@workos-inc/authkit-nextjs 0.8.2 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +28 -0
- package/dist/cjs/actions.d.ts +6 -0
- package/dist/cjs/actions.js +14 -0
- package/dist/cjs/actions.js.map +1 -0
- package/dist/cjs/auth.d.ts +3 -1
- package/dist/cjs/auth.js +2 -2
- package/dist/cjs/auth.js.map +1 -1
- package/dist/cjs/cookie.d.ts +1 -0
- package/dist/cjs/cookie.js +1 -0
- package/dist/cjs/cookie.js.map +1 -1
- package/dist/cjs/env-variables.d.ts +2 -1
- package/dist/cjs/env-variables.js +3 -1
- package/dist/cjs/env-variables.js.map +1 -1
- package/dist/cjs/get-authorization-url.js +2 -1
- package/dist/cjs/get-authorization-url.js.map +1 -1
- package/dist/cjs/index.d.ts +3 -2
- package/dist/cjs/index.js +4 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/interfaces.d.ts +1 -0
- package/dist/cjs/provider.d.ts +11 -0
- package/dist/cjs/provider.js +53 -0
- package/dist/cjs/provider.js.map +1 -0
- package/dist/cjs/session.d.ts +9 -1
- package/dist/cjs/session.js +43 -4
- package/dist/cjs/session.js.map +1 -1
- package/dist/cjs/workos.d.ts +1 -1
- package/dist/cjs/workos.js +1 -1
- package/dist/cjs/workos.js.map +1 -1
- package/package.json +4 -3
- package/src/actions.ts +10 -0
- package/src/auth.ts +2 -2
- package/src/cookie.ts +2 -1
- package/src/env-variables.ts +2 -0
- package/src/get-authorization-url.ts +2 -1
- package/src/index.ts +4 -1
- package/src/interfaces.ts +1 -0
- package/src/provider.tsx +62 -0
- package/src/session.ts +62 -6
- package/src/workos.ts +1 -1
package/README.md
CHANGED
|
@@ -52,6 +52,10 @@ WORKOS_API_HTTPS=true # whether to use HTTPS in API calls
|
|
|
52
52
|
WORKOS_API_PORT=3000 # port to use for API calls
|
|
53
53
|
```
|
|
54
54
|
|
|
55
|
+
`WORKOS_COOKIE_DOMAIN` can be used to share WorkOS sessions between apps/domains.
|
|
56
|
+
Note: The `WORKOS_COOKIE_PASSWORD` would need to be the same across apps/domains.
|
|
57
|
+
Not needed for most use cases.
|
|
58
|
+
|
|
55
59
|
## Setup
|
|
56
60
|
|
|
57
61
|
### Callback route
|
|
@@ -88,6 +92,24 @@ export const config = { matcher: ['/', '/admin'] };
|
|
|
88
92
|
|
|
89
93
|
## Usage
|
|
90
94
|
|
|
95
|
+
### Wrap your app in `AuthKitProvider`
|
|
96
|
+
|
|
97
|
+
Use `AuthKitProvider` to wrap your app layout, which adds some protections for auth edge cases.
|
|
98
|
+
|
|
99
|
+
```jsx
|
|
100
|
+
import { AuthKitProvider } from '@workos-inc/authkit-nextjs';
|
|
101
|
+
|
|
102
|
+
export default function RootLayout({ children }: { children: React.ReactNode }) {
|
|
103
|
+
return (
|
|
104
|
+
<html lang="en">
|
|
105
|
+
<body>
|
|
106
|
+
<AuthKitProvider>{children}</AuthKitProvider>
|
|
107
|
+
</body>
|
|
108
|
+
</html>
|
|
109
|
+
);
|
|
110
|
+
}
|
|
111
|
+
```
|
|
112
|
+
|
|
91
113
|
### Get the current user
|
|
92
114
|
|
|
93
115
|
For pages where you want to display a signed-in and signed-out view, use `getUser` to retrieve the user profile from WorkOS.
|
|
@@ -208,6 +230,12 @@ export default async function HomePage() {
|
|
|
208
230
|
}
|
|
209
231
|
```
|
|
210
232
|
|
|
233
|
+
### Refreshing the session
|
|
234
|
+
|
|
235
|
+
Use the `refreshSession` method in a server action or route handler to fetch the latest session details, including any changes to the user's roles or permissions.
|
|
236
|
+
|
|
237
|
+
The `organizationId` parameter can be passed to `refreshSession` in order to switch the session to a different organization. If the current session is not authorized for the next organization, an appropriate [authentication error](https://workos.com/docs/reference/user-management/authentication-errors) will be returned.
|
|
238
|
+
|
|
211
239
|
### Debugging
|
|
212
240
|
|
|
213
241
|
To enable debug logs, initialize the middleware with the debug flag enabled.
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
'use server';
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.checkSessionAction = void 0;
|
|
5
|
+
/**
|
|
6
|
+
* This action is only accessible to authenticated users,
|
|
7
|
+
* there is no need to check the session here as the middleware will
|
|
8
|
+
* be responsible for that.
|
|
9
|
+
*/
|
|
10
|
+
const checkSessionAction = async () => {
|
|
11
|
+
return true;
|
|
12
|
+
};
|
|
13
|
+
exports.checkSessionAction = checkSessionAction;
|
|
14
|
+
//# sourceMappingURL=actions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"actions.js","sourceRoot":"","sources":["../../src/actions.ts"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;AAEb;;;;GAIG;AACI,MAAM,kBAAkB,GAAG,KAAK,IAAI,EAAE;IAC3C,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAFW,QAAA,kBAAkB,sBAE7B"}
|
package/dist/cjs/auth.d.ts
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
declare function getSignInUrl(
|
|
1
|
+
declare function getSignInUrl({ organizationId }?: {
|
|
2
|
+
organizationId?: string;
|
|
3
|
+
}): Promise<string>;
|
|
2
4
|
declare function getSignUpUrl(): Promise<string>;
|
|
3
5
|
declare function signOut(): Promise<void>;
|
|
4
6
|
export { getSignInUrl, getSignUpUrl, signOut };
|
package/dist/cjs/auth.js
CHANGED
|
@@ -5,8 +5,8 @@ const get_authorization_url_js_1 = require("./get-authorization-url.js");
|
|
|
5
5
|
const headers_1 = require("next/headers");
|
|
6
6
|
const cookie_js_1 = require("./cookie.js");
|
|
7
7
|
const session_js_1 = require("./session.js");
|
|
8
|
-
async function getSignInUrl() {
|
|
9
|
-
return (0, get_authorization_url_js_1.getAuthorizationUrl)({ screenHint: 'sign-in' });
|
|
8
|
+
async function getSignInUrl({ organizationId } = {}) {
|
|
9
|
+
return (0, get_authorization_url_js_1.getAuthorizationUrl)({ organizationId, screenHint: 'sign-in' });
|
|
10
10
|
}
|
|
11
11
|
exports.getSignInUrl = getSignInUrl;
|
|
12
12
|
async function getSignUpUrl() {
|
package/dist/cjs/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":";;;AAAA,yEAAiE;AACjE,0CAAuC;AACvC,2CAAyC;AACzC,6CAAgD;AAEhD,KAAK,UAAU,YAAY;
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":";;;AAAA,yEAAiE;AACjE,0CAAuC;AACvC,2CAAyC;AACzC,6CAAgD;AAEhD,KAAK,UAAU,YAAY,CAAC,EAAE,cAAc,KAAkC,EAAE;IAC9E,OAAO,IAAA,8CAAmB,EAAC,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;AACxE,CAAC;AAWQ,oCAAY;AATrB,KAAK,UAAU,YAAY;IACzB,OAAO,IAAA,8CAAmB,EAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;AACxD,CAAC;AAOsB,oCAAY;AALnC,KAAK,UAAU,OAAO;IACpB,IAAA,iBAAO,GAAE,CAAC,MAAM,CAAC,sBAAU,CAAC,CAAC;IAC7B,MAAM,IAAA,6BAAgB,GAAE,CAAC;AAC3B,CAAC;AAEoC,0BAAO"}
|
package/dist/cjs/cookie.d.ts
CHANGED
package/dist/cjs/cookie.js
CHANGED
|
@@ -15,6 +15,7 @@ const cookieOptions = {
|
|
|
15
15
|
// It's fine to have a long cookie expiry date as the access/refresh tokens
|
|
16
16
|
// act as the actual time-limited aspects of the session.
|
|
17
17
|
maxAge: env_variables_js_1.WORKOS_COOKIE_MAX_AGE ? parseInt(env_variables_js_1.WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400,
|
|
18
|
+
domain: env_variables_js_1.WORKOS_COOKIE_DOMAIN,
|
|
18
19
|
};
|
|
19
20
|
exports.cookieOptions = cookieOptions;
|
|
20
21
|
//# sourceMappingURL=cookie.js.map
|
package/dist/cjs/cookie.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":";;;AAAA,yDAAsG;AAEtG,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,sCAAmB,CAAC,CAAC;AACjD,MAAM,gBAAgB,GAAG,WAAW,CAAC,QAAQ,KAAK,QAAQ,CAAC;AAE3D,MAAM,UAAU,GAAG,aAAa,CAAC;AAaxB,gCAAU;AAZnB,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,GAAG;IACT,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,gBAAgB;IACxB,QAAQ,EAAE,KAAc;IACxB,sDAAsD;IACtD,2EAA2E;IAC3E,yDAAyD;IACzD,MAAM,EAAE,wCAAqB,CAAC,CAAC,CAAC,QAAQ,CAAC,wCAAqB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG;IACxF,MAAM,EAAE,uCAAoB;CAC7B,CAAC;AAEmB,sCAAa"}
|
|
@@ -5,5 +5,6 @@ declare const WORKOS_COOKIE_PASSWORD: string;
|
|
|
5
5
|
declare const WORKOS_API_HOSTNAME: string | undefined;
|
|
6
6
|
declare const WORKOS_API_HTTPS: string | undefined;
|
|
7
7
|
declare const WORKOS_API_PORT: string | undefined;
|
|
8
|
+
declare const WORKOS_COOKIE_DOMAIN: string | undefined;
|
|
8
9
|
declare const WORKOS_COOKIE_MAX_AGE: string | undefined;
|
|
9
|
-
export { WORKOS_CLIENT_ID, WORKOS_API_KEY, WORKOS_REDIRECT_URI, WORKOS_COOKIE_PASSWORD, WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_PORT, WORKOS_COOKIE_MAX_AGE, };
|
|
10
|
+
export { WORKOS_CLIENT_ID, WORKOS_API_KEY, WORKOS_REDIRECT_URI, WORKOS_COOKIE_PASSWORD, WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_PORT, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, };
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.WORKOS_COOKIE_MAX_AGE = exports.WORKOS_API_PORT = exports.WORKOS_API_HTTPS = exports.WORKOS_API_HOSTNAME = exports.WORKOS_COOKIE_PASSWORD = exports.WORKOS_REDIRECT_URI = exports.WORKOS_API_KEY = exports.WORKOS_CLIENT_ID = void 0;
|
|
3
|
+
exports.WORKOS_COOKIE_MAX_AGE = exports.WORKOS_COOKIE_DOMAIN = exports.WORKOS_API_PORT = exports.WORKOS_API_HTTPS = exports.WORKOS_API_HOSTNAME = exports.WORKOS_COOKIE_PASSWORD = exports.WORKOS_REDIRECT_URI = exports.WORKOS_API_KEY = exports.WORKOS_CLIENT_ID = void 0;
|
|
4
4
|
function getEnvVariable(name) {
|
|
5
5
|
const envVariable = process.env[name];
|
|
6
6
|
if (!envVariable) {
|
|
@@ -25,6 +25,8 @@ const WORKOS_API_HTTPS = getOptionalEnvVariable('WORKOS_API_HTTPS');
|
|
|
25
25
|
exports.WORKOS_API_HTTPS = WORKOS_API_HTTPS;
|
|
26
26
|
const WORKOS_API_PORT = getOptionalEnvVariable('WORKOS_API_PORT');
|
|
27
27
|
exports.WORKOS_API_PORT = WORKOS_API_PORT;
|
|
28
|
+
const WORKOS_COOKIE_DOMAIN = getOptionalEnvVariable('WORKOS_COOKIE_DOMAIN');
|
|
29
|
+
exports.WORKOS_COOKIE_DOMAIN = WORKOS_COOKIE_DOMAIN;
|
|
28
30
|
const WORKOS_COOKIE_MAX_AGE = getOptionalEnvVariable('WORKOS_COOKIE_MAX_AGE');
|
|
29
31
|
exports.WORKOS_COOKIE_MAX_AGE = WORKOS_COOKIE_MAX_AGE;
|
|
30
32
|
if (WORKOS_COOKIE_PASSWORD.length < 32) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":";;;AAAA,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,kCAAkC,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":";;;AAAA,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,kCAAkC,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;AAe1D,4CAAgB;AAdlB,MAAM,cAAc,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;AAetD,wCAAc;AAdhB,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAehE,kDAAmB;AAdrB,MAAM,sBAAsB,GAAG,cAAc,CAAC,wBAAwB,CAAC,CAAC;AAetE,wDAAsB;AAdxB,MAAM,mBAAmB,GAAG,sBAAsB,CAAC,qBAAqB,CAAC,CAAC;AAexE,kDAAmB;AAdrB,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,kBAAkB,CAAC,CAAC;AAelE,4CAAgB;AAdlB,MAAM,eAAe,GAAG,sBAAsB,CAAC,iBAAiB,CAAC,CAAC;AAehE,0CAAe;AAdjB,MAAM,oBAAoB,GAAG,sBAAsB,CAAC,sBAAsB,CAAC,CAAC;AAe1E,oDAAoB;AAdtB,MAAM,qBAAqB,GAAG,sBAAsB,CAAC,uBAAuB,CAAC,CAAC;AAe5E,sDAAqB;AAbvB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;IACvC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;AAChF,CAAC"}
|
|
@@ -4,13 +4,14 @@ exports.getAuthorizationUrl = void 0;
|
|
|
4
4
|
const workos_js_1 = require("./workos.js");
|
|
5
5
|
const env_variables_js_1 = require("./env-variables.js");
|
|
6
6
|
async function getAuthorizationUrl(options = {}) {
|
|
7
|
-
const { returnPathname, screenHint } = options;
|
|
7
|
+
const { returnPathname, screenHint, organizationId } = options;
|
|
8
8
|
return workos_js_1.workos.userManagement.getAuthorizationUrl({
|
|
9
9
|
provider: 'authkit',
|
|
10
10
|
clientId: env_variables_js_1.WORKOS_CLIENT_ID,
|
|
11
11
|
redirectUri: env_variables_js_1.WORKOS_REDIRECT_URI,
|
|
12
12
|
state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
|
|
13
13
|
screenHint,
|
|
14
|
+
organizationId,
|
|
14
15
|
});
|
|
15
16
|
}
|
|
16
17
|
exports.getAuthorizationUrl = getAuthorizationUrl;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":";;;AAAA,2CAAqC;AACrC,yDAA2E;AAG3E,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAE/
|
|
1
|
+
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":";;;AAAA,2CAAqC;AACrC,yDAA2E;AAG3E,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;IAE/D,OAAO,kBAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC;QAC/C,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,mCAAgB;QAC1B,WAAW,EAAE,sCAAmB;QAChC,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;QAC5E,UAAU;QACV,cAAc;KACf,CAAC,CAAC;AACL,CAAC;AAEQ,kDAAmB"}
|
package/dist/cjs/index.d.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { handleAuth } from './authkit-callback-route.js';
|
|
2
2
|
import { authkitMiddleware } from './middleware.js';
|
|
3
|
-
import { getUser } from './session.js';
|
|
3
|
+
import { getUser, refreshSession } from './session.js';
|
|
4
4
|
import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
|
|
5
5
|
import { Impersonation } from './impersonation.js';
|
|
6
|
-
|
|
6
|
+
import { AuthKitProvider } from './provider.js';
|
|
7
|
+
export { handleAuth, authkitMiddleware, getSignInUrl, getSignUpUrl, getUser, refreshSession, signOut, Impersonation, AuthKitProvider, };
|
package/dist/cjs/index.js
CHANGED
|
@@ -1,16 +1,19 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.Impersonation = exports.signOut = exports.getUser = exports.getSignUpUrl = exports.getSignInUrl = exports.authkitMiddleware = exports.handleAuth = void 0;
|
|
3
|
+
exports.AuthKitProvider = exports.Impersonation = exports.signOut = exports.refreshSession = exports.getUser = exports.getSignUpUrl = exports.getSignInUrl = exports.authkitMiddleware = exports.handleAuth = void 0;
|
|
4
4
|
const authkit_callback_route_js_1 = require("./authkit-callback-route.js");
|
|
5
5
|
Object.defineProperty(exports, "handleAuth", { enumerable: true, get: function () { return authkit_callback_route_js_1.handleAuth; } });
|
|
6
6
|
const middleware_js_1 = require("./middleware.js");
|
|
7
7
|
Object.defineProperty(exports, "authkitMiddleware", { enumerable: true, get: function () { return middleware_js_1.authkitMiddleware; } });
|
|
8
8
|
const session_js_1 = require("./session.js");
|
|
9
9
|
Object.defineProperty(exports, "getUser", { enumerable: true, get: function () { return session_js_1.getUser; } });
|
|
10
|
+
Object.defineProperty(exports, "refreshSession", { enumerable: true, get: function () { return session_js_1.refreshSession; } });
|
|
10
11
|
const auth_js_1 = require("./auth.js");
|
|
11
12
|
Object.defineProperty(exports, "getSignInUrl", { enumerable: true, get: function () { return auth_js_1.getSignInUrl; } });
|
|
12
13
|
Object.defineProperty(exports, "getSignUpUrl", { enumerable: true, get: function () { return auth_js_1.getSignUpUrl; } });
|
|
13
14
|
Object.defineProperty(exports, "signOut", { enumerable: true, get: function () { return auth_js_1.signOut; } });
|
|
14
15
|
const impersonation_js_1 = require("./impersonation.js");
|
|
15
16
|
Object.defineProperty(exports, "Impersonation", { enumerable: true, get: function () { return impersonation_js_1.Impersonation; } });
|
|
17
|
+
const provider_js_1 = require("./provider.js");
|
|
18
|
+
Object.defineProperty(exports, "AuthKitProvider", { enumerable: true, get: function () { return provider_js_1.AuthKitProvider; } });
|
|
16
19
|
//# sourceMappingURL=index.js.map
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,2EAAyD;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,2EAAyD;AAQvD,2FARO,sCAAU,OAQP;AAPZ,mDAAoD;AASlD,kGATO,iCAAiB,OASP;AARnB,6CAAuD;AAYrD,wFAZO,oBAAO,OAYP;AACP,+FAbgB,2BAAc,OAahB;AAZhB,uCAAgE;AAS9D,6FATO,sBAAY,OASP;AACZ,6FAVqB,sBAAY,OAUrB;AAGZ,wFAbmC,iBAAO,OAanC;AAZT,yDAAmD;AAcjD,8FAdO,gCAAa,OAcP;AAbf,+CAAgD;AAc9C,gGAdO,6BAAe,OAcP"}
|
package/dist/cjs/interfaces.d.ts
CHANGED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import * as React from 'react';
|
|
2
|
+
interface AuthKitProviderProps {
|
|
3
|
+
children: React.ReactNode;
|
|
4
|
+
/**
|
|
5
|
+
* Customize what happens when a session is expired. By default,the entire page will be reloaded.
|
|
6
|
+
* You can also pass this as `false` to disable the expired session checks.
|
|
7
|
+
*/
|
|
8
|
+
onSessionExpired?: false | (() => void);
|
|
9
|
+
}
|
|
10
|
+
export declare const AuthKitProvider: ({ children, onSessionExpired }: AuthKitProviderProps) => React.JSX.Element;
|
|
11
|
+
export {};
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
'use client';
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.AuthKitProvider = void 0;
|
|
5
|
+
const tslib_1 = require("tslib");
|
|
6
|
+
const React = tslib_1.__importStar(require("react"));
|
|
7
|
+
const actions_js_1 = require("./actions.js");
|
|
8
|
+
const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
9
|
+
React.useEffect(() => {
|
|
10
|
+
// Return early if the session expired checks are disabled.
|
|
11
|
+
if (onSessionExpired === false) {
|
|
12
|
+
return;
|
|
13
|
+
}
|
|
14
|
+
let visibilityChangedCalled = false;
|
|
15
|
+
const handleVisibilityChange = async () => {
|
|
16
|
+
if (visibilityChangedCalled) {
|
|
17
|
+
return;
|
|
18
|
+
}
|
|
19
|
+
// In the case where we're using middleware auth mode, a user that has signed out in a different tab
|
|
20
|
+
// will run into an issue if they attempt to hit a server action in the original tab.
|
|
21
|
+
// This will force a refresh of the page in that case, which will redirect them to the sign-in page.
|
|
22
|
+
if (document.visibilityState === 'visible') {
|
|
23
|
+
visibilityChangedCalled = true;
|
|
24
|
+
try {
|
|
25
|
+
const hasSession = await (0, actions_js_1.checkSessionAction)();
|
|
26
|
+
if (!hasSession) {
|
|
27
|
+
throw new Error('Session expired');
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
catch (error) {
|
|
31
|
+
if (onSessionExpired) {
|
|
32
|
+
onSessionExpired();
|
|
33
|
+
}
|
|
34
|
+
else {
|
|
35
|
+
window.location.reload();
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
finally {
|
|
39
|
+
visibilityChangedCalled = false;
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
};
|
|
43
|
+
window.addEventListener('visibilitychange', handleVisibilityChange);
|
|
44
|
+
window.addEventListener('focus', handleVisibilityChange);
|
|
45
|
+
return () => {
|
|
46
|
+
window.removeEventListener('focus', handleVisibilityChange);
|
|
47
|
+
window.removeEventListener('visibilitychange', handleVisibilityChange);
|
|
48
|
+
};
|
|
49
|
+
}, [onSessionExpired]);
|
|
50
|
+
return React.createElement(React.Fragment, null, children);
|
|
51
|
+
};
|
|
52
|
+
exports.AuthKitProvider = AuthKitProvider;
|
|
53
|
+
//# sourceMappingURL=provider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../src/provider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;AAEb,qDAA+B;AAC/B,6CAAkD;AAW3C,MAAM,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,gBAAgB,EAAwB,EAAE,EAAE;IACtF,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE;QACnB,2DAA2D;QAC3D,IAAI,gBAAgB,KAAK,KAAK,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QAED,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,sBAAsB,GAAG,KAAK,IAAI,EAAE;YACxC,IAAI,uBAAuB,EAAE,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,oGAAoG;YACpG,qFAAqF;YACrF,oGAAoG;YACpG,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBAC3C,uBAAuB,GAAG,IAAI,CAAC;gBAE/B,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,IAAA,+BAAkB,GAAE,CAAC;oBAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;oBACrC,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,IAAI,gBAAgB,EAAE,CAAC;wBACrB,gBAAgB,EAAE,CAAC;oBACrB,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAC3B,CAAC;gBACH,CAAC;wBAAS,CAAC;oBACT,uBAAuB,GAAG,KAAK,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACpE,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAEzD,OAAO,GAAG,EAAE;YACV,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;YAC5D,MAAM,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACzE,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAEvB,OAAO,0CAAG,QAAQ,CAAI,CAAC;AACzB,CAAC,CAAC;AA/CW,QAAA,eAAe,mBA+C1B"}
|
package/dist/cjs/session.d.ts
CHANGED
|
@@ -2,6 +2,14 @@ import { NextRequest, NextResponse } from 'next/server';
|
|
|
2
2
|
import { AuthkitMiddlewareAuth, NoUserInfo, Session, UserInfo } from './interfaces.js';
|
|
3
3
|
declare function encryptSession(session: Session): Promise<string>;
|
|
4
4
|
declare function updateSession(request: NextRequest, debug: boolean, middlewareAuth: AuthkitMiddlewareAuth): Promise<NextResponse<unknown>>;
|
|
5
|
+
declare function refreshSession(options?: {
|
|
6
|
+
organizationId?: string;
|
|
7
|
+
ensureSignedIn: false;
|
|
8
|
+
}): Promise<UserInfo | NoUserInfo>;
|
|
9
|
+
declare function refreshSession(options: {
|
|
10
|
+
organizationId?: string;
|
|
11
|
+
ensureSignedIn: true;
|
|
12
|
+
}): Promise<UserInfo>;
|
|
5
13
|
declare function getUser(options?: {
|
|
6
14
|
ensureSignedIn: false;
|
|
7
15
|
}): Promise<UserInfo | NoUserInfo>;
|
|
@@ -9,4 +17,4 @@ declare function getUser(options: {
|
|
|
9
17
|
ensureSignedIn: true;
|
|
10
18
|
}): Promise<UserInfo>;
|
|
11
19
|
declare function terminateSession(): Promise<void>;
|
|
12
|
-
export { encryptSession, getUser, terminateSession, updateSession };
|
|
20
|
+
export { encryptSession, getUser, refreshSession, terminateSession, updateSession };
|
package/dist/cjs/session.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.updateSession = exports.terminateSession = exports.getUser = exports.encryptSession = void 0;
|
|
3
|
+
exports.updateSession = exports.terminateSession = exports.refreshSession = exports.getUser = exports.encryptSession = void 0;
|
|
4
4
|
const navigation_1 = require("next/navigation");
|
|
5
5
|
const headers_1 = require("next/headers");
|
|
6
6
|
const server_1 = require("next/server");
|
|
@@ -70,10 +70,12 @@ async function updateSession(request, debug, middlewareAuth) {
|
|
|
70
70
|
try {
|
|
71
71
|
if (debug)
|
|
72
72
|
console.log('Session invalid. Attempting refresh', session.refreshToken);
|
|
73
|
+
const { org_id: organizationId } = (0, jose_1.decodeJwt)(session.accessToken);
|
|
73
74
|
// If the session is invalid (i.e. the access token has expired) attempt to re-authenticate with the refresh token
|
|
74
75
|
const { accessToken, refreshToken, user, impersonator } = await workos_js_1.workos.userManagement.authenticateWithRefreshToken({
|
|
75
76
|
clientId: env_variables_js_1.WORKOS_CLIENT_ID,
|
|
76
77
|
refreshToken: session.refreshToken,
|
|
78
|
+
organizationId,
|
|
77
79
|
});
|
|
78
80
|
if (debug)
|
|
79
81
|
console.log('Refresh successful:', refreshToken);
|
|
@@ -103,6 +105,40 @@ async function updateSession(request, debug, middlewareAuth) {
|
|
|
103
105
|
}
|
|
104
106
|
}
|
|
105
107
|
exports.updateSession = updateSession;
|
|
108
|
+
async function refreshSession({ organizationId: nextOrganizationId, ensureSignedIn = false, } = {}) {
|
|
109
|
+
const session = await getSessionFromCookie();
|
|
110
|
+
if (!session) {
|
|
111
|
+
if (ensureSignedIn) {
|
|
112
|
+
await redirectToSignIn();
|
|
113
|
+
}
|
|
114
|
+
return { user: null };
|
|
115
|
+
}
|
|
116
|
+
const { org_id: organizationIdFromAccessToken } = (0, jose_1.decodeJwt)(session.accessToken);
|
|
117
|
+
const { accessToken, refreshToken, user, impersonator } = await workos_js_1.workos.userManagement.authenticateWithRefreshToken({
|
|
118
|
+
clientId: env_variables_js_1.WORKOS_CLIENT_ID,
|
|
119
|
+
refreshToken: session.refreshToken,
|
|
120
|
+
organizationId: nextOrganizationId !== null && nextOrganizationId !== void 0 ? nextOrganizationId : organizationIdFromAccessToken,
|
|
121
|
+
});
|
|
122
|
+
// Encrypt session with new access and refresh tokens
|
|
123
|
+
const encryptedSession = await encryptSession({
|
|
124
|
+
accessToken,
|
|
125
|
+
refreshToken,
|
|
126
|
+
user,
|
|
127
|
+
impersonator,
|
|
128
|
+
});
|
|
129
|
+
(0, headers_1.cookies)().set(cookie_js_1.cookieName, encryptedSession, cookie_js_1.cookieOptions);
|
|
130
|
+
const { sid: sessionId, org_id: organizationId, role, permissions } = (0, jose_1.decodeJwt)(accessToken);
|
|
131
|
+
return {
|
|
132
|
+
sessionId,
|
|
133
|
+
user: session.user,
|
|
134
|
+
organizationId,
|
|
135
|
+
role,
|
|
136
|
+
permissions,
|
|
137
|
+
impersonator: session.impersonator,
|
|
138
|
+
accessToken: session.accessToken,
|
|
139
|
+
};
|
|
140
|
+
}
|
|
141
|
+
exports.refreshSession = refreshSession;
|
|
106
142
|
function getMiddlewareAuthPathRegex(pathGlob) {
|
|
107
143
|
let regex;
|
|
108
144
|
try {
|
|
@@ -118,13 +154,16 @@ function getMiddlewareAuthPathRegex(pathGlob) {
|
|
|
118
154
|
throw new Error(`Error parsing routes for middleware auth. Reason: ${message}`);
|
|
119
155
|
}
|
|
120
156
|
}
|
|
157
|
+
async function redirectToSignIn() {
|
|
158
|
+
const url = (0, headers_1.headers)().get('x-url');
|
|
159
|
+
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
160
|
+
(0, navigation_1.redirect)(await (0, get_authorization_url_js_1.getAuthorizationUrl)({ returnPathname }));
|
|
161
|
+
}
|
|
121
162
|
async function getUser({ ensureSignedIn = false } = {}) {
|
|
122
163
|
const session = await getSessionFromHeader('getUser');
|
|
123
164
|
if (!session) {
|
|
124
165
|
if (ensureSignedIn) {
|
|
125
|
-
|
|
126
|
-
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
127
|
-
(0, navigation_1.redirect)(await (0, get_authorization_url_js_1.getAuthorizationUrl)({ returnPathname }));
|
|
166
|
+
await redirectToSignIn();
|
|
128
167
|
}
|
|
129
168
|
return { user: null };
|
|
130
169
|
}
|
package/dist/cjs/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":";;;AAAA,gDAA2C;AAC3C,0CAAgD;AAChD,wCAAwD;AACxD,+BAAgE;AAChE,+CAAoD;AACpD,2CAAwD;AACxD,2CAAqC;AACrC,yDAAmG;AACnG,yEAAiE;AAGjE,mDAAuD;AAEvD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AAEnD,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,kBAAM,CAAC,cAAc,CAAC,UAAU,CAAC,mCAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,IAAA,uBAAQ,EAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":";;;AAAA,gDAA2C;AAC3C,0CAAgD;AAChD,wCAAwD;AACxD,+BAAgE;AAChE,+CAAoD;AACpD,2CAAwD;AACxD,2CAAqC;AACrC,yDAAmG;AACnG,yEAAiE;AAGjE,mDAAuD;AAEvD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AAEnD,MAAM,IAAI,GAAG,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,kBAAM,CAAC,cAAc,CAAC,UAAU,CAAC,mCAAgB,CAAC,CAAC,CAAC,CAAC;AAE7F,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,IAAA,uBAAQ,EAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AACjE,CAAC;AA2PQ,wCAAc;AAzPvB,KAAK,UAAU,aAAa,CAAC,OAAoB,EAAE,KAAc,EAAE,cAAqC;IACtG,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,sCAAmB,CAAC,CAAC;IAEzC,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACpE,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QAE1F,OAAO,qBAAY,CAAC,QAAQ,CAAC,MAAM,IAAA,8CAAmB,EAAC,EAAE,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9G,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,qBAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3C,wEAAwE;QACxE,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAC3E,OAAO,qBAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC;QACH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAEpF,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,IAAA,gBAAS,EAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE/E,kHAAkH;QAClH,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;YACjH,QAAQ,EAAE,mCAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc;SACf,CAAC,CAAC;QAEH,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;QAE5D,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,oBAAoB;QACpB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAU,EAAE,gBAAgB,EAAE,yBAAa,CAAC,CAAC;QAClE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,qDAAqD,EAAE,CAAC,CAAC,CAAC;QACjF,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC,CAAC,CAAC;QACH,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAU,CAAC,CAAC;QACpC,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAqJmE,sCAAa;AA9IjF,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,IAAA,gBAAS,EAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,MAAM,kBAAM,CAAC,cAAc,CAAC,4BAA4B,CAAC;QACjH,QAAQ,EAAE,mCAAgB;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;KACpE,CAAC,CAAC;IAEH,qDAAqD;IACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;QAC5C,WAAW;QACX,YAAY;QACZ,IAAI;QACJ,YAAY;KACb,CAAC,CAAC;IAEH,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,EAAE,gBAAgB,EAAE,yBAAa,CAAC,CAAC;IAE3D,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,gBAAS,EAAc,WAAW,CAAC,CAAC;IAE1G,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAkGiC,wCAAc;AAhGhD,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,KAAa,CAAC;IAElB,IAAI,CAAC;QACH,iDAAiD;QACjD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,sCAAmB,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,IAAA,sBAAK,EAAC,IAAI,CAAC,CAAC;QAC3B,KAAK,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAEtC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;IAC7B,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,cAAc,GAAG,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAChE,IAAA,qBAAQ,EAAC,MAAM,IAAA,8CAAmB,EAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AAID,KAAK,UAAU,OAAO,CAAC,EAAE,cAAc,GAAG,KAAK,EAAE,GAAG,EAAE;IACpD,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAA,gBAAS,EAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAElH,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAiDwB,0BAAO;AA/ChC,KAAK,UAAU,gBAAgB;IAC7B,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,OAAO,EAAE,CAAC;IACtC,IAAI,SAAS,EAAE,CAAC;QACd,IAAA,qBAAQ,EAAC,kBAAM,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAA,qBAAQ,EAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAyCiD,4CAAgB;AAvClE,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,IAAA,gBAAS,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,MAAM,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,sBAAU,CAAC,CAAC;IACzC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,IAAA,yBAAU,EAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,yCAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,MAAc;IAChD,MAAM,aAAa,GAAG,OAAO,CAAC,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAEnE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,qBAAqB,MAAM,qHAAqH,MAAM,uEAAuE,CAC9N,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,iBAAO,GAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,IAAA,yBAAU,EAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,yCAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC"}
|
package/dist/cjs/workos.d.ts
CHANGED
package/dist/cjs/workos.js
CHANGED
|
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.workos = exports.VERSION = void 0;
|
|
4
4
|
const node_1 = require("@workos-inc/node");
|
|
5
5
|
const env_variables_js_1 = require("./env-variables.js");
|
|
6
|
-
exports.VERSION = '0.
|
|
6
|
+
exports.VERSION = '0.10.0';
|
|
7
7
|
const options = {
|
|
8
8
|
apiHostname: env_variables_js_1.WORKOS_API_HOSTNAME,
|
|
9
9
|
https: env_variables_js_1.WORKOS_API_HTTPS ? env_variables_js_1.WORKOS_API_HTTPS === 'true' : true,
|
package/dist/cjs/workos.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"workos.js","sourceRoot":"","sources":["../../src/workos.ts"],"names":[],"mappings":";;;AAAA,2CAA0C;AAC1C,yDAA4G;AAE/F,QAAA,OAAO,GAAG,
|
|
1
|
+
{"version":3,"file":"workos.js","sourceRoot":"","sources":["../../src/workos.ts"],"names":[],"mappings":";;;AAAA,2CAA0C;AAC1C,yDAA4G;AAE/F,QAAA,OAAO,GAAG,QAAQ,CAAC;AAEhC,MAAM,OAAO,GAAG;IACd,WAAW,EAAE,sCAAmB;IAChC,KAAK,EAAE,mCAAgB,CAAC,CAAC,CAAC,mCAAgB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI;IAC5D,IAAI,EAAE,kCAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,kCAAe,CAAC,CAAC,CAAC,CAAC,SAAS;IAC7D,OAAO,EAAE;QACP,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,eAAO;KACjB;CACF,CAAC;AAEF,+BAA+B;AAC/B,MAAM,MAAM,GAAG,IAAI,aAAM,CAAC,iCAAc,EAAE,OAAO,CAAC,CAAC;AAE1C,wBAAM"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@workos-inc/authkit-nextjs",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.10.0",
|
|
4
4
|
"description": "Authentication and session helpers for using WorkOS & AuthKit with Next.js",
|
|
5
5
|
"sideEffects": false,
|
|
6
6
|
"type": "commonjs",
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
"test": "echo \"Error: no test specified\" && exit 1"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@workos-inc/node": "7.
|
|
24
|
+
"@workos-inc/node": "7.21.0",
|
|
25
25
|
"iron-session": "^8.0.1",
|
|
26
26
|
"jose": "^5.2.3",
|
|
27
27
|
"path-to-regexp": "^6.2.2"
|
|
@@ -39,6 +39,7 @@
|
|
|
39
39
|
"eslint-config-prettier": "^9.1.0",
|
|
40
40
|
"eslint-plugin-require-extensions": "^0.1.3",
|
|
41
41
|
"next": "^14.1.3",
|
|
42
|
+
"prettier": "^3.3.3",
|
|
42
43
|
"typescript": "5.4.2",
|
|
43
44
|
"typescript-eslint": "^7.2.0"
|
|
44
45
|
},
|
|
@@ -51,4 +52,4 @@
|
|
|
51
52
|
"bugs": {
|
|
52
53
|
"url": "https://github.com/workos/authkit-nextjs/issues"
|
|
53
54
|
}
|
|
54
|
-
}
|
|
55
|
+
}
|
package/src/actions.ts
ADDED
package/src/auth.ts
CHANGED
|
@@ -3,8 +3,8 @@ import { cookies } from 'next/headers';
|
|
|
3
3
|
import { cookieName } from './cookie.js';
|
|
4
4
|
import { terminateSession } from './session.js';
|
|
5
5
|
|
|
6
|
-
async function getSignInUrl() {
|
|
7
|
-
return getAuthorizationUrl({ screenHint: 'sign-in' });
|
|
6
|
+
async function getSignInUrl({ organizationId }: { organizationId?: string } = {}) {
|
|
7
|
+
return getAuthorizationUrl({ organizationId, screenHint: 'sign-in' });
|
|
8
8
|
}
|
|
9
9
|
|
|
10
10
|
async function getSignUpUrl() {
|
package/src/cookie.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE } from './env-variables.js';
|
|
1
|
+
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
|
|
2
2
|
|
|
3
3
|
const redirectUrl = new URL(WORKOS_REDIRECT_URI);
|
|
4
4
|
const isSecureProtocol = redirectUrl.protocol === 'https:';
|
|
@@ -13,6 +13,7 @@ const cookieOptions = {
|
|
|
13
13
|
// It's fine to have a long cookie expiry date as the access/refresh tokens
|
|
14
14
|
// act as the actual time-limited aspects of the session.
|
|
15
15
|
maxAge: WORKOS_COOKIE_MAX_AGE ? parseInt(WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400,
|
|
16
|
+
domain: WORKOS_COOKIE_DOMAIN,
|
|
16
17
|
};
|
|
17
18
|
|
|
18
19
|
export { cookieName, cookieOptions };
|
package/src/env-variables.ts
CHANGED
|
@@ -17,6 +17,7 @@ const WORKOS_COOKIE_PASSWORD = getEnvVariable('WORKOS_COOKIE_PASSWORD');
|
|
|
17
17
|
const WORKOS_API_HOSTNAME = getOptionalEnvVariable('WORKOS_API_HOSTNAME');
|
|
18
18
|
const WORKOS_API_HTTPS = getOptionalEnvVariable('WORKOS_API_HTTPS');
|
|
19
19
|
const WORKOS_API_PORT = getOptionalEnvVariable('WORKOS_API_PORT');
|
|
20
|
+
const WORKOS_COOKIE_DOMAIN = getOptionalEnvVariable('WORKOS_COOKIE_DOMAIN');
|
|
20
21
|
const WORKOS_COOKIE_MAX_AGE = getOptionalEnvVariable('WORKOS_COOKIE_MAX_AGE');
|
|
21
22
|
|
|
22
23
|
if (WORKOS_COOKIE_PASSWORD.length < 32) {
|
|
@@ -31,5 +32,6 @@ export {
|
|
|
31
32
|
WORKOS_API_HOSTNAME,
|
|
32
33
|
WORKOS_API_HTTPS,
|
|
33
34
|
WORKOS_API_PORT,
|
|
35
|
+
WORKOS_COOKIE_DOMAIN,
|
|
34
36
|
WORKOS_COOKIE_MAX_AGE,
|
|
35
37
|
};
|
|
@@ -3,7 +3,7 @@ import { WORKOS_CLIENT_ID, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
|
3
3
|
import { GetAuthURLOptions } from './interfaces.js';
|
|
4
4
|
|
|
5
5
|
async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
6
|
-
const { returnPathname, screenHint } = options;
|
|
6
|
+
const { returnPathname, screenHint, organizationId } = options;
|
|
7
7
|
|
|
8
8
|
return workos.userManagement.getAuthorizationUrl({
|
|
9
9
|
provider: 'authkit',
|
|
@@ -11,6 +11,7 @@ async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
|
11
11
|
redirectUri: WORKOS_REDIRECT_URI,
|
|
12
12
|
state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
|
|
13
13
|
screenHint,
|
|
14
|
+
organizationId,
|
|
14
15
|
});
|
|
15
16
|
}
|
|
16
17
|
|
package/src/index.ts
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
import { handleAuth } from './authkit-callback-route.js';
|
|
2
2
|
import { authkitMiddleware } from './middleware.js';
|
|
3
|
-
import { getUser } from './session.js';
|
|
3
|
+
import { getUser, refreshSession } from './session.js';
|
|
4
4
|
import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
|
|
5
5
|
import { Impersonation } from './impersonation.js';
|
|
6
|
+
import { AuthKitProvider } from './provider.js';
|
|
6
7
|
|
|
7
8
|
export {
|
|
8
9
|
handleAuth,
|
|
@@ -12,7 +13,9 @@ export {
|
|
|
12
13
|
getSignInUrl,
|
|
13
14
|
getSignUpUrl,
|
|
14
15
|
getUser,
|
|
16
|
+
refreshSession,
|
|
15
17
|
signOut,
|
|
16
18
|
//
|
|
17
19
|
Impersonation,
|
|
20
|
+
AuthKitProvider,
|
|
18
21
|
};
|
package/src/interfaces.ts
CHANGED
package/src/provider.tsx
ADDED
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
'use client';
|
|
2
|
+
|
|
3
|
+
import * as React from 'react';
|
|
4
|
+
import { checkSessionAction } from './actions.js';
|
|
5
|
+
|
|
6
|
+
interface AuthKitProviderProps {
|
|
7
|
+
children: React.ReactNode;
|
|
8
|
+
/**
|
|
9
|
+
* Customize what happens when a session is expired. By default,the entire page will be reloaded.
|
|
10
|
+
* You can also pass this as `false` to disable the expired session checks.
|
|
11
|
+
*/
|
|
12
|
+
onSessionExpired?: false | (() => void);
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
export const AuthKitProvider = ({ children, onSessionExpired }: AuthKitProviderProps) => {
|
|
16
|
+
React.useEffect(() => {
|
|
17
|
+
// Return early if the session expired checks are disabled.
|
|
18
|
+
if (onSessionExpired === false) {
|
|
19
|
+
return;
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
let visibilityChangedCalled = false;
|
|
23
|
+
|
|
24
|
+
const handleVisibilityChange = async () => {
|
|
25
|
+
if (visibilityChangedCalled) {
|
|
26
|
+
return;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
// In the case where we're using middleware auth mode, a user that has signed out in a different tab
|
|
30
|
+
// will run into an issue if they attempt to hit a server action in the original tab.
|
|
31
|
+
// This will force a refresh of the page in that case, which will redirect them to the sign-in page.
|
|
32
|
+
if (document.visibilityState === 'visible') {
|
|
33
|
+
visibilityChangedCalled = true;
|
|
34
|
+
|
|
35
|
+
try {
|
|
36
|
+
const hasSession = await checkSessionAction();
|
|
37
|
+
if (!hasSession) {
|
|
38
|
+
throw new Error('Session expired');
|
|
39
|
+
}
|
|
40
|
+
} catch (error) {
|
|
41
|
+
if (onSessionExpired) {
|
|
42
|
+
onSessionExpired();
|
|
43
|
+
} else {
|
|
44
|
+
window.location.reload();
|
|
45
|
+
}
|
|
46
|
+
} finally {
|
|
47
|
+
visibilityChangedCalled = false;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
window.addEventListener('visibilitychange', handleVisibilityChange);
|
|
53
|
+
window.addEventListener('focus', handleVisibilityChange);
|
|
54
|
+
|
|
55
|
+
return () => {
|
|
56
|
+
window.removeEventListener('focus', handleVisibilityChange);
|
|
57
|
+
window.removeEventListener('visibilitychange', handleVisibilityChange);
|
|
58
|
+
};
|
|
59
|
+
}, [onSessionExpired]);
|
|
60
|
+
|
|
61
|
+
return <>{children}</>;
|
|
62
|
+
};
|
package/src/session.ts
CHANGED
|
@@ -85,10 +85,13 @@ async function updateSession(request: NextRequest, debug: boolean, middlewareAut
|
|
|
85
85
|
try {
|
|
86
86
|
if (debug) console.log('Session invalid. Attempting refresh', session.refreshToken);
|
|
87
87
|
|
|
88
|
+
const { org_id: organizationId } = decodeJwt<AccessToken>(session.accessToken);
|
|
89
|
+
|
|
88
90
|
// If the session is invalid (i.e. the access token has expired) attempt to re-authenticate with the refresh token
|
|
89
91
|
const { accessToken, refreshToken, user, impersonator } = await workos.userManagement.authenticateWithRefreshToken({
|
|
90
92
|
clientId: WORKOS_CLIENT_ID,
|
|
91
93
|
refreshToken: session.refreshToken,
|
|
94
|
+
organizationId,
|
|
92
95
|
});
|
|
93
96
|
|
|
94
97
|
if (debug) console.log('Refresh successful:', refreshToken);
|
|
@@ -119,6 +122,57 @@ async function updateSession(request: NextRequest, debug: boolean, middlewareAut
|
|
|
119
122
|
}
|
|
120
123
|
}
|
|
121
124
|
|
|
125
|
+
async function refreshSession(options?: {
|
|
126
|
+
organizationId?: string;
|
|
127
|
+
ensureSignedIn: false;
|
|
128
|
+
}): Promise<UserInfo | NoUserInfo>;
|
|
129
|
+
async function refreshSession(options: { organizationId?: string; ensureSignedIn: true }): Promise<UserInfo>;
|
|
130
|
+
async function refreshSession({
|
|
131
|
+
organizationId: nextOrganizationId,
|
|
132
|
+
ensureSignedIn = false,
|
|
133
|
+
}: {
|
|
134
|
+
organizationId?: string;
|
|
135
|
+
ensureSignedIn?: boolean;
|
|
136
|
+
} = {}) {
|
|
137
|
+
const session = await getSessionFromCookie();
|
|
138
|
+
if (!session) {
|
|
139
|
+
if (ensureSignedIn) {
|
|
140
|
+
await redirectToSignIn();
|
|
141
|
+
}
|
|
142
|
+
return { user: null };
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
const { org_id: organizationIdFromAccessToken } = decodeJwt<AccessToken>(session.accessToken);
|
|
146
|
+
|
|
147
|
+
const { accessToken, refreshToken, user, impersonator } = await workos.userManagement.authenticateWithRefreshToken({
|
|
148
|
+
clientId: WORKOS_CLIENT_ID,
|
|
149
|
+
refreshToken: session.refreshToken,
|
|
150
|
+
organizationId: nextOrganizationId ?? organizationIdFromAccessToken,
|
|
151
|
+
});
|
|
152
|
+
|
|
153
|
+
// Encrypt session with new access and refresh tokens
|
|
154
|
+
const encryptedSession = await encryptSession({
|
|
155
|
+
accessToken,
|
|
156
|
+
refreshToken,
|
|
157
|
+
user,
|
|
158
|
+
impersonator,
|
|
159
|
+
});
|
|
160
|
+
|
|
161
|
+
cookies().set(cookieName, encryptedSession, cookieOptions);
|
|
162
|
+
|
|
163
|
+
const { sid: sessionId, org_id: organizationId, role, permissions } = decodeJwt<AccessToken>(accessToken);
|
|
164
|
+
|
|
165
|
+
return {
|
|
166
|
+
sessionId,
|
|
167
|
+
user: session.user,
|
|
168
|
+
organizationId,
|
|
169
|
+
role,
|
|
170
|
+
permissions,
|
|
171
|
+
impersonator: session.impersonator,
|
|
172
|
+
accessToken: session.accessToken,
|
|
173
|
+
};
|
|
174
|
+
}
|
|
175
|
+
|
|
122
176
|
function getMiddlewareAuthPathRegex(pathGlob: string) {
|
|
123
177
|
let regex: string;
|
|
124
178
|
|
|
@@ -138,17 +192,19 @@ function getMiddlewareAuthPathRegex(pathGlob: string) {
|
|
|
138
192
|
}
|
|
139
193
|
}
|
|
140
194
|
|
|
141
|
-
async function
|
|
195
|
+
async function redirectToSignIn() {
|
|
196
|
+
const url = headers().get('x-url');
|
|
197
|
+
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
198
|
+
redirect(await getAuthorizationUrl({ returnPathname }));
|
|
199
|
+
}
|
|
142
200
|
|
|
201
|
+
async function getUser(options?: { ensureSignedIn: false }): Promise<UserInfo | NoUserInfo>;
|
|
143
202
|
async function getUser(options: { ensureSignedIn: true }): Promise<UserInfo>;
|
|
144
|
-
|
|
145
203
|
async function getUser({ ensureSignedIn = false } = {}) {
|
|
146
204
|
const session = await getSessionFromHeader('getUser');
|
|
147
205
|
if (!session) {
|
|
148
206
|
if (ensureSignedIn) {
|
|
149
|
-
|
|
150
|
-
const returnPathname = url ? getReturnPathname(url) : undefined;
|
|
151
|
-
redirect(await getAuthorizationUrl({ returnPathname }));
|
|
207
|
+
await redirectToSignIn();
|
|
152
208
|
}
|
|
153
209
|
return { user: null };
|
|
154
210
|
}
|
|
@@ -213,4 +269,4 @@ function getReturnPathname(url: string): string {
|
|
|
213
269
|
return `${newUrl.pathname}${newUrl.searchParams.size > 0 ? '?' + newUrl.searchParams.toString() : ''}`;
|
|
214
270
|
}
|
|
215
271
|
|
|
216
|
-
export { encryptSession, getUser, terminateSession, updateSession };
|
|
272
|
+
export { encryptSession, getUser, refreshSession, terminateSession, updateSession };
|
package/src/workos.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
|
|
4
|
-
export const VERSION = '0.
|
|
4
|
+
export const VERSION = '0.10.0';
|
|
5
5
|
|
|
6
6
|
const options = {
|
|
7
7
|
apiHostname: WORKOS_API_HOSTNAME,
|