
+    sessionId?: undefined;
+    organizationId?: undefined;
+    role?: undefined;
+    impersonator?: undefined;
+}
+export interface AccessToken {
+    sid: string;
+    org_id?: string;
+    role?: string;
+}

package/dist/cjs/interfaces.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=interfaces.js.map

package/dist/cjs/interfaces.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../../src/interfaces.ts"],"names":[],"mappings":""}

package/dist/cjs/middleware.d.ts

@@ -0,0 +1,6 @@
+import { NextMiddleware } from 'next/server';
+interface AuthkitMiddlewareOptions {
+    debug?: boolean;
+}
+export declare function authkitMiddleware({ debug }?: AuthkitMiddlewareOptions): NextMiddleware;
+export {};

package/dist/cjs/middleware.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authkitMiddleware = void 0;
+const session_js_1 = require("./session.js");
+function authkitMiddleware({ debug = false } = {}) {
+    return function (request) {
+        return (0, session_js_1.updateSession)(request, debug);
+    };
+}
+exports.authkitMiddleware = authkitMiddleware;
+//# sourceMappingURL=middleware.js.map

package/dist/cjs/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/middleware.ts"],"names":[],"mappings":";;;AACA,6CAA6C;AAM7C,SAAgB,iBAAiB,CAAC,EAAE,KAAK,GAAG,KAAK,KAA+B,EAAE;IAChF,OAAO,UAAU,OAAO;QACtB,OAAO,IAAA,0BAAa,EAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACvC,CAAC,CAAC;AACJ,CAAC;AAJD,8CAIC"}

package/dist/cjs/min-max-button.d.ts

@@ -0,0 +1,7 @@
+import * as React from 'react';
+interface MinMaxButtonProps {
+    children?: React.ReactNode;
+    minimizedValue: '0' | '1';
+}
+export declare function MinMaxButton({ children, minimizedValue }: MinMaxButtonProps): React.JSX.Element;
+export {};