@workos-inc/authkit-nextjs 0.8.1 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -0
- package/dist/cjs/auth.d.ts +3 -1
- package/dist/cjs/auth.js +2 -2
- package/dist/cjs/auth.js.map +1 -1
- package/dist/cjs/cookie.d.ts +1 -0
- package/dist/cjs/cookie.js +1 -0
- package/dist/cjs/cookie.js.map +1 -1
- package/dist/cjs/env-variables.d.ts +2 -1
- package/dist/cjs/env-variables.js +3 -1
- package/dist/cjs/env-variables.js.map +1 -1
- package/dist/cjs/get-authorization-url.js +2 -1
- package/dist/cjs/get-authorization-url.js.map +1 -1
- package/dist/cjs/index.d.ts +2 -2
- package/dist/cjs/index.js +2 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/interfaces.d.ts +1 -0
- package/dist/cjs/session.d.ts +9 -1
- package/dist/cjs/session.js +43 -4
- package/dist/cjs/session.js.map +1 -1
- package/dist/cjs/workos.d.ts +1 -1
- package/dist/cjs/workos.js +1 -1
- package/package.json +3 -2
- package/src/auth.ts +2 -2
- package/src/cookie.ts +2 -1
- package/src/env-variables.ts +2 -0
- package/src/get-authorization-url.ts +2 -1
- package/src/index.ts +2 -1
- package/src/interfaces.ts +1 -0
- package/src/session.ts +62 -6
- package/src/workos.ts +1 -1
package/README.md
CHANGED
|
@@ -16,6 +16,12 @@ or
|
|
|
16
16
|
yarn add @workos-inc/authkit-nextjs
|
|
17
17
|
```
|
|
18
18
|
|
|
19
|
+
## Video tutorial
|
|
20
|
+
|
|
21
|
+
<a href="https://youtu.be/gMkHOotg0xc?feature=shared" target="_blank">
|
|
22
|
+
<img src="https://github.com/user-attachments/assets/ed67129b-3b27-4745-8960-64db4c8ab393" alt="YouTube tutorial: Next.js App Router Authentication with AuthKit" style="display: block; width: 100%; max-width: 720px; height: auto; aspect-ratio: 16/9; object-fit: cover; object-position: center; margin: 1em auto;" onerror="this.onerror=null; this.src='https://img.youtube.com/vi/gMkHOotg0xc/0.jpg'" />
|
|
23
|
+
</a>
|
|
24
|
+
|
|
19
25
|
## Pre-flight
|
|
20
26
|
|
|
21
27
|
Make sure the following values are present in your `.env.local` environment variables file. The client ID and API key can be found in the [WorkOS dashboard](https://dashboard.workos.com), and the redirect URI can also be configured there.
|
|
@@ -46,6 +52,10 @@ WORKOS_API_HTTPS=true # whether to use HTTPS in API calls
|
|
|
46
52
|
WORKOS_API_PORT=3000 # port to use for API calls
|
|
47
53
|
```
|
|
48
54
|
|
|
55
|
+
`WORKOS_COOKIE_DOMAIN` can be used to share WorkOS sessions between apps/domains.
|
|
56
|
+
Note: The `WORKOS_COOKIE_PASSWORD` would need to be the same across apps/domains.
|
|
57
|
+
Not needed for most use cases.
|
|
58
|
+
|
|
49
59
|
## Setup
|
|
50
60
|
|
|
51
61
|
### Callback route
|
|
@@ -202,6 +212,12 @@ export default async function HomePage() {
|
|
|
202
212
|
}
|
|
203
213
|
```
|
|
204
214
|
|
|
215
|
+
### Refreshing the session
|
|
216
|
+
|
|
217
|
+
Use the `refreshSession` method in a server action or route handler to fetch the latest session details, including any changes to the user's roles or permissions.
|
|
218
|
+
|
|
219
|
+
The `organizationId` parameter can be passed to `refreshSession` in order to switch the session to a different organization. If the current session is not authorized for the next organization, an appropriate [authentication error](https://workos.com/docs/reference/user-management/authentication-errors) will be returned.
|
|
220
|
+
|
|
205
221
|
### Debugging
|
|
206
222
|
|
|
207
223
|
To enable debug logs, initialize the middleware with the debug flag enabled.
|
package/dist/cjs/auth.d.ts
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
declare function getSignInUrl(
|
|
1
|
+
declare function getSignInUrl({ organizationId }?: {
|
|
2
|
+
organizationId?: string;
|
|
3
|
+
}): Promise<string>;
|
|
2
4
|
declare function getSignUpUrl(): Promise<string>;
|
|
3
5
|
declare function signOut(): Promise<void>;
|
|
4
6
|
export { getSignInUrl, getSignUpUrl, signOut };
|
package/dist/cjs/auth.js
CHANGED
|
@@ -5,8 +5,8 @@ const get_authorization_url_js_1 = require("./get-authorization-url.js");
|
|
|
5
5
|
const headers_1 = require("next/headers");
|
|
6
6
|
const cookie_js_1 = require("./cookie.js");
|
|
7
7
|
const session_js_1 = require("./session.js");
|
|
8
|
-
async function getSignInUrl() {
|
|
9
|
-
return (0, get_authorization_url_js_1.getAuthorizationUrl)({ screenHint: 'sign-in' });
|
|
8
|
+
async function getSignInUrl({ organizationId } = {}) {
|
|
9
|
+
return (0, get_authorization_url_js_1.getAuthorizationUrl)({ organizationId, screenHint: 'sign-in' });
|
|
10
10
|
}
|
|
11
11
|
exports.getSignInUrl = getSignInUrl;
|
|
12
12
|
async function getSignUpUrl() {
|
package/dist/cjs/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":";;;AAAA,yEAAiE;AACjE,0CAAuC;AACvC,2CAAyC;AACzC,6CAAgD;AAEhD,KAAK,UAAU,YAAY;
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":";;;AAAA,yEAAiE;AACjE,0CAAuC;AACvC,2CAAyC;AACzC,6CAAgD;AAEhD,KAAK,UAAU,YAAY,CAAC,EAAE,cAAc,KAAkC,EAAE;IAC9E,OAAO,IAAA,8CAAmB,EAAC,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;AACxE,CAAC;AAWQ,oCAAY;AATrB,KAAK,UAAU,YAAY;IACzB,OAAO,IAAA,8CAAmB,EAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;AACxD,CAAC;AAOsB,oCAAY;AALnC,KAAK,UAAU,OAAO;IACpB,IAAA,iBAAO,GAAE,CAAC,MAAM,CAAC,sBAAU,CAAC,CAAC;IAC7B,MAAM,IAAA,6BAAgB,GAAE,CAAC;AAC3B,CAAC;AAEoC,0BAAO"}
|
package/dist/cjs/cookie.d.ts
CHANGED
package/dist/cjs/cookie.js
CHANGED
|
@@ -15,6 +15,7 @@ const cookieOptions = {
|
|
|
15
15
|
// It's fine to have a long cookie expiry date as the access/refresh tokens
|
|
16
16
|
// act as the actual time-limited aspects of the session.
|
|
17
17
|
maxAge: env_variables_js_1.WORKOS_COOKIE_MAX_AGE ? parseInt(env_variables_js_1.WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400,
|
|
18
|
+
domain: env_variables_js_1.WORKOS_COOKIE_DOMAIN,
|
|
18
19
|
};
|
|
19
20
|
exports.cookieOptions = cookieOptions;
|
|
20
21
|
//# sourceMappingURL=cookie.js.map
|
package/dist/cjs/cookie.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":";;;AAAA,yDAAsG;AAEtG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,sCAAmB,CAAC,CAAC;AACjD,MAAM,gBAAgB,GAAG,WAAW,CAAC,QAAQ,KAAK,QAAQ,CAAC;AAE3D,MAAM,UAAU,GAAG,aAAa,CAAC;AAaxB,gCAAU;AAZnB,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,GAAG;IACT,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,gBAAgB;IACxB,QAAQ,EAAE,KAAc;IACxB,sDAAsD;IACtD,2EAA2E;IAC3E,yDAAyD;IACzD,MAAM,EAAE,wCAAqB,CAAC,CAAC,CAAC,QAAQ,CAAC,wCAAqB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG;IACxF,MAAM,EAAE,uCAAoB;CAC7B,CAAC;AAEmB,sCAAa"}
|
|
@@ -5,5 +5,6 @@ declare const WORKOS_COOKIE_PASSWORD: string;
|
|
|
5
5
|
declare const WORKOS_API_HOSTNAME: string | undefined;
|
|
6
6
|
declare const WORKOS_API_HTTPS: string | undefined;
|
|
7
7
|
declare const WORKOS_API_PORT: string | undefined;
|
|
8
|
+
declare const WORKOS_COOKIE_DOMAIN: string | undefined;
|
|
8
9
|
declare const WORKOS_COOKIE_MAX_AGE: string | undefined;
|
|
9
|
-
export { WORKOS_CLIENT_ID, WORKOS_API_KEY, WORKOS_REDIRECT_URI, WORKOS_COOKIE_PASSWORD, WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_PORT, WORKOS_COOKIE_MAX_AGE, };
|
|
10
|
+
export { WORKOS_CLIENT_ID, WORKOS_API_KEY, WORKOS_REDIRECT_URI, WORKOS_COOKIE_PASSWORD, WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_PORT, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, };
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.WORKOS_COOKIE_MAX_AGE = exports.WORKOS_API_PORT = exports.WORKOS_API_HTTPS = exports.WORKOS_API_HOSTNAME = exports.WORKOS_COOKIE_PASSWORD = exports.WORKOS_REDIRECT_URI = exports.WORKOS_API_KEY = exports.WORKOS_CLIENT_ID = void 0;
|
|
3
|
+
exports.WORKOS_COOKIE_MAX_AGE = exports.WORKOS_COOKIE_DOMAIN = exports.WORKOS_API_PORT = exports.WORKOS_API_HTTPS = exports.WORKOS_API_HOSTNAME = exports.WORKOS_COOKIE_PASSWORD = exports.WORKOS_REDIRECT_URI = exports.WORKOS_API_KEY = exports.WORKOS_CLIENT_ID = void 0;
|
|
4
4
|
function getEnvVariable(name) {
|
|
5
5
|
const envVariable = process.env[name];
|
|
6
6
|
if (!envVariable) {
|
|
@@ -25,6 +25,8 @@ const WORKOS_API_HTTPS = getOptionalEnvVariable('WORKOS_API_HTTPS');
|
|
|
25
25
|
exports.WORKOS_API_HTTPS = WORKOS_API_HTTPS;
|
|
26
26
|
const WORKOS_API_PORT = getOptionalEnvVariable('WORKOS_API_PORT');
|
|
27
27
|
exports.WORKOS_API_PORT = WORKOS_API_PORT;
|
|
28
|
+
const WORKOS_COOKIE_DOMAIN = getOptionalEnvVariable('WORKOS_COOKIE_DOMAIN');
|
|
29
|
+
exports.WORKOS_COOKIE_DOMAIN = WORKOS_COOKIE_DOMAIN;
|
|
28
30
|
const WORKOS_COOKIE_MAX_AGE = getOptionalEnvVariable('WORKOS_COOKIE_MAX_AGE');
|
|
29
31
|
exports.WORKOS_COOKIE_MAX_AGE = WORKOS_COOKIE_MAX_AGE;
|
|
30
32
|
if (WORKOS_COOKIE_PASSWORD.length < 32) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":";;;AAAA,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,kCAAkC,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":";;;AAAA,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,kCAAkC,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;AAe1D,4CAAgB;AAdlB,MAAM,cAAc,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;AAetD,wCAAc;AAdhB,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAehE,kDAAmB;AAdrB,MAAM,sBAAsB,GAAG,cAAc,CAAC,wBAAwB,CAAC,CAAC;AAetE,wDAAsB;AAdxB,MAAM,mBAAmB,GAAG,sBAAsB,CAAC,qBAAqB,CAAC,CAAC;AAexE,kDAAmB;AAdrB,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,kBAAkB,CAAC,CAAC;AAelE,4CAAgB;AAdlB,MAAM,eAAe,GAAG,sBAAsB,CAAC,iBAAiB,CAAC,CAAC;AAehE,0CAAe;AAdjB,MAAM,oBAAoB,GAAG,sBAAsB,CAAC,sBAAsB,CAAC,CAAC;AAe1E,oDAAoB;AAdtB,MAAM,qBAAqB,GAAG,sBAAsB,CAAC,uBAAuB,CAAC,CAAC;AAe5E,sDAAqB;AAbvB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;IACvC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;AAChF,CAAC"}
|
|
@@ -4,13 +4,14 @@ exports.getAuthorizationUrl = void 0;
|
|
|
4
4
|
const workos_js_1 = require("./workos.js");
|
|
5
5
|
const env_variables_js_1 = require("./env-variables.js");
|
|
6
6
|
async function getAuthorizationUrl(options = {}) {
|
|
7
|
-
const { returnPathname, screenHint } = options;
|
|
7
|
+
const { returnPathname, screenHint, organizationId } = options;
|
|
8
8
|
return workos_js_1.workos.userManagement.getAuthorizationUrl({
|
|
9
9
|
provider: 'authkit',
|
|
10
10
|
clientId: env_variables_js_1.WORKOS_CLIENT_ID,
|
|
11
11
|
redirectUri: env_variables_js_1.WORKOS_REDIRECT_URI,
|
|
12
12
|
state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
|
|
13
13
|
screenHint,
|
|
14
|
+
organizationId,
|
|
14
15
|
});
|
|
15
16
|
}
|
|
16
17
|
exports.getAuthorizationUrl = getAuthorizationUrl;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":";;;AAAA,2CAAqC;AACrC,yDAA2E;AAG3E,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAE/
|
|
1
|
+
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":";;;AAAA,2CAAqC;AACrC,yDAA2E;AAG3E,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;IAE/D,OAAO,kBAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC;QAC/C,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,mCAAgB;QAC1B,WAAW,EAAE,sCAAmB;QAChC,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;QAC5E,UAAU;QACV,cAAc;KACf,CAAC,CAAC;AACL,CAAC;AAEQ,kDAAmB"}
|
package/dist/cjs/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { handleAuth } from './authkit-callback-route.js';
|
|
2
2
|
import { authkitMiddleware } from './middleware.js';
|
|
3
|
-
import { getUser } from './session.js';
|
|
3
|
+
import { getUser, refreshSession } from './session.js';
|
|
4
4
|
import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
|
|
5
5
|
import { Impersonation } from './impersonation.js';
|
|
6
|
-
export { handleAuth, authkitMiddleware, getSignInUrl, getSignUpUrl, getUser, signOut, Impersonation, };
|
|
6
|
+
export { handleAuth, authkitMiddleware, getSignInUrl, getSignUpUrl, getUser, refreshSession, signOut, Impersonation, };
|
package/dist/cjs/index.js
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.Impersonation = exports.signOut = exports.getUser = exports.getSignUpUrl = exports.getSignInUrl = exports.authkitMiddleware = exports.handleAuth = void 0;
|
|
3
|
+
exports.Impersonation = exports.signOut = exports.refreshSession = exports.getUser = exports.getSignUpUrl = exports.getSignInUrl = exports.authkitMiddleware = exports.handleAuth = void 0;
|
|
4
4
|
const authkit_callback_route_js_1 = require("./authkit-callback-route.js");
|
|
5
5
|
Object.defineProperty(exports, "handleAuth", { enumerable: true, get: function () { return authkit_callback_route_js_1.handleAuth; } });
|
|
6
6
|
const middleware_js_1 = require("./middleware.js");
|
|
7
7
|
Object.defineProperty(exports, "authkitMiddleware", { enumerable: true, get: function () { return middleware_js_1.authkitMiddleware; } });
|
|
8
8
|
const session_js_1 = require("./session.js");
|
|
9
9
|
Object.defineProperty(exports, "getUser", { enumerable: true, get: function () { return session_js_1.getUser; } });
|
|
10
|
+
Object.defineProperty(exports, "refreshSession", { enumerable: true, get: function () { return session_js_1.refreshSession; } });
|
|
10
11
|
const auth_js_1 = require("./auth.js");
|
|
11
12
|
Object.defineProperty(exports, "getSignInUrl", { enumerable: true, get: function () { return auth_js_1.getSignInUrl; } });
|
|
12
13
|
Object.defineProperty(exports, "getSignUpUrl", { enumerable: true, get: function () { return auth_js_1.getSignUpUrl; } });
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,2EAAyD;AAOvD,2FAPO,sCAAU,OAOP;AANZ,mDAAoD;AAQlD,kGARO,iCAAiB,OAQP;AAPnB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,2EAAyD;AAOvD,2FAPO,sCAAU,OAOP;AANZ,mDAAoD;AAQlD,kGARO,iCAAiB,OAQP;AAPnB,6CAAuD;AAWrD,wFAXO,oBAAO,OAWP;AACP,+FAZgB,2BAAc,OAYhB;AAXhB,uCAAgE;AAQ9D,6FARO,sBAAY,OAQP;AACZ,6FATqB,sBAAY,OASrB;AAGZ,wFAZmC,iBAAO,OAYnC;AAXT,yDAAmD;AAajD,8FAbO,gCAAa,OAaP"}
|
package/dist/cjs/interfaces.d.ts
CHANGED
package/dist/cjs/session.d.ts
CHANGED
|
@@ -2,6 +2,14 @@ import { NextRequest, NextResponse } from 'next/server';
|
|
|
2
2
|
import { AuthkitMiddlewareAuth, NoUserInfo, Session, UserInfo } from './interfaces.js';
|
|
3
3
|
declare function encryptSession(session: Session): Promise<string>;
|
|
4
4
|
declare function updateSession(request: NextRequest, debug: boolean, middlewareAuth: AuthkitMiddlewareAuth): Promise<NextResponse<unknown>>;
|
|
5
|
+
declare function refreshSession(options?: {
|
|
6
|
+
organizationId?: string;
|
|
7
|
+
ensureSignedIn: false;
|
|
8
|
+
}): Promise<UserInfo | NoUserInfo>;
|
|
9
|
+
declare function refreshSession(options: {
|
|
10
|
+
organizationId?: string;
|
|
11
|
+
ensureSignedIn: true;
|
|
12
|
+
}): Promise<UserInfo>;
|
|
5
13
|
declare function getUser(options?: {
|
|
6
14
|
ensureSignedIn: false;
|
|
7
15
|
}): Promise<UserInfo | NoUserInfo>;
|
|
@@ -9,4 +17,4 @@ declare function getUser(options: {
|
|
|
9
17
|
ensureSignedIn: true;
|
|
10
18
|
}): Promise<UserInfo>;
|
|
11
19
|
declare function terminateSession(): Promise<void>;
|
|
12
|
-
export { encryptSession, getUser, terminateSession, updateSession };
|
|
20
|
+
export { encryptSession, getUser, refreshSession, terminateSession, updateSession };
|
package/dist/cjs/session.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.updateSession = exports.terminateSession = exports.getUser = exports.encryptSession = void 0;
|
|
3
|
+
exports.updateSession = exports.terminateSession = exports.refreshSession = exports.getUser = exports.encryptSession = void 0;
|
|
4
4
|
const navigation_1 = require("next/navigation");
|
|
5
5
|
const headers_1 = require("next/headers");
|
|
6
6
|
const server_1 = require("next/server");
|
|
@@ -70,10 +70,12 @@ async function updateSession(request, debug, middlewareAuth) {
|
|
|
70
70
|
try {
|
|
71
71
|
if (debug)
|
|
72
72
|
console.log('Session invalid. Attempting refresh', session.refreshToken);
|
|
73
|
+
const { org_id: organizationId } = (0, jose_1.decodeJwt)(session.accessToken);
|
|
73
74
|
// If the session is invalid (i.e. the access token has expired) attempt to re-authenticate with the refresh token
|
|
74
75
|
const { accessToken, refreshToken, user, impersonator } = await workos_js_1.workos.userManagement.authenticateWithRefreshToken({
|
|
75
76
|
clientId: env_variables_js_1.WORKOS_CLIENT_ID,
|
|
76
77
|
refreshToken: session.refreshToken,
|
|
78
|
+
organizationId,
|
|
77
79
|
});
|
|
78
80
|
if (debug)
|
|
79
81
|
console.log('Refresh successful:', refreshToken);
|
|
@@ -103,6 +105,40 @@ async function updateSession(request, debug, middlewareAuth) {
|
|
|
103
105
|
}
|
|
104
106
|
}
|
|
105
107
|
exports.updateSession = updateSession;
|
|
108
|
+
async function refreshSession({ organizationId: nextOrganizationId, ensureSignedIn = false, } = {}) {
|
|
109
|
+
const session = await getSessionFromCookie();
|
|
110
|
+
if (!session) {
|
|
111
|
+
if (ensureSignedIn) {
|
|
112
|
+
await redirectToSignIn();
|
|
113
|
+
}
|
|
114
|
+
return { user: null };
|
|
115
|
+
}
|
|
116
|
+
const { org_id: organizationIdFromAccessToken } = (0, jose_1.decodeJwt)(session.accessToken);
|
|
117
|
+
const { accessToken, refreshToken, user, impersonator } = await workos_js_1.workos.userManagement.authenticateWithRefreshToken({
|
|
118
|
+
clientId: env_variables_js_1.WORKOS_CLIENT_ID,
|
|
119
|
+
refreshToken: session.refreshToken,
|
|
120
|
+
organizationId: nextOrganizationId !== null && nextOrganizationId !== void 0 ? nextOrganizationId : organizationIdFromAccessToken,
|
|
121
|
+
});
|
|
122
|
+
// Encrypt session with new access and refresh tokens
|
|
123
|
+
const encryptedSession = await encryptSession({
|
|
124
|
+
accessToken,
|
|
125
|
+
refreshToken,
|
|
126
|
+
user,
|
|
127
|
+
impersonator,
|
|
128
|
+
});
|
|
129
|
+
(0, headers_1.cookies)().set(cookie_js_1.cookieName, encryptedSession, cookie_js_1.cookieOptions);
|
|
130
|
+
const { sid: sessionId, org_id: organizationId, role, permissions } = (0, jose_1.decodeJwt)(accessToken);
|
|
131
|
+
return {
|
|
132
|
+
sessionId,
|
|
133
|
+
user: session.user,
|
|
134
|
+
organizationId,
|
|
135
|
+
role,
|
|
136
|
+
permissions,
|
|
137
|
+
impersonator: session.impersonator,
|
|
138
|
+
accessToken: session.accessToken,
|
|
139
|
+
};
|
|
140
|
+
}
|
|
141
|
+
exports.refreshSession = refreshSession;
|
|
106
142
|
function getMiddlewareAuthPathRegex(pathGlob) {
|
|
107
143
|
let regex;
|
|
108
144
|
try {
|
|
@@ -118,13 +154,16 @@ function getMiddlewareAuthPathRegex(pathGlob) {
|
|
|
118
154
|
throw new Error(`Error parsing routes for middleware auth. Reason: ${message}`);
|
|
119
155
|
}
|
|
120
156
|
}
|
|
157
|
+
async function redirectToSignIn() {
|
|
158
|
+
const url = (0, headers_1.headers)().get('x-url');
|
|
159
|
+
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
160
|
+
(0, navigation_1.redirect)(await (0, get_authorization_url_js_1.getAuthorizationUrl)({ returnPathname }));
|
|
161
|
+
}
|
|
121
162
|
async function getUser({ ensureSignedIn = false } = {}) {
|
|
122
163
|
const session = await getSessionFromHeader('getUser');
|
|
123
164
|
if (!session) {
|
|
124
165
|
if (ensureSignedIn) {
|
|
125
|
-
|
|
126
|
-
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
127
|
-
(0, navigation_1.redirect)(await (0, get_authorization_url_js_1.getAuthorizationUrl)({ returnPathname }));
|
|
166
|
+
await redirectToSignIn();
|
|
128
167
|
}
|
|
129
168
|
return { user: null };
|
|
130
169
|
}
|
package/dist/cjs/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":";;;AAAA,gDAA2C;AAC3C,0CAAgD;AAChD,wCAAwD;AACxD,+BAAgE;AAChE,+CAAoD;AACpD,2CAAwD;AACxD,2CAAqC;AACrC,yDAAmG;AACnG,yEAAiE;AAGjE,mDAAuD;AAEvD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AAEnD,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,kBAAM,CAAC,cAAc,CAAC,UAAU,CAAC,mCAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,IAAA,uBAAQ,EAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":";;;AAAA,gDAA2C;AAC3C,0CAAgD;AAChD,wCAAwD;AACxD,+BAAgE;AAChE,+CAAoD;AACpD,2CAAwD;AACxD,2CAAqC;AACrC,yDAAmG;AACnG,yEAAiE;AAGjE,mDAAuD;AAEvD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AAEnD,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,kBAAM,CAAC,cAAc,CAAC,UAAU,CAAC,mCAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,IAAA,uBAAQ,EAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;AA2PQ,wCAAc;AAzPvB,KAAK,UAAU,aAAa,CAAC,OAAoB,EAAE,KAAc,EAAE,cAAqC;IACtG,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,sCAAmB,CAAC,CAAC;IAEzC,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACpE,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QAE1F,OAAO,qBAAY,CAAC,QAAQ,CAAC,MAAM,IAAA,8CAAmB,EAAC,EAAE,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9G,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,qBAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3C,wEAAwE;QACxE,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAC3E,OAAO,qBAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC;QACH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAEpF,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,IAAA,gBAAS,EAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE/E,kHAAkH;QAClH,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;YACjH,QAAQ,EAAE,mCAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc;SACf,CAAC,CAAC;QAEH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;QAE5D,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,oBAAoB;QACpB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAU,EAAE,gBAAgB,EAAE,yBAAa,CAAC,CAAC;QAClE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qDAAqD,EAAE,CAAC,CAAC,CAAC;QACjF,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAU,CAAC,CAAC;QACpC,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAqJmE,sCAAa;AA9IjF,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,IAAA,gBAAS,EAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;QACjH,QAAQ,EAAE,mCAAgB;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;KACpE,CAAC,CAAC;IAEH,qDAAqD;IACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;QAC5C,WAAW;QACX,YAAY;QACZ,IAAI;QACJ,YAAY;KACb,CAAC,CAAC;IAEH,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,EAAE,gBAAgB,EAAE,yBAAa,CAAC,CAAC;IAE3D,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,gBAAS,EAAc,WAAW,CAAC,CAAC;IAE1G,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAkGiC,wCAAc;AAhGhD,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,KAAa,CAAC;IAElB,IAAI,CAAC;QACH,iDAAiD;QACjD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,sCAAmB,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,IAAA,sBAAK,EAAC,IAAI,CAAC,CAAC;QAC3B,KAAK,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAEtC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;IAC7B,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,cAAc,GAAG,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAChE,IAAA,qBAAQ,EAAC,MAAM,IAAA,8CAAmB,EAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AAID,KAAK,UAAU,OAAO,CAAC,EAAE,cAAc,GAAG,KAAK,EAAE,GAAG,EAAE;IACpD,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,gBAAS,EAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAElH,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAiDwB,0BAAO;AA/ChC,KAAK,UAAU,gBAAgB;IAC7B,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,OAAO,EAAE,CAAC;IACtC,IAAI,SAAS,EAAE,CAAC;QACd,IAAA,qBAAQ,EAAC,kBAAM,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAA,qBAAQ,EAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAyCiD,4CAAgB;AAvClE,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,IAAA,gBAAS,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,MAAM,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,CAAC,CAAC;IACzC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,IAAA,yBAAU,EAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,yCAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,MAAc;IAChD,MAAM,aAAa,GAAG,OAAO,CAAC,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAEnE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,qBAAqB,MAAM,qHAAqH,MAAM,uEAAuE,CAC9N,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,IAAA,yBAAU,EAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC"}
|
package/dist/cjs/workos.d.ts
CHANGED
package/dist/cjs/workos.js
CHANGED
|
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.workos = exports.VERSION = void 0;
|
|
4
4
|
const node_1 = require("@workos-inc/node");
|
|
5
5
|
const env_variables_js_1 = require("./env-variables.js");
|
|
6
|
-
exports.VERSION = '0.
|
|
6
|
+
exports.VERSION = '0.9.0';
|
|
7
7
|
const options = {
|
|
8
8
|
apiHostname: env_variables_js_1.WORKOS_API_HOSTNAME,
|
|
9
9
|
https: env_variables_js_1.WORKOS_API_HTTPS ? env_variables_js_1.WORKOS_API_HTTPS === 'true' : true,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@workos-inc/authkit-nextjs",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.9.0",
|
|
4
4
|
"description": "Authentication and session helpers for using WorkOS & AuthKit with Next.js",
|
|
5
5
|
"sideEffects": false,
|
|
6
6
|
"type": "commonjs",
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
"test": "echo \"Error: no test specified\" && exit 1"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@workos-inc/node": "
|
|
24
|
+
"@workos-inc/node": "7.21.0",
|
|
25
25
|
"iron-session": "^8.0.1",
|
|
26
26
|
"jose": "^5.2.3",
|
|
27
27
|
"path-to-regexp": "^6.2.2"
|
|
@@ -39,6 +39,7 @@
|
|
|
39
39
|
"eslint-config-prettier": "^9.1.0",
|
|
40
40
|
"eslint-plugin-require-extensions": "^0.1.3",
|
|
41
41
|
"next": "^14.1.3",
|
|
42
|
+
"prettier": "^3.3.3",
|
|
42
43
|
"typescript": "5.4.2",
|
|
43
44
|
"typescript-eslint": "^7.2.0"
|
|
44
45
|
},
|
package/src/auth.ts
CHANGED
|
@@ -3,8 +3,8 @@ import { cookies } from 'next/headers';
|
|
|
3
3
|
import { cookieName } from './cookie.js';
|
|
4
4
|
import { terminateSession } from './session.js';
|
|
5
5
|
|
|
6
|
-
async function getSignInUrl() {
|
|
7
|
-
return getAuthorizationUrl({ screenHint: 'sign-in' });
|
|
6
|
+
async function getSignInUrl({ organizationId }: { organizationId?: string } = {}) {
|
|
7
|
+
return getAuthorizationUrl({ organizationId, screenHint: 'sign-in' });
|
|
8
8
|
}
|
|
9
9
|
|
|
10
10
|
async function getSignUpUrl() {
|
package/src/cookie.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE } from './env-variables.js';
|
|
1
|
+
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
|
|
2
2
|
|
|
3
3
|
const redirectUrl = new URL(WORKOS_REDIRECT_URI);
|
|
4
4
|
const isSecureProtocol = redirectUrl.protocol === 'https:';
|
|
@@ -13,6 +13,7 @@ const cookieOptions = {
|
|
|
13
13
|
// It's fine to have a long cookie expiry date as the access/refresh tokens
|
|
14
14
|
// act as the actual time-limited aspects of the session.
|
|
15
15
|
maxAge: WORKOS_COOKIE_MAX_AGE ? parseInt(WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400,
|
|
16
|
+
domain: WORKOS_COOKIE_DOMAIN,
|
|
16
17
|
};
|
|
17
18
|
|
|
18
19
|
export { cookieName, cookieOptions };
|
package/src/env-variables.ts
CHANGED
|
@@ -17,6 +17,7 @@ const WORKOS_COOKIE_PASSWORD = getEnvVariable('WORKOS_COOKIE_PASSWORD');
|
|
|
17
17
|
const WORKOS_API_HOSTNAME = getOptionalEnvVariable('WORKOS_API_HOSTNAME');
|
|
18
18
|
const WORKOS_API_HTTPS = getOptionalEnvVariable('WORKOS_API_HTTPS');
|
|
19
19
|
const WORKOS_API_PORT = getOptionalEnvVariable('WORKOS_API_PORT');
|
|
20
|
+
const WORKOS_COOKIE_DOMAIN = getOptionalEnvVariable('WORKOS_COOKIE_DOMAIN');
|
|
20
21
|
const WORKOS_COOKIE_MAX_AGE = getOptionalEnvVariable('WORKOS_COOKIE_MAX_AGE');
|
|
21
22
|
|
|
22
23
|
if (WORKOS_COOKIE_PASSWORD.length < 32) {
|
|
@@ -31,5 +32,6 @@ export {
|
|
|
31
32
|
WORKOS_API_HOSTNAME,
|
|
32
33
|
WORKOS_API_HTTPS,
|
|
33
34
|
WORKOS_API_PORT,
|
|
35
|
+
WORKOS_COOKIE_DOMAIN,
|
|
34
36
|
WORKOS_COOKIE_MAX_AGE,
|
|
35
37
|
};
|
|
@@ -3,7 +3,7 @@ import { WORKOS_CLIENT_ID, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
|
3
3
|
import { GetAuthURLOptions } from './interfaces.js';
|
|
4
4
|
|
|
5
5
|
async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
6
|
-
const { returnPathname, screenHint } = options;
|
|
6
|
+
const { returnPathname, screenHint, organizationId } = options;
|
|
7
7
|
|
|
8
8
|
return workos.userManagement.getAuthorizationUrl({
|
|
9
9
|
provider: 'authkit',
|
|
@@ -11,6 +11,7 @@ async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
|
11
11
|
redirectUri: WORKOS_REDIRECT_URI,
|
|
12
12
|
state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
|
|
13
13
|
screenHint,
|
|
14
|
+
organizationId,
|
|
14
15
|
});
|
|
15
16
|
}
|
|
16
17
|
|
package/src/index.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { handleAuth } from './authkit-callback-route.js';
|
|
2
2
|
import { authkitMiddleware } from './middleware.js';
|
|
3
|
-
import { getUser } from './session.js';
|
|
3
|
+
import { getUser, refreshSession } from './session.js';
|
|
4
4
|
import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
|
|
5
5
|
import { Impersonation } from './impersonation.js';
|
|
6
6
|
|
|
@@ -12,6 +12,7 @@ export {
|
|
|
12
12
|
getSignInUrl,
|
|
13
13
|
getSignUpUrl,
|
|
14
14
|
getUser,
|
|
15
|
+
refreshSession,
|
|
15
16
|
signOut,
|
|
16
17
|
//
|
|
17
18
|
Impersonation,
|
package/src/interfaces.ts
CHANGED
package/src/session.ts
CHANGED
|
@@ -85,10 +85,13 @@ async function updateSession(request: NextRequest, debug: boolean, middlewareAut
|
|
|
85
85
|
try {
|
|
86
86
|
if (debug) console.log('Session invalid. Attempting refresh', session.refreshToken);
|
|
87
87
|
|
|
88
|
+
const { org_id: organizationId } = decodeJwt<AccessToken>(session.accessToken);
|
|
89
|
+
|
|
88
90
|
// If the session is invalid (i.e. the access token has expired) attempt to re-authenticate with the refresh token
|
|
89
91
|
const { accessToken, refreshToken, user, impersonator } = await workos.userManagement.authenticateWithRefreshToken({
|
|
90
92
|
clientId: WORKOS_CLIENT_ID,
|
|
91
93
|
refreshToken: session.refreshToken,
|
|
94
|
+
organizationId,
|
|
92
95
|
});
|
|
93
96
|
|
|
94
97
|
if (debug) console.log('Refresh successful:', refreshToken);
|
|
@@ -119,6 +122,57 @@ async function updateSession(request: NextRequest, debug: boolean, middlewareAut
|
|
|
119
122
|
}
|
|
120
123
|
}
|
|
121
124
|
|
|
125
|
+
async function refreshSession(options?: {
|
|
126
|
+
organizationId?: string;
|
|
127
|
+
ensureSignedIn: false;
|
|
128
|
+
}): Promise<UserInfo | NoUserInfo>;
|
|
129
|
+
async function refreshSession(options: { organizationId?: string; ensureSignedIn: true }): Promise<UserInfo>;
|
|
130
|
+
async function refreshSession({
|
|
131
|
+
organizationId: nextOrganizationId,
|
|
132
|
+
ensureSignedIn = false,
|
|
133
|
+
}: {
|
|
134
|
+
organizationId?: string;
|
|
135
|
+
ensureSignedIn?: boolean;
|
|
136
|
+
} = {}) {
|
|
137
|
+
const session = await getSessionFromCookie();
|
|
138
|
+
if (!session) {
|
|
139
|
+
if (ensureSignedIn) {
|
|
140
|
+
await redirectToSignIn();
|
|
141
|
+
}
|
|
142
|
+
return { user: null };
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(session.accessToken);
|
|
146
|
+
|
|
147
|
+
const { accessToken, refreshToken, user, impersonator } = await workos.userManagement.authenticateWithRefreshToken({
|
|
148
|
+
clientId: WORKOS_CLIENT_ID,
|
|
149
|
+
refreshToken: session.refreshToken,
|
|
150
|
+
organizationId: nextOrganizationId ?? organizationIdFromAccessToken,
|
|
151
|
+
});
|
|
152
|
+
|
|
153
|
+
// Encrypt session with new access and refresh tokens
|
|
154
|
+
const encryptedSession = await encryptSession({
|
|
155
|
+
accessToken,
|
|
156
|
+
refreshToken,
|
|
157
|
+
user,
|
|
158
|
+
impersonator,
|
|
159
|
+
});
|
|
160
|
+
|
|
161
|
+
cookies().set(cookieName, encryptedSession, cookieOptions);
|
|
162
|
+
|
|
163
|
+
const { sid: sessionId, org_id: organizationId, role, permissions } = decodeJwt<AccessToken>(accessToken);
|
|
164
|
+
|
|
165
|
+
return {
|
|
166
|
+
sessionId,
|
|
167
|
+
user: session.user,
|
|
168
|
+
organizationId,
|
|
169
|
+
role,
|
|
170
|
+
permissions,
|
|
171
|
+
impersonator: session.impersonator,
|
|
172
|
+
accessToken: session.accessToken,
|
|
173
|
+
};
|
|
174
|
+
}
|
|
175
|
+
|
|
122
176
|
function getMiddlewareAuthPathRegex(pathGlob: string) {
|
|
123
177
|
let regex: string;
|
|
124
178
|
|
|
@@ -138,17 +192,19 @@ function getMiddlewareAuthPathRegex(pathGlob: string) {
|
|
|
138
192
|
}
|
|
139
193
|
}
|
|
140
194
|
|
|
141
|
-
async function
|
|
195
|
+
async function redirectToSignIn() {
|
|
196
|
+
const url = headers().get('x-url');
|
|
197
|
+
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
198
|
+
redirect(await getAuthorizationUrl({ returnPathname }));
|
|
199
|
+
}
|
|
142
200
|
|
|
201
|
+
async function getUser(options?: { ensureSignedIn: false }): Promise<UserInfo | NoUserInfo>;
|
|
143
202
|
async function getUser(options: { ensureSignedIn: true }): Promise<UserInfo>;
|
|
144
|
-
|
|
145
203
|
async function getUser({ ensureSignedIn = false } = {}) {
|
|
146
204
|
const session = await getSessionFromHeader('getUser');
|
|
147
205
|
if (!session) {
|
|
148
206
|
if (ensureSignedIn) {
|
|
149
|
-
|
|
150
|
-
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
151
|
-
redirect(await getAuthorizationUrl({ returnPathname }));
|
|
207
|
+
await redirectToSignIn();
|
|
152
208
|
}
|
|
153
209
|
return { user: null };
|
|
154
210
|
}
|
|
@@ -213,4 +269,4 @@ function getReturnPathname(url: string): string {
|
|
|
213
269
|
return `${newUrl.pathname}${newUrl.searchParams.size > 0 ? '?' + newUrl.searchParams.toString() : ''}`;
|
|
214
270
|
}
|
|
215
271
|
|
|
216
|
-
export { encryptSession, getUser, terminateSession, updateSession };
|
|
272
|
+
export { encryptSession, getUser, refreshSession, terminateSession, updateSession };
|
package/src/workos.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
|
|
4
|
-
export const VERSION = '0.
|
|
4
|
+
export const VERSION = '0.9.0';
|
|
5
5
|
|
|
6
6
|
const options = {
|
|
7
7
|
apiHostname: WORKOS_API_HOSTNAME,
|