@workos-inc/authkit-nextjs 0.9.0 → 0.10.1

package/README.md

@@ -92,6 +92,24 @@ export const config = { matcher: ['/', '/admin'] };
 
 ## Usage
 
+### Wrap your app in `AuthKitProvider`
+
+Use `AuthKitProvider` to wrap your app layout, which adds some protections for auth edge cases.
+
+```jsx
+import { AuthKitProvider } from '@workos-inc/authkit-nextjs';
+
+export default function RootLayout({ children }: { children: React.ReactNode }) {
+  return (
+    <html lang="en">
+      <body>
+        <AuthKitProvider>{children}</AuthKitProvider>
+      </body>
+    </html>
+  );
+}
+```
+
 ### Get the current user
 
 For pages where you want to display a signed-in and signed-out view, use `getUser` to retrieve the user profile from WorkOS.

package/dist/cjs/actions.d.ts

@@ -0,0 +1,6 @@
+/**
+ * This action is only accessible to authenticated users,
+ * there is no need to check the session here as the middleware will
+ * be responsible for that.
+ */
+export declare const checkSessionAction: () => Promise<boolean>;

package/dist/cjs/actions.js

@@ -0,0 +1,14 @@
+"use strict";
+'use server';
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkSessionAction = void 0;
+/**
+ * This action is only accessible to authenticated users,
+ * there is no need to check the session here as the middleware will
+ * be responsible for that.
+ */
+const checkSessionAction = async () => {
+    return true;
+};
+exports.checkSessionAction = checkSessionAction;
+//# sourceMappingURL=actions.js.map

package/dist/cjs/actions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"actions.js","sourceRoot":"","sources":["../../src/actions.ts"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;AAEb;;;;GAIG;AACI,MAAM,kBAAkB,GAAG,KAAK,IAAI,EAAE;IAC3C,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAFW,QAAA,kBAAkB,sBAE7B"}

package/dist/cjs/index.d.ts

@@ -3,4 +3,5 @@ import { authkitMiddleware } from './middleware.js';
 import { getUser, refreshSession } from './session.js';
 import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
 import { Impersonation } from './impersonation.js';
-export { handleAuth, authkitMiddleware, getSignInUrl, getSignUpUrl, getUser, refreshSession, signOut, Impersonation, };
+import { AuthKitProvider } from './provider.js';
+export { handleAuth, authkitMiddleware, getSignInUrl, getSignUpUrl, getUser, refreshSession, signOut, Impersonation, AuthKitProvider, };

package/dist/cjs/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Impersonation = exports.signOut = exports.refreshSession = exports.getUser = exports.getSignUpUrl = exports.getSignInUrl = exports.authkitMiddleware = exports.handleAuth = void 0;
+exports.AuthKitProvider = exports.Impersonation = exports.signOut = exports.refreshSession = exports.getUser = exports.getSignUpUrl = exports.getSignInUrl = exports.authkitMiddleware = exports.handleAuth = void 0;
 const authkit_callback_route_js_1 = require("./authkit-callback-route.js");
 Object.defineProperty(exports, "handleAuth", { enumerable: true, get: function () { return authkit_callback_route_js_1.handleAuth; } });
 const middleware_js_1 = require("./middleware.js");
@@ -14,4 +14,6 @@ Object.defineProperty(exports, "getSignUpUrl", { enumerable: true, get: function
 Object.defineProperty(exports, "signOut", { enumerable: true, get: function () { return auth_js_1.signOut; } });
 const impersonation_js_1 = require("./impersonation.js");
 Object.defineProperty(exports, "Impersonation", { enumerable: true, get: function () { return impersonation_js_1.Impersonation; } });
+const provider_js_1 = require("./provider.js");
+Object.defineProperty(exports, "AuthKitProvider", { enumerable: true, get: function () { return provider_js_1.AuthKitProvider; } });
 //# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,2EAAyD;AAOvD,2FAPO,sCAAU,OAOP;AANZ,mDAAoD;AAQlD,kGARO,iCAAiB,OAQP;AAPnB,6CAAuD;AAWrD,wFAXO,oBAAO,OAWP;AACP,+FAZgB,2BAAc,OAYhB;AAXhB,uCAAgE;AAQ9D,6FARO,sBAAY,OAQP;AACZ,6FATqB,sBAAY,OASrB;AAGZ,wFAZmC,iBAAO,OAYnC;AAXT,yDAAmD;AAajD,8FAbO,gCAAa,OAaP"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,2EAAyD;AAQvD,2FARO,sCAAU,OAQP;AAPZ,mDAAoD;AASlD,kGATO,iCAAiB,OASP;AARnB,6CAAuD;AAYrD,wFAZO,oBAAO,OAYP;AACP,+FAbgB,2BAAc,OAahB;AAZhB,uCAAgE;AAS9D,6FATO,sBAAY,OASP;AACZ,6FAVqB,sBAAY,OAUrB;AAGZ,wFAbmC,iBAAO,OAanC;AAZT,yDAAmD;AAcjD,8FAdO,gCAAa,OAcP;AAbf,+CAAgD;AAc9C,gGAdO,6BAAe,OAcP"}

package/dist/cjs/provider.d.ts

@@ -0,0 +1,11 @@
+import * as React from 'react';
+interface AuthKitProviderProps {
+    children: React.ReactNode;
+    /**
+     * Customize what happens when a session is expired. By default,the entire page will be reloaded.
+     * You can also pass this as `false` to disable the expired session checks.
+     */
+    onSessionExpired?: false | (() => void);
+}
+export declare const AuthKitProvider: ({ children, onSessionExpired }: AuthKitProviderProps) => React.JSX.Element;
+export {};

package/dist/cjs/provider.js

@@ -0,0 +1,53 @@
+"use strict";
+'use client';
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthKitProvider = void 0;
+const tslib_1 = require("tslib");
+const React = tslib_1.__importStar(require("react"));
+const actions_js_1 = require("./actions.js");
+const AuthKitProvider = ({ children, onSessionExpired = false }) => {
+    React.useEffect(() => {
+        // Return early if the session expired checks are disabled.
+        if (onSessionExpired === false) {
+            return;
+        }
+        let visibilityChangedCalled = false;
+        const handleVisibilityChange = async () => {
+            if (visibilityChangedCalled) {
+                return;
+            }
+            // In the case where we're using middleware auth mode, a user that has signed out in a different tab
+            // will run into an issue if they attempt to hit a server action in the original tab.
+            // This will force a refresh of the page in that case, which will redirect them to the sign-in page.
+            if (document.visibilityState === 'visible') {
+                visibilityChangedCalled = true;
+                try {
+                    const hasSession = await (0, actions_js_1.checkSessionAction)();
+                    if (!hasSession) {
+                        throw new Error('Session expired');
+                    }
+                }
+                catch (error) {
+                    if (onSessionExpired) {
+                        onSessionExpired();
+                    }
+                    else {
+                        window.location.reload();
+                    }
+                }
+                finally {
+                    visibilityChangedCalled = false;
+                }
+            }
+        };
+        window.addEventListener('visibilitychange', handleVisibilityChange);
+        window.addEventListener('focus', handleVisibilityChange);
+        return () => {
+            window.removeEventListener('focus', handleVisibilityChange);
+            window.removeEventListener('visibilitychange', handleVisibilityChange);
+        };
+    }, [onSessionExpired]);
+    return React.createElement(React.Fragment, null, children);
+};
+exports.AuthKitProvider = AuthKitProvider;
+//# sourceMappingURL=provider.js.map

package/dist/cjs/provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../src/provider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;AAEb,qDAA+B;AAC/B,6CAAkD;AAW3C,MAAM,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,gBAAgB,GAAG,KAAK,EAAwB,EAAE,EAAE;IAC9F,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE;QACnB,2DAA2D;QAC3D,IAAI,gBAAgB,KAAK,KAAK,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QAED,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,sBAAsB,GAAG,KAAK,IAAI,EAAE;YACxC,IAAI,uBAAuB,EAAE,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,oGAAoG;YACpG,qFAAqF;YACrF,oGAAoG;YACpG,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBAC3C,uBAAuB,GAAG,IAAI,CAAC;gBAE/B,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,IAAA,+BAAkB,GAAE,CAAC;oBAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;oBACrC,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,IAAI,gBAAgB,EAAE,CAAC;wBACrB,gBAAgB,EAAE,CAAC;oBACrB,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAC3B,CAAC;gBACH,CAAC;wBAAS,CAAC;oBACT,uBAAuB,GAAG,KAAK,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACpE,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAEzD,OAAO,GAAG,EAAE;YACV,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;YAC5D,MAAM,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACzE,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAEvB,OAAO,0CAAG,QAAQ,CAAI,CAAC;AACzB,CAAC,CAAC;AA/CW,QAAA,eAAe,mBA+C1B"}

package/dist/cjs/workos.d.ts

@@ -1,4 +1,4 @@
 import { WorkOS } from '@workos-inc/node';
-export declare const VERSION = "0.9.0";
+export declare const VERSION = "0.10.1";
 declare const workos: WorkOS;
 export { workos };

package/dist/cjs/workos.js

@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.workos = exports.VERSION = void 0;
 const node_1 = require("@workos-inc/node");
 const env_variables_js_1 = require("./env-variables.js");
-exports.VERSION = '0.9.0';
+exports.VERSION = '0.10.1';
 const options = {
     apiHostname: env_variables_js_1.WORKOS_API_HOSTNAME,
     https: env_variables_js_1.WORKOS_API_HTTPS ? env_variables_js_1.WORKOS_API_HTTPS === 'true' : true,

package/dist/cjs/workos.js.map

@@ -1 +1 @@
-{"version":3,"file":"workos.js","sourceRoot":"","sources":["../../src/workos.ts"],"names":[],"mappings":";;;AAAA,2CAA0C;AAC1C,yDAA4G;AAE/F,QAAA,OAAO,GAAG,OAAO,CAAC;AAE/B,MAAM,OAAO,GAAG;IACd,WAAW,EAAE,sCAAmB;IAChC,KAAK,EAAE,mCAAgB,CAAC,CAAC,CAAC,mCAAgB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI;IAC5D,IAAI,EAAE,kCAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,kCAAe,CAAC,CAAC,CAAC,CAAC,SAAS;IAC7D,OAAO,EAAE;QACP,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,eAAO;KACjB;CACF,CAAC;AAEF,+BAA+B;AAC/B,MAAM,MAAM,GAAG,IAAI,aAAM,CAAC,iCAAc,EAAE,OAAO,CAAC,CAAC;AAE1C,wBAAM"}
+{"version":3,"file":"workos.js","sourceRoot":"","sources":["../../src/workos.ts"],"names":[],"mappings":";;;AAAA,2CAA0C;AAC1C,yDAA4G;AAE/F,QAAA,OAAO,GAAG,QAAQ,CAAC;AAEhC,MAAM,OAAO,GAAG;IACd,WAAW,EAAE,sCAAmB;IAChC,KAAK,EAAE,mCAAgB,CAAC,CAAC,CAAC,mCAAgB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI;IAC5D,IAAI,EAAE,kCAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,kCAAe,CAAC,CAAC,CAAC,CAAC,SAAS;IAC7D,OAAO,EAAE;QACP,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,eAAO;KACjB;CACF,CAAC;AAEF,+BAA+B;AAC/B,MAAM,MAAM,GAAG,IAAI,aAAM,CAAC,iCAAc,EAAE,OAAO,CAAC,CAAC;AAE1C,wBAAM"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@workos-inc/authkit-nextjs",
-  "version": "0.9.0",
+  "version": "0.10.1",
   "description": "Authentication and session helpers for using WorkOS & AuthKit with Next.js",
   "sideEffects": false,
   "type": "commonjs",

package/src/actions.ts

@@ -0,0 +1,10 @@
+'use server';
+
+/**
+ * This action is only accessible to authenticated users,
+ * there is no need to check the session here as the middleware will
+ * be responsible for that.
+ */
+export const checkSessionAction = async () => {
+  return true;
+};

package/src/index.ts

@@ -3,6 +3,7 @@ import { authkitMiddleware } from './middleware.js';
 import { getUser, refreshSession } from './session.js';
 import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
 import { Impersonation } from './impersonation.js';
+import { AuthKitProvider } from './provider.js';
 
 export {
   handleAuth,
@@ -16,4 +17,5 @@ export {
   signOut,
   //
   Impersonation,
+  AuthKitProvider,
 };

package/src/provider.tsx

@@ -0,0 +1,62 @@
+'use client';
+
+import * as React from 'react';
+import { checkSessionAction } from './actions.js';
+
+interface AuthKitProviderProps {
+  children: React.ReactNode;
+  /**
+   * Customize what happens when a session is expired. By default,the entire page will be reloaded.
+   * You can also pass this as `false` to disable the expired session checks.
+   */
+  onSessionExpired?: false | (() => void);
+}
+
+export const AuthKitProvider = ({ children, onSessionExpired = false }: AuthKitProviderProps) => {
+  React.useEffect(() => {
+    // Return early if the session expired checks are disabled.
+    if (onSessionExpired === false) {
+      return;
+    }
+
+    let visibilityChangedCalled = false;
+
+    const handleVisibilityChange = async () => {
+      if (visibilityChangedCalled) {
+        return;
+      }
+
+      // In the case where we're using middleware auth mode, a user that has signed out in a different tab
+      // will run into an issue if they attempt to hit a server action in the original tab.
+      // This will force a refresh of the page in that case, which will redirect them to the sign-in page.
+      if (document.visibilityState === 'visible') {
+        visibilityChangedCalled = true;
+
+        try {
+          const hasSession = await checkSessionAction();
+          if (!hasSession) {
+            throw new Error('Session expired');
+          }
+        } catch (error) {
+          if (onSessionExpired) {
+            onSessionExpired();
+          } else {
+            window.location.reload();
+          }
+        } finally {
+          visibilityChangedCalled = false;
+        }
+      }
+    };
+
+    window.addEventListener('visibilitychange', handleVisibilityChange);
+    window.addEventListener('focus', handleVisibilityChange);
+
+    return () => {
+      window.removeEventListener('focus', handleVisibilityChange);
+      window.removeEventListener('visibilitychange', handleVisibilityChange);
+    };
+  }, [onSessionExpired]);
+
+  return <>{children}</>;
+};

package/src/workos.ts

@@ -1,7 +1,7 @@
 import { WorkOS } from '@workos-inc/node';
 import { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT } from './env-variables.js';
 
-export const VERSION = '0.9.0';
+export const VERSION = '0.10.1';
 
 const options = {
   apiHostname: WORKOS_API_HOSTNAME,