@workos-inc/authkit-nextjs 2.0.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +53 -3
- package/dist/esm/actions.js +4 -1
- package/dist/esm/actions.js.map +1 -1
- package/dist/esm/auth.js +51 -9
- package/dist/esm/auth.js.map +1 -1
- package/dist/esm/authkit-callback-route.js +3 -10
- package/dist/esm/authkit-callback-route.js.map +1 -1
- package/dist/esm/components/authkit-provider.js +14 -1
- package/dist/esm/components/authkit-provider.js.map +1 -1
- package/dist/esm/cookie.js +12 -4
- package/dist/esm/cookie.js.map +1 -1
- package/dist/esm/env-variables.js +2 -1
- package/dist/esm/env-variables.js.map +1 -1
- package/dist/esm/get-authorization-url.js +2 -1
- package/dist/esm/get-authorization-url.js.map +1 -1
- package/dist/esm/index.js +3 -7
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/session.js +48 -18
- package/dist/esm/session.js.map +1 -1
- package/dist/esm/types/actions.d.ts +2 -1
- package/dist/esm/types/auth.d.ts +11 -4
- package/dist/esm/types/components/authkit-provider.d.ts +4 -0
- package/dist/esm/types/env-variables.d.ts +2 -1
- package/dist/esm/types/index.d.ts +3 -3
- package/dist/esm/types/interfaces.d.ts +7 -1
- package/dist/esm/types/session.d.ts +35 -1
- package/dist/esm/types/workos.d.ts +1 -1
- package/dist/esm/workos.js +1 -1
- package/package.json +1 -1
- package/src/actions.ts +6 -2
- package/src/auth.ts +63 -9
- package/src/authkit-callback-route.ts +3 -11
- package/src/components/authkit-provider.tsx +28 -1
- package/src/cookie.ts +20 -4
- package/src/env-variables.ts +2 -0
- package/src/get-authorization-url.ts +8 -1
- package/src/index.ts +8 -8
- package/src/interfaces.ts +8 -1
- package/src/session.ts +58 -24
- package/src/workos.ts +1 -1
package/README.md
CHANGED
|
@@ -54,11 +54,16 @@ WORKOS_COOKIE_NAME='authkit-cookie'
|
|
|
54
54
|
WORKOS_API_HOSTNAME='api.workos.com' # base WorkOS API URL
|
|
55
55
|
WORKOS_API_HTTPS=true # whether to use HTTPS in API calls
|
|
56
56
|
WORKOS_API_PORT=3000 # port to use for API calls
|
|
57
|
+
|
|
58
|
+
# Only change this if you specifically need cross-origin cookie support.
|
|
59
|
+
WORKOS_COOKIE_SAMESITE='lax' # SameSite attribute for cookies: 'lax' (default), 'strict', or 'none'.
|
|
57
60
|
```
|
|
58
61
|
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
+
>[!WARNING]
|
|
63
|
+
>Setting `WORKOS_COOKIE_SAMESITE='none'` allows cookies to be sent in cross-origin contexts (like iframes), but reduces protection against CSRF attacks. This setting forces cookies to be secure (HTTPS only) and should only be used when absolutely necessary for your application architecture.
|
|
64
|
+
|
|
65
|
+
>[!TIP]
|
|
66
|
+
>`WORKOS_COOKIE_DOMAIN` can be used to share WorkOS sessions between apps/domains. Note: The `WORKOS_COOKIE_PASSWORD` would need to be the same across apps/domains. Not needed for most use cases.
|
|
62
67
|
|
|
63
68
|
## Setup
|
|
64
69
|
|
|
@@ -417,6 +422,51 @@ const organizations = await workos.organizations.listOrganizations({
|
|
|
417
422
|
});
|
|
418
423
|
````
|
|
419
424
|
|
|
425
|
+
### Advanced: Custom authentication flows
|
|
426
|
+
|
|
427
|
+
While the standard authentication flow handles session management automatically, some use cases require manually creating and storing a session. This is useful for custom authentication flows like email verification or token exchange.
|
|
428
|
+
|
|
429
|
+
For these scenarios, you can use the `saveSession` function:
|
|
430
|
+
|
|
431
|
+
```typescript
|
|
432
|
+
import { saveSession } from '@workos-inc/authkit-nextjs';
|
|
433
|
+
import { getWorkOS } from '@workos-inc/authkit-nextjs';
|
|
434
|
+
|
|
435
|
+
// Example: Email verification flow
|
|
436
|
+
async function handleEmailVerification(req) {
|
|
437
|
+
const { code } = await req.json();
|
|
438
|
+
|
|
439
|
+
// Authenticate with the WorkOS API directly
|
|
440
|
+
const authResponse = await getWorkOS().userManagement.authenticateWithEmailVerification({
|
|
441
|
+
clientId: process.env.WORKOS_CLIENT_ID,
|
|
442
|
+
code,
|
|
443
|
+
});
|
|
444
|
+
|
|
445
|
+
// Save the session data to a cookie
|
|
446
|
+
await saveSession({
|
|
447
|
+
accessToken: authResponse.accessToken,
|
|
448
|
+
refreshToken: authResponse.refreshToken,
|
|
449
|
+
user: authResponse.user,
|
|
450
|
+
impersonator: authResponse.impersonator
|
|
451
|
+
}, req);
|
|
452
|
+
|
|
453
|
+
return Response.redirect('/dashboard');
|
|
454
|
+
}
|
|
455
|
+
```
|
|
456
|
+
|
|
457
|
+
>[!NOTE]
|
|
458
|
+
>This is an advanced API intended for specific integration scenarios, such as those users using self-hosted AuthKit. If you're using hosted AuthKit you should not need this.
|
|
459
|
+
|
|
460
|
+
The `saveSession` function accepts either a `NextRequest` object or a URL string as its second parameter.
|
|
461
|
+
|
|
462
|
+
```typescript
|
|
463
|
+
// With NextRequest
|
|
464
|
+
await saveSession(session, req);
|
|
465
|
+
|
|
466
|
+
// With URL string
|
|
467
|
+
await saveSession(session, 'https://example.com/callback');
|
|
468
|
+
```
|
|
469
|
+
|
|
420
470
|
### Debugging
|
|
421
471
|
|
|
422
472
|
To enable debug logs, initialize the middleware with the debug flag enabled.
|
package/dist/esm/actions.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
'use server';
|
|
2
|
-
import { signOut } from './auth.js';
|
|
2
|
+
import { signOut, switchToOrganization } from './auth.js';
|
|
3
3
|
import { refreshSession, withAuth } from './session.js';
|
|
4
4
|
import { getWorkOS } from './workos.js';
|
|
5
5
|
/**
|
|
@@ -33,4 +33,7 @@ export const getAuthAction = async (options) => {
|
|
|
33
33
|
export const refreshAuthAction = async ({ ensureSignedIn, organizationId, }) => {
|
|
34
34
|
return sanitize(await refreshSession({ ensureSignedIn, organizationId }));
|
|
35
35
|
};
|
|
36
|
+
export const switchToOrganizationAction = async (organizationId, options) => {
|
|
37
|
+
return sanitize(await switchToOrganization(organizationId, options));
|
|
38
|
+
};
|
|
36
39
|
//# sourceMappingURL=actions.js.map
|
package/dist/esm/actions.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actions.js","sourceRoot":"","sources":["../../src/actions.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"actions.js","sourceRoot":"","sources":["../../src/actions.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAE1D,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC;;;;;GAKG;AACH,SAAS,QAAQ,CAAkC,KAAQ;IACzD,6DAA6D;IAC7D,MAAM,EAAE,WAAW,EAAE,GAAG,SAAS,EAAE,GAAG,KAAK,CAAC;IAC5C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,IAAI,EAAE;IAC3C,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EAAE,EAAE,QAAQ,KAA4B,EAAE,EAAE,EAAE;IACpF,MAAM,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;AAC9B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EAAE,cAAsB,EAAE,EAAE;IACpE,OAAO,MAAM,SAAS,EAAE,CAAC,aAAa,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;AACzE,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,OAAsC,EAAE,EAAE;IAC5E,OAAO,QAAQ,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;AAC3C,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EAAE,EACtC,cAAc,EACd,cAAc,GAIf,EAAE,EAAE;IACH,OAAO,QAAQ,CAAC,MAAM,cAAc,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;AAC5E,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,0BAA0B,GAAG,KAAK,EAAE,cAAsB,EAAE,OAAqC,EAAE,EAAE;IAChH,OAAO,QAAQ,CAAC,MAAM,oBAAoB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC;AACvE,CAAC,CAAC"}
|
package/dist/esm/auth.js
CHANGED
|
@@ -1,15 +1,17 @@
|
|
|
1
1
|
'use server';
|
|
2
|
+
import { revalidatePath, revalidateTag } from 'next/cache';
|
|
3
|
+
import { cookies, headers } from 'next/headers';
|
|
4
|
+
import { redirect } from 'next/navigation';
|
|
5
|
+
import { WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
2
6
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
3
|
-
import {
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
async function getSignInUrl({ organizationId } = {}) {
|
|
7
|
-
return getAuthorizationUrl({ organizationId, screenHint: 'sign-in' });
|
|
7
|
+
import { refreshSession, terminateSession } from './session.js';
|
|
8
|
+
export async function getSignInUrl({ organizationId, loginHint, redirectUri, } = {}) {
|
|
9
|
+
return getAuthorizationUrl({ organizationId, screenHint: 'sign-in', loginHint, redirectUri });
|
|
8
10
|
}
|
|
9
|
-
async function getSignUpUrl() {
|
|
10
|
-
return getAuthorizationUrl({ screenHint: 'sign-up' });
|
|
11
|
+
export async function getSignUpUrl({ organizationId, loginHint, redirectUri, } = {}) {
|
|
12
|
+
return getAuthorizationUrl({ organizationId, screenHint: 'sign-up', loginHint, redirectUri });
|
|
11
13
|
}
|
|
12
|
-
async function signOut({ returnTo } = {}) {
|
|
14
|
+
export async function signOut({ returnTo } = {}) {
|
|
13
15
|
const cookie = {
|
|
14
16
|
name: WORKOS_COOKIE_NAME || 'wos-session',
|
|
15
17
|
};
|
|
@@ -19,5 +21,45 @@ async function signOut({ returnTo } = {}) {
|
|
|
19
21
|
nextCookies.delete(cookie);
|
|
20
22
|
await terminateSession({ returnTo });
|
|
21
23
|
}
|
|
22
|
-
export
|
|
24
|
+
export async function switchToOrganization(organizationId, options = {}) {
|
|
25
|
+
var _a;
|
|
26
|
+
const { returnTo, revalidationStrategy = 'path', revalidationTags = [] } = options;
|
|
27
|
+
const headersList = await headers();
|
|
28
|
+
let result;
|
|
29
|
+
// istanbul ignore next
|
|
30
|
+
const pathname = returnTo || headersList.get('x-url') || '/';
|
|
31
|
+
try {
|
|
32
|
+
result = await refreshSession({ organizationId, ensureSignedIn: true });
|
|
33
|
+
}
|
|
34
|
+
catch (
|
|
35
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
36
|
+
error) {
|
|
37
|
+
const { cause } = error;
|
|
38
|
+
/* istanbul ignore next */
|
|
39
|
+
if ((_a = cause === null || cause === void 0 ? void 0 : cause.rawData) === null || _a === void 0 ? void 0 : _a.authkit_redirect_url) {
|
|
40
|
+
redirect(cause.rawData.authkit_redirect_url);
|
|
41
|
+
}
|
|
42
|
+
else {
|
|
43
|
+
if ((cause === null || cause === void 0 ? void 0 : cause.error) === 'sso_required' || (cause === null || cause === void 0 ? void 0 : cause.error) === 'mfa_enrollment') {
|
|
44
|
+
const url = await getAuthorizationUrl({ organizationId });
|
|
45
|
+
return redirect(url);
|
|
46
|
+
}
|
|
47
|
+
throw error;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
switch (revalidationStrategy) {
|
|
51
|
+
case 'path':
|
|
52
|
+
revalidatePath(pathname);
|
|
53
|
+
break;
|
|
54
|
+
case 'tag':
|
|
55
|
+
for (const tag of revalidationTags) {
|
|
56
|
+
revalidateTag(tag);
|
|
57
|
+
}
|
|
58
|
+
break;
|
|
59
|
+
}
|
|
60
|
+
if (revalidationStrategy !== 'none') {
|
|
61
|
+
redirect(pathname);
|
|
62
|
+
}
|
|
63
|
+
return result;
|
|
64
|
+
}
|
|
23
65
|
//# sourceMappingURL=auth.js.map
|
package/dist/esm/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhE,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EACjC,cAAc,EACd,SAAS,EACT,WAAW,MAC8D,EAAE;IAC3E,OAAO,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;AAChG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EACjC,cAAc,EACd,SAAS,EACT,WAAW,MAC8D,EAAE;IAC3E,OAAO,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;AAChG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,QAAQ,KAA4B,EAAE;IACpE,MAAM,MAAM,GAAsC;QAChD,IAAI,EAAE,kBAAkB,IAAI,aAAa;KAC1C,CAAC;IACF,IAAI,oBAAoB;QAAE,MAAM,CAAC,MAAM,GAAG,oBAAoB,CAAC;IAE/D,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IAEpC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3B,MAAM,gBAAgB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,cAAsB,EACtB,UAAuC,EAAE;;IAEzC,MAAM,EAAE,QAAQ,EAAE,oBAAoB,GAAG,MAAM,EAAE,gBAAgB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IACnF,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,IAAI,MAAgB,CAAC;IACrB,uBAAuB;IACvB,MAAM,QAAQ,GAAG,QAAQ,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,cAAc,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC;IAAC;IACA,8DAA8D;IAC9D,KAAU,EACV,CAAC;QACD,MAAM,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC;QACxB,0BAA0B;QAC1B,IAAI,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,0CAAE,oBAAoB,EAAE,CAAC;YACzC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,MAAK,cAAc,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,MAAK,gBAAgB,EAAE,CAAC;gBACzE,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;gBAC1D,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,QAAQ,oBAAoB,EAAE,CAAC;QAC7B,KAAK,MAAM;YACT,cAAc,CAAC,QAAQ,CAAC,CAAC;YACzB,MAAM;QACR,KAAK,KAAK;YACR,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;gBACnC,aAAa,CAAC,GAAG,CAAC,CAAC;YACrB,CAAC;YACD,MAAM;IACV,CAAC;IACD,IAAI,oBAAoB,KAAK,MAAM,EAAE,CAAC;QACpC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1,7 +1,5 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
4
|
-
import { encryptSession } from './session.js';
|
|
1
|
+
import { WORKOS_CLIENT_ID } from './env-variables.js';
|
|
2
|
+
import { saveSession } from './session.js';
|
|
5
3
|
import { errorResponseWithFallback, redirectWithFallback } from './utils.js';
|
|
6
4
|
import { getWorkOS } from './workos.js';
|
|
7
5
|
export function handleAuth(options = {}) {
|
|
@@ -54,12 +52,7 @@ export function handleAuth(options = {}) {
|
|
|
54
52
|
if (onSuccess) {
|
|
55
53
|
await onSuccess({ accessToken, refreshToken, user, impersonator, oauthTokens });
|
|
56
54
|
}
|
|
57
|
-
|
|
58
|
-
// Alternatively you could persist the refresh token in a backend database
|
|
59
|
-
const session = await encryptSession({ accessToken, refreshToken, user, impersonator });
|
|
60
|
-
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
61
|
-
const nextCookies = await cookies();
|
|
62
|
-
nextCookies.set(cookieName, session, getCookieOptions(request.url));
|
|
55
|
+
await saveSession({ accessToken, refreshToken, user, impersonator }, request);
|
|
63
56
|
return response;
|
|
64
57
|
}
|
|
65
58
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC7E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,UAAU,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAE5F,iDAAiD;IACjD,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,oBAAoB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,cAAc,GAAG,KAAK,IAAI,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC;QAE/F,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,+EAA+E;gBAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,GAClE,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,oBAAoB,CAAC;oBACpD,QAAQ,EAAE,gBAAgB;oBAC1B,IAAI;iBACL,CAAC,CAAC;gBAEL,4DAA4D;gBAC5D,0EAA0E;gBAC1E,4DAA4D;gBAC5D,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAEjE,iBAAiB;gBACjB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEjC,uDAAuD;gBACvD,cAAc,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,oBAAoB,CAAC;gBAExD,gDAAgD;gBAChD,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,qBAAqB,CAAC,CAAC;oBAC9D,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;oBAE/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;wBAC/C,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,QAAQ,GAAG,cAAc,CAAC;gBAChC,CAAC;gBAED,mEAAmE;gBACnE,iCAAiC;gBACjC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAEtD,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;oBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAEjF,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,SAAS,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;gBAClF,CAAC;gBAED,MAAM,WAAW,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,OAAO,CAAC,CAAC;gBAE9E,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG;oBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;gBAEF,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAExB,OAAO,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAED,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC,CAAC;IAEF,SAAS,aAAa,CAAC,OAAoB,EAAE,KAAe;QAC1D,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,OAAO,yBAAyB,CAAC;YAC/B,KAAK,EAAE;gBACL,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,8FAA8F;aAC5G;SACF,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
'use client';
|
|
2
2
|
import React, { createContext, useContext, useEffect, useState } from 'react';
|
|
3
|
-
import { checkSessionAction, getAuthAction, handleSignOutAction, refreshAuthAction } from '../actions.js';
|
|
3
|
+
import { checkSessionAction, getAuthAction, handleSignOutAction, refreshAuthAction, switchToOrganizationAction, } from '../actions.js';
|
|
4
4
|
const AuthContext = createContext(undefined);
|
|
5
5
|
export const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
6
6
|
const [user, setUser] = useState(null);
|
|
@@ -12,6 +12,7 @@ export const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
|
12
12
|
const [impersonator, setImpersonator] = useState(undefined);
|
|
13
13
|
const [loading, setLoading] = useState(true);
|
|
14
14
|
const getAuth = async ({ ensureSignedIn = false } = {}) => {
|
|
15
|
+
setLoading(true);
|
|
15
16
|
try {
|
|
16
17
|
const auth = await getAuthAction({ ensureSignedIn });
|
|
17
18
|
setUser(auth.user);
|
|
@@ -35,6 +36,17 @@ export const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
|
35
36
|
setLoading(false);
|
|
36
37
|
}
|
|
37
38
|
};
|
|
39
|
+
const switchToOrganization = async (organizationId, options = {}) => {
|
|
40
|
+
const opts = { revalidationStrategy: 'none', ...options };
|
|
41
|
+
const result = await switchToOrganizationAction(organizationId, {
|
|
42
|
+
revalidationStrategy: 'none',
|
|
43
|
+
...options,
|
|
44
|
+
});
|
|
45
|
+
if (opts.revalidationStrategy === 'none') {
|
|
46
|
+
await getAuth({ ensureSignedIn: true });
|
|
47
|
+
}
|
|
48
|
+
return result;
|
|
49
|
+
};
|
|
38
50
|
const refreshAuth = async ({ ensureSignedIn = false, organizationId, } = {}) => {
|
|
39
51
|
try {
|
|
40
52
|
setLoading(true);
|
|
@@ -115,6 +127,7 @@ export const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
|
115
127
|
getAuth,
|
|
116
128
|
refreshAuth,
|
|
117
129
|
signOut,
|
|
130
|
+
switchToOrganization,
|
|
118
131
|
} }, children));
|
|
119
132
|
};
|
|
120
133
|
export function useAuth({ ensureSignedIn = false } = {}) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-provider.js","sourceRoot":"","sources":["../../../src/components/authkit-provider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAa,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACzF,OAAO,
|
|
1
|
+
{"version":3,"file":"authkit-provider.js","sourceRoot":"","sources":["../../../src/components/authkit-provider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAa,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACzF,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,iBAAiB,EACjB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AAsBvB,MAAM,WAAW,GAAG,aAAa,CAA8B,SAAS,CAAC,CAAC;AAW1E,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,gBAAgB,EAAwB,EAAE,EAAE;IACtF,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAc,IAAI,CAAC,CAAC;IACpD,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAqB,SAAS,CAAC,CAAC;IAC1E,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAqB,SAAS,CAAC,CAAC;IACpF,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAqB,SAAS,CAAC,CAAC;IAChE,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAuB,SAAS,CAAC,CAAC;IAChF,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAuB,SAAS,CAAC,CAAC;IAClF,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAA2B,SAAS,CAAC,CAAC;IACtF,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE7C,MAAM,OAAO,GAAG,KAAK,EAAE,EAAE,cAAc,GAAG,KAAK,KAAmC,EAAE,EAAE,EAAE;QACtF,UAAU,CAAC,IAAI,CAAC,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,CAAC;YACd,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC7B,OAAO,CAAC,SAAS,CAAC,CAAC;YACnB,cAAc,CAAC,SAAS,CAAC,CAAC;YAC1B,eAAe,CAAC,SAAS,CAAC,CAAC;YAC3B,eAAe,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,oBAAoB,GAAG,KAAK,EAAE,cAAsB,EAAE,UAAuC,EAAE,EAAE,EAAE;QACvG,MAAM,IAAI,GAAG,EAAE,oBAAoB,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAM,0BAA0B,CAAC,cAAc,EAAE;YAC9D,oBAAoB,EAAE,MAAM;YAC5B,GAAG,OAAO;SACX,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,oBAAoB,KAAK,MAAM,EAAE,CAAC;YACzC,MAAM,OAAO,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,KAAK,EAAE,EACzB,cAAc,GAAG,KAAK,EACtB,cAAc,MAC2C,EAAE,EAAE,EAAE;QAC/D,IAAI,CAAC;YACH,UAAU,CAAC,IAAI,CAAC,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,CAAC,CAAC;YAEzE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACtF,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,OAAO,GAAG,KAAK,EAAE,EAAE,QAAQ,KAA4B,EAAE,EAAE,EAAE;QACjE,MAAM,mBAAmB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1C,CAAC,CAAC;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAC;QAEV,2DAA2D;QAC3D,IAAI,gBAAgB,KAAK,KAAK,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QAED,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,sBAAsB,GAAG,KAAK,IAAI,EAAE;YACxC,IAAI,uBAAuB,EAAE,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,oGAAoG;YACpG,qFAAqF;YACrF,oGAAoG;YACpG,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBAC3C,uBAAuB,GAAG,IAAI,CAAC;gBAE/B,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,kBAAkB,EAAE,CAAC;oBAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;oBACrC,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,wEAAwE;oBACxE,+EAA+E;oBAC/E,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;wBACxE,IAAI,gBAAgB,EAAE,CAAC;4BACrB,gBAAgB,EAAE,CAAC;wBACrB,CAAC;6BAAM,CAAC;4BACN,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;wBAC3B,CAAC;oBACH,CAAC;gBACH,CAAC;wBAAS,CAAC;oBACT,uBAAuB,GAAG,KAAK,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACpE,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAEzD,OAAO,GAAG,EAAE;YACV,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;YAC5D,MAAM,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACzE,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAEvB,OAAO,CACL,oBAAC,WAAW,CAAC,QAAQ,IACnB,KAAK,EAAE;YACL,IAAI;YACJ,SAAS;YACT,cAAc;YACd,IAAI;YACJ,WAAW;YACX,YAAY;YACZ,YAAY;YACZ,OAAO;YACP,OAAO;YACP,WAAW;YACX,OAAO;YACP,oBAAoB;SACrB,IAEA,QAAQ,CACY,CACxB,CAAC;AACJ,CAAC,CAAC;AAMF,MAAM,UAAU,OAAO,CAAC,EAAE,cAAc,GAAG,KAAK,KAAmC,EAAE;IACnF,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IAExC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,IAAI,cAAc,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACnE,OAAO,CAAC,OAAO,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,EAAE,CAAC,cAAc,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,CAAC,CAAC;IAExE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/esm/cookie.js
CHANGED
|
@@ -1,14 +1,22 @@
|
|
|
1
|
-
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
|
|
1
|
+
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_SAMESITE, } from './env-variables.js';
|
|
2
|
+
function assertValidSamSite(sameSite) {
|
|
3
|
+
if (!['lax', 'strict', 'none'].includes(sameSite.toLowerCase())) {
|
|
4
|
+
throw new Error(`Invalid SameSite value: ${sameSite}`);
|
|
5
|
+
}
|
|
6
|
+
}
|
|
2
7
|
export function getCookieOptions(redirectUri, asString = false, expired = false) {
|
|
3
8
|
const url = new URL(redirectUri || WORKOS_REDIRECT_URI);
|
|
9
|
+
const sameSite = WORKOS_COOKIE_SAMESITE || 'lax';
|
|
10
|
+
assertValidSamSite(sameSite);
|
|
11
|
+
const secure = sameSite.toLowerCase() === 'none' ? true : url.protocol === 'https:';
|
|
4
12
|
const maxAge = expired ? 0 : WORKOS_COOKIE_MAX_AGE ? parseInt(WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400;
|
|
5
13
|
return asString
|
|
6
|
-
? `Path=/; HttpOnly; Secure=${
|
|
14
|
+
? `Path=/; HttpOnly; Secure=${secure}; SameSite="${sameSite}"; Max-Age=${maxAge}; Domain=${WORKOS_COOKIE_DOMAIN || ''}`
|
|
7
15
|
: {
|
|
8
16
|
path: '/',
|
|
9
17
|
httpOnly: true,
|
|
10
|
-
secure
|
|
11
|
-
sameSite
|
|
18
|
+
secure,
|
|
19
|
+
sameSite,
|
|
12
20
|
// Defaults to 400 days, the maximum allowed by Chrome
|
|
13
21
|
// It's fine to have a long cookie expiry date as the access/refresh tokens
|
|
14
22
|
// act as the actual time-limited aspects of the session.
|
package/dist/esm/cookie.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAK5B,SAAS,kBAAkB,CAAC,QAAgB;IAC1C,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAeD,MAAM,UAAU,gBAAgB,CAC9B,WAA2B,EAC3B,WAAoB,KAAK,EACzB,UAAmB,KAAK;IAExB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,IAAI,mBAAmB,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,sBAAsB,IAAI,KAAK,CAAC;IACjD,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC7B,MAAM,MAAM,GAAG,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC;IAEpF,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,QAAQ,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;IAE9G,OAAO,QAAQ;QACb,CAAC,CAAC,4BAA4B,MAAM,eAAe,QAAQ,cAAc,MAAM,YAAY,oBAAoB,IAAI,EAAE,EAAE;QACvH,CAAC,CAAC;YACE,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;YACd,MAAM;YACN,QAAQ;YACR,sDAAsD;YACtD,2EAA2E;YAC3E,yDAAyD;YACzD,MAAM;YACN,MAAM,EAAE,oBAAoB,IAAI,EAAE;SACnC,CAAC;AACR,CAAC"}
|
|
@@ -10,10 +10,11 @@ const WORKOS_API_PORT = getEnvVariable('WORKOS_API_PORT');
|
|
|
10
10
|
const WORKOS_COOKIE_DOMAIN = getEnvVariable('WORKOS_COOKIE_DOMAIN');
|
|
11
11
|
const WORKOS_COOKIE_MAX_AGE = getEnvVariable('WORKOS_COOKIE_MAX_AGE');
|
|
12
12
|
const WORKOS_COOKIE_NAME = getEnvVariable('WORKOS_COOKIE_NAME');
|
|
13
|
+
const WORKOS_COOKIE_SAMESITE = getEnvVariable('WORKOS_COOKIE_SAMESITE');
|
|
13
14
|
// Required env variables
|
|
14
15
|
const WORKOS_API_KEY = (_a = getEnvVariable('WORKOS_API_KEY')) !== null && _a !== void 0 ? _a : '';
|
|
15
16
|
const WORKOS_CLIENT_ID = (_b = getEnvVariable('WORKOS_CLIENT_ID')) !== null && _b !== void 0 ? _b : '';
|
|
16
17
|
const WORKOS_COOKIE_PASSWORD = (_c = getEnvVariable('WORKOS_COOKIE_PASSWORD')) !== null && _c !== void 0 ? _c : '';
|
|
17
18
|
const WORKOS_REDIRECT_URI = (_d = process.env.NEXT_PUBLIC_WORKOS_REDIRECT_URI) !== null && _d !== void 0 ? _d : '';
|
|
18
|
-
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, };
|
|
19
|
+
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, WORKOS_COOKIE_SAMESITE, };
|
|
19
20
|
//# sourceMappingURL=env-variables.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":"AAAA,0BAA0B;;AAE1B,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,yBAAyB;AACzB,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAClE,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;AAC5D,MAAM,eAAe,GAAG,cAAc,CAAC,iBAAiB,CAAC,CAAC;AAC1D,MAAM,oBAAoB,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;AACpE,MAAM,qBAAqB,GAAG,cAAc,CAAC,uBAAuB,CAAC,CAAC;AACtE,MAAM,kBAAkB,GAAG,cAAc,CAAC,oBAAoB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":"AAAA,0BAA0B;;AAE1B,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,yBAAyB;AACzB,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAClE,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;AAC5D,MAAM,eAAe,GAAG,cAAc,CAAC,iBAAiB,CAAC,CAAC;AAC1D,MAAM,oBAAoB,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;AACpE,MAAM,qBAAqB,GAAG,cAAc,CAAC,uBAAuB,CAAC,CAAC;AACtE,MAAM,kBAAkB,GAAG,cAAc,CAAC,oBAAoB,CAAC,CAAC;AAChE,MAAM,sBAAsB,GAAG,cAAc,CAAC,wBAAwB,CAAC,CAAC;AAExE,yBAAyB;AACzB,MAAM,cAAc,GAAG,MAAA,cAAc,CAAC,gBAAgB,CAAC,mCAAI,EAAE,CAAC;AAC9D,MAAM,gBAAgB,GAAG,MAAA,cAAc,CAAC,kBAAkB,CAAC,mCAAI,EAAE,CAAC;AAClE,MAAM,sBAAsB,GAAG,MAAA,cAAc,CAAC,wBAAwB,CAAC,mCAAI,EAAE,CAAC;AAC9E,MAAM,mBAAmB,GAAG,MAAA,OAAO,CAAC,GAAG,CAAC,+BAA+B,mCAAI,EAAE,CAAC;AAE9E,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,GACvB,CAAC"}
|
|
@@ -3,7 +3,7 @@ import { WORKOS_CLIENT_ID, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
|
3
3
|
import { headers } from 'next/headers';
|
|
4
4
|
async function getAuthorizationUrl(options = {}) {
|
|
5
5
|
const headersList = await headers();
|
|
6
|
-
const { returnPathname, screenHint, organizationId, redirectUri = headersList.get('x-redirect-uri') } = options;
|
|
6
|
+
const { returnPathname, screenHint, organizationId, redirectUri = headersList.get('x-redirect-uri'), loginHint, } = options;
|
|
7
7
|
return getWorkOS().userManagement.getAuthorizationUrl({
|
|
8
8
|
provider: 'authkit',
|
|
9
9
|
clientId: WORKOS_CLIENT_ID,
|
|
@@ -11,6 +11,7 @@ async function getAuthorizationUrl(options = {}) {
|
|
|
11
11
|
state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
|
|
12
12
|
screenHint,
|
|
13
13
|
organizationId,
|
|
14
|
+
loginHint,
|
|
14
15
|
});
|
|
15
16
|
}
|
|
16
17
|
export { getAuthorizationUrl };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE3E,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,
|
|
1
|
+
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE3E,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,EACJ,cAAc,EACd,UAAU,EACV,cAAc,EACd,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAC/C,SAAS,GACV,GAAG,OAAO,CAAC;IAEZ,OAAO,SAAS,EAAE,CAAC,cAAc,CAAC,mBAAmB,CAAC;QACpD,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,gBAAgB;QAC1B,WAAW,EAAE,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,mBAAmB;QAC/C,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;QAC5E,UAAU;QACV,cAAc;QACd,SAAS;KACV,CAAC,CAAC;AACL,CAAC;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
|
package/dist/esm/index.js
CHANGED
|
@@ -1,12 +1,8 @@
|
|
|
1
|
+
import { getSignInUrl, getSignUpUrl, signOut, switchToOrganization } from './auth.js';
|
|
1
2
|
import { handleAuth } from './authkit-callback-route.js';
|
|
2
3
|
import { authkit, authkitMiddleware } from './middleware.js';
|
|
3
|
-
import {
|
|
4
|
-
import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
|
|
4
|
+
import { refreshSession, saveSession, withAuth } from './session.js';
|
|
5
5
|
import { getWorkOS } from './workos.js';
|
|
6
6
|
export * from './interfaces.js';
|
|
7
|
-
export { getWorkOS, handleAuth,
|
|
8
|
-
//
|
|
9
|
-
authkitMiddleware, authkit,
|
|
10
|
-
//
|
|
11
|
-
getSignInUrl, getSignUpUrl, withAuth, refreshSession, signOut, };
|
|
7
|
+
export { authkit, authkitMiddleware, getSignInUrl, getSignUpUrl, getWorkOS, handleAuth, refreshSession, saveSession, signOut, switchToOrganization, withAuth, };
|
|
12
8
|
//# sourceMappingURL=index.js.map
|
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,cAAc,iBAAiB,CAAC;AAEhC,OAAO,EACL,OAAO,EACP,iBAAiB,EACjB,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,UAAU,EACV,cAAc,EACd,WAAW,EACX,OAAO,EACP,oBAAoB,EACpB,QAAQ,GACT,CAAC"}
|
package/dist/esm/session.js
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
'use server';
|
|
2
|
-
import {
|
|
2
|
+
import { sealData, unsealData } from 'iron-session';
|
|
3
|
+
import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';
|
|
3
4
|
import { cookies, headers } from 'next/headers';
|
|
5
|
+
import { redirect } from 'next/navigation';
|
|
4
6
|
import { NextResponse } from 'next/server';
|
|
5
|
-
import { jwtVerify, createRemoteJWKSet, decodeJwt } from 'jose';
|
|
6
|
-
import { sealData, unsealData } from 'iron-session';
|
|
7
7
|
import { getCookieOptions } from './cookie.js';
|
|
8
|
-
import {
|
|
9
|
-
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD, WORKOS_COOKIE_NAME, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
8
|
+
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
10
9
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
10
|
+
import { getWorkOS } from './workos.js';
|
|
11
11
|
import { parse, tokensToRegexp } from 'path-to-regexp';
|
|
12
12
|
import { lazy, redirectWithFallback } from './utils.js';
|
|
13
13
|
const sessionHeaderName = 'x-workos-session';
|
|
@@ -82,6 +82,11 @@ async function updateSession(request, options = { debug: false }) {
|
|
|
82
82
|
// This is because on hard navigations we don't have access to `next-url` but need to get the current
|
|
83
83
|
// `pathname` to be able to return the users where they came from before sign-in
|
|
84
84
|
newRequestHeaders.set('x-url', request.url);
|
|
85
|
+
if (options.redirectUri) {
|
|
86
|
+
// Store the redirect URI in a custom header, so we always have access to it and so that subsequent
|
|
87
|
+
// calls to `getAuthorizationUrl` will use the same redirect URI
|
|
88
|
+
newRequestHeaders.set('x-redirect-uri', options.redirectUri);
|
|
89
|
+
}
|
|
85
90
|
newRequestHeaders.delete(sessionHeaderName);
|
|
86
91
|
if (!session) {
|
|
87
92
|
if (options.debug) {
|
|
@@ -170,7 +175,6 @@ async function updateSession(request, options = { debug: false }) {
|
|
|
170
175
|
};
|
|
171
176
|
}
|
|
172
177
|
}
|
|
173
|
-
/* istanbul ignore next */
|
|
174
178
|
async function refreshSession({ organizationId: nextOrganizationId, ensureSignedIn = false, } = {}) {
|
|
175
179
|
const session = await getSessionFromCookie();
|
|
176
180
|
if (!session) {
|
|
@@ -193,19 +197,10 @@ async function refreshSession({ organizationId: nextOrganizationId, ensureSigned
|
|
|
193
197
|
cause: error,
|
|
194
198
|
});
|
|
195
199
|
}
|
|
196
|
-
const { accessToken, refreshToken, user, impersonator } = refreshResult;
|
|
197
|
-
// Encrypt session with new access and refresh tokens
|
|
198
|
-
const encryptedSession = await encryptSession({
|
|
199
|
-
accessToken,
|
|
200
|
-
refreshToken,
|
|
201
|
-
user,
|
|
202
|
-
impersonator,
|
|
203
|
-
});
|
|
204
|
-
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
205
200
|
const headersList = await headers();
|
|
206
201
|
const url = headersList.get('x-url');
|
|
207
|
-
|
|
208
|
-
|
|
202
|
+
await saveSession(refreshResult, url || WORKOS_REDIRECT_URI);
|
|
203
|
+
const { accessToken, user, impersonator } = refreshResult;
|
|
209
204
|
const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, } = decodeJwt(accessToken);
|
|
210
205
|
return {
|
|
211
206
|
sessionId,
|
|
@@ -325,5 +320,40 @@ function getScreenHint(signUpPaths, pathname) {
|
|
|
325
320
|
});
|
|
326
321
|
return screenHintPaths.length > 0 ? 'sign-up' : 'sign-in';
|
|
327
322
|
}
|
|
328
|
-
|
|
323
|
+
/**
|
|
324
|
+
* Saves a WorkOS session to a cookie for use with AuthKit.
|
|
325
|
+
*
|
|
326
|
+
* This function is intended for advanced use cases where you need to manually manage sessions,
|
|
327
|
+
* such as custom authentication flows (email verification, etc.) that don't use
|
|
328
|
+
* the standard AuthKit authentication flow.
|
|
329
|
+
*
|
|
330
|
+
* @param sessionOrResponse The WorkOS session or AuthenticationResponse containing access token, refresh token, and user information.
|
|
331
|
+
* @param request Either a NextRequest object or a URL string, used to determine cookie settings.
|
|
332
|
+
*
|
|
333
|
+
* @example
|
|
334
|
+
* // With a NextRequest object
|
|
335
|
+
* import { saveSession } from '@workos-inc/authkit-nextjs';
|
|
336
|
+
*
|
|
337
|
+
* async function handleEmailVerification(req: NextRequest) {
|
|
338
|
+
* const { code } = await req.json();
|
|
339
|
+
* const authResponse = await workos.userManagement.authenticateWithEmailVerification({
|
|
340
|
+
* clientId: process.env.WORKOS_CLIENT_ID,
|
|
341
|
+
* code,
|
|
342
|
+
* });
|
|
343
|
+
*
|
|
344
|
+
* await saveSession(authResponse, req);
|
|
345
|
+
* }
|
|
346
|
+
*
|
|
347
|
+
* @example
|
|
348
|
+
* // With a URL string
|
|
349
|
+
* await saveSession(authResponse, 'https://example.com/callback');
|
|
350
|
+
*/
|
|
351
|
+
export async function saveSession(sessionOrResponse, request) {
|
|
352
|
+
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
353
|
+
const encryptedSession = await encryptSession(sessionOrResponse);
|
|
354
|
+
const nextCookies = await cookies();
|
|
355
|
+
const url = typeof request === 'string' ? request : request.url;
|
|
356
|
+
nextCookies.set(cookieName, encryptedSession, getCookieOptions(url));
|
|
357
|
+
}
|
|
358
|
+
export { encryptSession, refreshSession, terminateSession, updateSession, updateSessionMiddleware, withAuth };
|
|
329
359
|
//# sourceMappingURL=session.js.map
|
package/dist/esm/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAYjE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAExD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAEhD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9G,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,sBAAsB;QAChC,GAAG,EAAE,CAAC;KACP,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB,EACnB,WAAqB;IAErB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC;IAER,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE;QAC1E,KAAK;QACL,WAAW;QACX,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;KACjE,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,oBAAoB,CAAC,gBAA0B,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC;QACvB,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,UAA0B,EAAE,KAAK,EAAE,KAAK,EAAE;IAE1C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEpD,0GAA0G;IAC1G,uBAAuB;IACvB,6EAA6E;IAC7E,MAAM,iBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;IAExC,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;gBACvD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAEhD,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc;gBACd,IAAI;gBACJ,WAAW;gBACX,YAAY;gBACZ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACT,oBAAoB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,wCAAwC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GACrD,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5D,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,6BAA6B;SAC9C,CAAC,CAAC;QAEL,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QACD,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,UAAU,IAAI,gBAAgB,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;QAExC,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI;gBACJ,cAAc;gBACd,IAAI;gBACJ,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,WAAW;aACZ;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,0GAA0G;QAC1G,MAAM,YAAY,GAAG,GAAG,UAAU,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1H,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAErD,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;aAC/C,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAOD,0BAA0B;AAC1B,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,IAAI,aAAa,CAAC;IAElB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5E,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;SACpE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE;YACtG,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IACxE,qDAAqD;IACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;QAC5C,WAAW;QACX,YAAY;QACZ,IAAI;QACJ,YAAY;KACb,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAkB,CAAC,CAAC;IAEtF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAE5C,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE9C,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,OAAsC;IAC5D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,EAAE,CAAC;YAC5B,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhD,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,EAAE,QAAQ,KAA4B,EAAE;IACtE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,QAAQ,EAAE,CAAC;IACvC,IAAI,SAAS,EAAE,CAAC;QACd,QAAQ,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,GAAG,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,OAAqB;IACvD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,IAAI,MAAM,CAAC;IAEX,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,SAAS,iLAAiL,CACnO,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,SAAS,aAAa,CAAC,WAAiC,EAAE,QAAgB;IACxE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,eAAe,GAAa,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChE,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5D,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,cAAc,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,aAAa,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAChE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAUjE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAExD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAEhD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9G,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,sBAAsB;QAChC,GAAG,EAAE,CAAC;KACP,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB,EACnB,WAAqB;IAErB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC;IAER,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE;QAC1E,KAAK;QACL,WAAW;QACX,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;KACjE,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,oBAAoB,CAAC,gBAA0B,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC;QACvB,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,UAA0B,EAAE,KAAK,EAAE,KAAK,EAAE;IAE1C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEpD,0GAA0G;IAC1G,uBAAuB;IACvB,6EAA6E;IAC7E,MAAM,iBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;IAExC,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,mGAAmG;QACnG,gEAAgE;QAChE,iBAAiB,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/D,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;gBACvD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAEhD,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc;gBACd,IAAI;gBACJ,WAAW;gBACX,YAAY;gBACZ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACT,oBAAoB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,wCAAwC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GACrD,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5D,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,6BAA6B;SAC9C,CAAC,CAAC;QAEL,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QACD,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,UAAU,IAAI,gBAAgB,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;QAExC,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI;gBACJ,cAAc;gBACd,IAAI;gBACJ,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,WAAW;aACZ;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,0GAA0G;QAC1G,MAAM,YAAY,GAAG,GAAG,UAAU,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1H,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAErD,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;aAC/C,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAOD,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,IAAI,aAAa,CAAC;IAElB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5E,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;SACpE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE;YACtG,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,CAAC,aAAa,EAAE,GAAG,IAAI,mBAAmB,CAAC,CAAC;IAE7D,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IAE1D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAE5C,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE9C,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,OAAsC;IAC5D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,EAAE,CAAC;YAC5B,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhD,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,EAAE,QAAQ,KAA4B,EAAE;IACtE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,QAAQ,EAAE,CAAC;IACvC,IAAI,SAAS,EAAE,CAAC;QACd,QAAQ,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,GAAG,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,OAAqB;IACvD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,IAAI,MAAM,CAAC;IAEX,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,SAAS,iLAAiL,CACnO,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,SAAS,aAAa,CAAC,WAAiC,EAAE,QAAgB;IACxE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,eAAe,GAAa,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChE,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,iBAAmD,EACnD,OAA6B;IAE7B,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,iBAAiB,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChE,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,gBAAgB,EAAE,aAAa,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { NoUserInfo, UserInfo } from './interfaces.js';
|
|
1
|
+
import { NoUserInfo, UserInfo, SwitchToOrganizationOptions } from './interfaces.js';
|
|
2
2
|
/**
|
|
3
3
|
* This action is only accessible to authenticated users,
|
|
4
4
|
* there is no need to check the session here as the middleware will
|
|
@@ -16,3 +16,4 @@ export declare const refreshAuthAction: ({ ensureSignedIn, organizationId, }: {
|
|
|
16
16
|
ensureSignedIn?: boolean | undefined;
|
|
17
17
|
organizationId?: string | undefined;
|
|
18
18
|
}) => Promise<Omit<UserInfo | NoUserInfo, "accessToken">>;
|
|
19
|
+
export declare const switchToOrganizationAction: (organizationId: string, options?: SwitchToOrganizationOptions) => Promise<Omit<UserInfo, "accessToken">>;
|
package/dist/esm/types/auth.d.ts
CHANGED
|
@@ -1,8 +1,15 @@
|
|
|
1
|
-
|
|
1
|
+
import { SwitchToOrganizationOptions, UserInfo } from './interfaces.js';
|
|
2
|
+
export declare function getSignInUrl({ organizationId, loginHint, redirectUri, }?: {
|
|
2
3
|
organizationId?: string;
|
|
4
|
+
loginHint?: string;
|
|
5
|
+
redirectUri?: string;
|
|
3
6
|
}): Promise<string>;
|
|
4
|
-
declare function getSignUpUrl(
|
|
5
|
-
|
|
7
|
+
export declare function getSignUpUrl({ organizationId, loginHint, redirectUri, }?: {
|
|
8
|
+
organizationId?: string;
|
|
9
|
+
loginHint?: string;
|
|
10
|
+
redirectUri?: string;
|
|
11
|
+
}): Promise<string>;
|
|
12
|
+
export declare function signOut({ returnTo }?: {
|
|
6
13
|
returnTo?: string;
|
|
7
14
|
}): Promise<void>;
|
|
8
|
-
export
|
|
15
|
+
export declare function switchToOrganization(organizationId: string, options?: SwitchToOrganizationOptions): Promise<UserInfo>;
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import React, { ReactNode } from 'react';
|
|
2
2
|
import type { Impersonator, User } from '@workos-inc/node';
|
|
3
|
+
import type { UserInfo, SwitchToOrganizationOptions } from '../interfaces.js';
|
|
3
4
|
type AuthContextType = {
|
|
4
5
|
user: User | null;
|
|
5
6
|
sessionId: string | undefined;
|
|
@@ -21,6 +22,9 @@ type AuthContextType = {
|
|
|
21
22
|
signOut: (options?: {
|
|
22
23
|
returnTo?: string;
|
|
23
24
|
}) => Promise<void>;
|
|
25
|
+
switchToOrganization: (organizationId: string, options?: SwitchToOrganizationOptions) => Promise<Omit<UserInfo, 'accessToken'> | {
|
|
26
|
+
error: string;
|
|
27
|
+
}>;
|
|
24
28
|
};
|
|
25
29
|
interface AuthKitProviderProps {
|
|
26
30
|
children: ReactNode;
|
|
@@ -4,8 +4,9 @@ declare const WORKOS_API_PORT: string | undefined;
|
|
|
4
4
|
declare const WORKOS_COOKIE_DOMAIN: string | undefined;
|
|
5
5
|
declare const WORKOS_COOKIE_MAX_AGE: string | undefined;
|
|
6
6
|
declare const WORKOS_COOKIE_NAME: string | undefined;
|
|
7
|
+
declare const WORKOS_COOKIE_SAMESITE: string | undefined;
|
|
7
8
|
declare const WORKOS_API_KEY: string;
|
|
8
9
|
declare const WORKOS_CLIENT_ID: string;
|
|
9
10
|
declare const WORKOS_COOKIE_PASSWORD: string;
|
|
10
11
|
declare const WORKOS_REDIRECT_URI: string;
|
|
11
|
-
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, };
|
|
12
|
+
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, WORKOS_COOKIE_SAMESITE, };
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
+
import { getSignInUrl, getSignUpUrl, signOut, switchToOrganization } from './auth.js';
|
|
1
2
|
import { handleAuth } from './authkit-callback-route.js';
|
|
2
3
|
import { authkit, authkitMiddleware } from './middleware.js';
|
|
3
|
-
import {
|
|
4
|
-
import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
|
|
4
|
+
import { refreshSession, saveSession, withAuth } from './session.js';
|
|
5
5
|
import { getWorkOS } from './workos.js';
|
|
6
6
|
export * from './interfaces.js';
|
|
7
|
-
export {
|
|
7
|
+
export { authkit, authkitMiddleware, getSignInUrl, getSignUpUrl, getWorkOS, handleAuth, refreshSession, saveSession, signOut, switchToOrganization, withAuth, };
|
|
@@ -54,6 +54,7 @@ export interface GetAuthURLOptions {
|
|
|
54
54
|
returnPathname?: string;
|
|
55
55
|
organizationId?: string;
|
|
56
56
|
redirectUri?: string;
|
|
57
|
+
loginHint?: string;
|
|
57
58
|
}
|
|
58
59
|
export interface AuthkitMiddlewareAuth {
|
|
59
60
|
enabled: boolean;
|
|
@@ -79,7 +80,12 @@ export interface CookieOptions {
|
|
|
79
80
|
path: '/';
|
|
80
81
|
httpOnly: true;
|
|
81
82
|
secure: boolean;
|
|
82
|
-
sameSite: 'lax';
|
|
83
|
+
sameSite: 'lax' | 'strict' | 'none';
|
|
83
84
|
maxAge: number;
|
|
84
85
|
domain: string | undefined;
|
|
85
86
|
}
|
|
87
|
+
export interface SwitchToOrganizationOptions {
|
|
88
|
+
returnTo?: string;
|
|
89
|
+
revalidationStrategy?: 'none' | 'tag' | 'path';
|
|
90
|
+
revalidationTags?: string[];
|
|
91
|
+
}
|
|
@@ -1,9 +1,14 @@
|
|
|
1
1
|
import { NextRequest } from 'next/server';
|
|
2
2
|
import { AuthkitMiddlewareAuth, AuthkitOptions, AuthkitResponse, NoUserInfo, Session, UserInfo } from './interfaces.js';
|
|
3
|
+
import type { AuthenticationResponse } from '@workos-inc/node';
|
|
3
4
|
declare function encryptSession(session: Session): Promise<string>;
|
|
4
5
|
declare function updateSessionMiddleware(request: NextRequest, debug: boolean, middlewareAuth: AuthkitMiddlewareAuth, redirectUri: string, signUpPaths: string[]): Promise<Response>;
|
|
5
6
|
declare function updateSession(request: NextRequest, options?: AuthkitOptions): Promise<AuthkitResponse>;
|
|
6
7
|
declare function refreshSession(options: {
|
|
8
|
+
organizationId?: string;
|
|
9
|
+
ensureSignedIn: true;
|
|
10
|
+
}): Promise<UserInfo>;
|
|
11
|
+
declare function refreshSession(options?: {
|
|
7
12
|
organizationId?: string;
|
|
8
13
|
ensureSignedIn?: boolean;
|
|
9
14
|
}): Promise<UserInfo | NoUserInfo>;
|
|
@@ -16,4 +21,33 @@ declare function withAuth(options?: {
|
|
|
16
21
|
declare function terminateSession({ returnTo }?: {
|
|
17
22
|
returnTo?: string;
|
|
18
23
|
}): Promise<void>;
|
|
19
|
-
|
|
24
|
+
/**
|
|
25
|
+
* Saves a WorkOS session to a cookie for use with AuthKit.
|
|
26
|
+
*
|
|
27
|
+
* This function is intended for advanced use cases where you need to manually manage sessions,
|
|
28
|
+
* such as custom authentication flows (email verification, etc.) that don't use
|
|
29
|
+
* the standard AuthKit authentication flow.
|
|
30
|
+
*
|
|
31
|
+
* @param sessionOrResponse The WorkOS session or AuthenticationResponse containing access token, refresh token, and user information.
|
|
32
|
+
* @param request Either a NextRequest object or a URL string, used to determine cookie settings.
|
|
33
|
+
*
|
|
34
|
+
* @example
|
|
35
|
+
* // With a NextRequest object
|
|
36
|
+
* import { saveSession } from '@workos-inc/authkit-nextjs';
|
|
37
|
+
*
|
|
38
|
+
* async function handleEmailVerification(req: NextRequest) {
|
|
39
|
+
* const { code } = await req.json();
|
|
40
|
+
* const authResponse = await workos.userManagement.authenticateWithEmailVerification({
|
|
41
|
+
* clientId: process.env.WORKOS_CLIENT_ID,
|
|
42
|
+
* code,
|
|
43
|
+
* });
|
|
44
|
+
*
|
|
45
|
+
* await saveSession(authResponse, req);
|
|
46
|
+
* }
|
|
47
|
+
*
|
|
48
|
+
* @example
|
|
49
|
+
* // With a URL string
|
|
50
|
+
* await saveSession(authResponse, 'https://example.com/callback');
|
|
51
|
+
*/
|
|
52
|
+
export declare function saveSession(sessionOrResponse: Session | AuthenticationResponse, request: NextRequest | string): Promise<void>;
|
|
53
|
+
export { encryptSession, refreshSession, terminateSession, updateSession, updateSessionMiddleware, withAuth };
|
package/dist/esm/workos.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_KEY, WORKOS_API_HTTPS, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
import { lazy } from './utils.js';
|
|
4
|
-
export const VERSION = '2.
|
|
4
|
+
export const VERSION = '2.1.0';
|
|
5
5
|
const options = {
|
|
6
6
|
apiHostname: WORKOS_API_HOSTNAME,
|
|
7
7
|
https: WORKOS_API_HTTPS ? WORKOS_API_HTTPS === 'true' : true,
|
package/package.json
CHANGED
package/src/actions.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
'use server';
|
|
2
2
|
|
|
3
|
-
import { signOut } from './auth.js';
|
|
4
|
-
import { NoUserInfo, UserInfo } from './interfaces.js';
|
|
3
|
+
import { signOut, switchToOrganization } from './auth.js';
|
|
4
|
+
import { NoUserInfo, UserInfo, SwitchToOrganizationOptions } from './interfaces.js';
|
|
5
5
|
import { refreshSession, withAuth } from './session.js';
|
|
6
6
|
import { getWorkOS } from './workos.js';
|
|
7
7
|
|
|
@@ -47,3 +47,7 @@ export const refreshAuthAction = async ({
|
|
|
47
47
|
}) => {
|
|
48
48
|
return sanitize(await refreshSession({ ensureSignedIn, organizationId }));
|
|
49
49
|
};
|
|
50
|
+
|
|
51
|
+
export const switchToOrganizationAction = async (organizationId: string, options?: SwitchToOrganizationOptions) => {
|
|
52
|
+
return sanitize(await switchToOrganization(organizationId, options));
|
|
53
|
+
};
|
package/src/auth.ts
CHANGED
|
@@ -1,19 +1,30 @@
|
|
|
1
1
|
'use server';
|
|
2
2
|
|
|
3
|
+
import { revalidatePath, revalidateTag } from 'next/cache';
|
|
4
|
+
import { cookies, headers } from 'next/headers';
|
|
5
|
+
import { redirect } from 'next/navigation';
|
|
6
|
+
import { WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
3
7
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
4
|
-
import {
|
|
5
|
-
import { terminateSession } from './session.js';
|
|
6
|
-
import { WORKOS_COOKIE_NAME, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
|
|
8
|
+
import { SwitchToOrganizationOptions, UserInfo } from './interfaces.js';
|
|
9
|
+
import { refreshSession, terminateSession } from './session.js';
|
|
7
10
|
|
|
8
|
-
async function getSignInUrl({
|
|
9
|
-
|
|
11
|
+
export async function getSignInUrl({
|
|
12
|
+
organizationId,
|
|
13
|
+
loginHint,
|
|
14
|
+
redirectUri,
|
|
15
|
+
}: { organizationId?: string; loginHint?: string; redirectUri?: string } = {}) {
|
|
16
|
+
return getAuthorizationUrl({ organizationId, screenHint: 'sign-in', loginHint, redirectUri });
|
|
10
17
|
}
|
|
11
18
|
|
|
12
|
-
async function getSignUpUrl(
|
|
13
|
-
|
|
19
|
+
export async function getSignUpUrl({
|
|
20
|
+
organizationId,
|
|
21
|
+
loginHint,
|
|
22
|
+
redirectUri,
|
|
23
|
+
}: { organizationId?: string; loginHint?: string; redirectUri?: string } = {}) {
|
|
24
|
+
return getAuthorizationUrl({ organizationId, screenHint: 'sign-up', loginHint, redirectUri });
|
|
14
25
|
}
|
|
15
26
|
|
|
16
|
-
async function signOut({ returnTo }: { returnTo?: string } = {}) {
|
|
27
|
+
export async function signOut({ returnTo }: { returnTo?: string } = {}) {
|
|
17
28
|
const cookie: { name: string; domain?: string } = {
|
|
18
29
|
name: WORKOS_COOKIE_NAME || 'wos-session',
|
|
19
30
|
};
|
|
@@ -25,4 +36,47 @@ async function signOut({ returnTo }: { returnTo?: string } = {}) {
|
|
|
25
36
|
await terminateSession({ returnTo });
|
|
26
37
|
}
|
|
27
38
|
|
|
28
|
-
export
|
|
39
|
+
export async function switchToOrganization(
|
|
40
|
+
organizationId: string,
|
|
41
|
+
options: SwitchToOrganizationOptions = {},
|
|
42
|
+
): Promise<UserInfo> {
|
|
43
|
+
const { returnTo, revalidationStrategy = 'path', revalidationTags = [] } = options;
|
|
44
|
+
const headersList = await headers();
|
|
45
|
+
let result: UserInfo;
|
|
46
|
+
// istanbul ignore next
|
|
47
|
+
const pathname = returnTo || headersList.get('x-url') || '/';
|
|
48
|
+
try {
|
|
49
|
+
result = await refreshSession({ organizationId, ensureSignedIn: true });
|
|
50
|
+
} catch (
|
|
51
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
52
|
+
error: any
|
|
53
|
+
) {
|
|
54
|
+
const { cause } = error;
|
|
55
|
+
/* istanbul ignore next */
|
|
56
|
+
if (cause?.rawData?.authkit_redirect_url) {
|
|
57
|
+
redirect(cause.rawData.authkit_redirect_url);
|
|
58
|
+
} else {
|
|
59
|
+
if (cause?.error === 'sso_required' || cause?.error === 'mfa_enrollment') {
|
|
60
|
+
const url = await getAuthorizationUrl({ organizationId });
|
|
61
|
+
return redirect(url);
|
|
62
|
+
}
|
|
63
|
+
throw error;
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
switch (revalidationStrategy) {
|
|
68
|
+
case 'path':
|
|
69
|
+
revalidatePath(pathname);
|
|
70
|
+
break;
|
|
71
|
+
case 'tag':
|
|
72
|
+
for (const tag of revalidationTags) {
|
|
73
|
+
revalidateTag(tag);
|
|
74
|
+
}
|
|
75
|
+
break;
|
|
76
|
+
}
|
|
77
|
+
if (revalidationStrategy !== 'none') {
|
|
78
|
+
redirect(pathname);
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
return result;
|
|
82
|
+
}
|
|
@@ -1,9 +1,7 @@
|
|
|
1
|
-
import { cookies } from 'next/headers';
|
|
2
1
|
import { NextRequest } from 'next/server';
|
|
3
|
-
import {
|
|
4
|
-
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
2
|
+
import { WORKOS_CLIENT_ID } from './env-variables.js';
|
|
5
3
|
import { HandleAuthOptions } from './interfaces.js';
|
|
6
|
-
import {
|
|
4
|
+
import { saveSession } from './session.js';
|
|
7
5
|
import { errorResponseWithFallback, redirectWithFallback } from './utils.js';
|
|
8
6
|
import { getWorkOS } from './workos.js';
|
|
9
7
|
|
|
@@ -67,13 +65,7 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
67
65
|
await onSuccess({ accessToken, refreshToken, user, impersonator, oauthTokens });
|
|
68
66
|
}
|
|
69
67
|
|
|
70
|
-
|
|
71
|
-
// Alternatively you could persist the refresh token in a backend database
|
|
72
|
-
const session = await encryptSession({ accessToken, refreshToken, user, impersonator });
|
|
73
|
-
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
74
|
-
const nextCookies = await cookies();
|
|
75
|
-
|
|
76
|
-
nextCookies.set(cookieName, session, getCookieOptions(request.url));
|
|
68
|
+
await saveSession({ accessToken, refreshToken, user, impersonator }, request);
|
|
77
69
|
|
|
78
70
|
return response;
|
|
79
71
|
} catch (error) {
|
|
@@ -1,8 +1,15 @@
|
|
|
1
1
|
'use client';
|
|
2
2
|
|
|
3
3
|
import React, { createContext, ReactNode, useContext, useEffect, useState } from 'react';
|
|
4
|
-
import {
|
|
4
|
+
import {
|
|
5
|
+
checkSessionAction,
|
|
6
|
+
getAuthAction,
|
|
7
|
+
handleSignOutAction,
|
|
8
|
+
refreshAuthAction,
|
|
9
|
+
switchToOrganizationAction,
|
|
10
|
+
} from '../actions.js';
|
|
5
11
|
import type { Impersonator, User } from '@workos-inc/node';
|
|
12
|
+
import type { UserInfo, SwitchToOrganizationOptions } from '../interfaces.js';
|
|
6
13
|
|
|
7
14
|
type AuthContextType = {
|
|
8
15
|
user: User | null;
|
|
@@ -16,6 +23,10 @@ type AuthContextType = {
|
|
|
16
23
|
getAuth: (options?: { ensureSignedIn?: boolean }) => Promise<void>;
|
|
17
24
|
refreshAuth: (options?: { ensureSignedIn?: boolean; organizationId?: string }) => Promise<void | { error: string }>;
|
|
18
25
|
signOut: (options?: { returnTo?: string }) => Promise<void>;
|
|
26
|
+
switchToOrganization: (
|
|
27
|
+
organizationId: string,
|
|
28
|
+
options?: SwitchToOrganizationOptions,
|
|
29
|
+
) => Promise<Omit<UserInfo, 'accessToken'> | { error: string }>;
|
|
19
30
|
};
|
|
20
31
|
|
|
21
32
|
const AuthContext = createContext<AuthContextType | undefined>(undefined);
|
|
@@ -40,6 +51,7 @@ export const AuthKitProvider = ({ children, onSessionExpired }: AuthKitProviderP
|
|
|
40
51
|
const [loading, setLoading] = useState(true);
|
|
41
52
|
|
|
42
53
|
const getAuth = async ({ ensureSignedIn = false }: { ensureSignedIn?: boolean } = {}) => {
|
|
54
|
+
setLoading(true);
|
|
43
55
|
try {
|
|
44
56
|
const auth = await getAuthAction({ ensureSignedIn });
|
|
45
57
|
setUser(auth.user);
|
|
@@ -62,6 +74,20 @@ export const AuthKitProvider = ({ children, onSessionExpired }: AuthKitProviderP
|
|
|
62
74
|
}
|
|
63
75
|
};
|
|
64
76
|
|
|
77
|
+
const switchToOrganization = async (organizationId: string, options: SwitchToOrganizationOptions = {}) => {
|
|
78
|
+
const opts = { revalidationStrategy: 'none', ...options };
|
|
79
|
+
const result = await switchToOrganizationAction(organizationId, {
|
|
80
|
+
revalidationStrategy: 'none',
|
|
81
|
+
...options,
|
|
82
|
+
});
|
|
83
|
+
|
|
84
|
+
if (opts.revalidationStrategy === 'none') {
|
|
85
|
+
await getAuth({ ensureSignedIn: true });
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
return result;
|
|
89
|
+
};
|
|
90
|
+
|
|
65
91
|
const refreshAuth = async ({
|
|
66
92
|
ensureSignedIn = false,
|
|
67
93
|
organizationId,
|
|
@@ -153,6 +179,7 @@ export const AuthKitProvider = ({ children, onSessionExpired }: AuthKitProviderP
|
|
|
153
179
|
getAuth,
|
|
154
180
|
refreshAuth,
|
|
155
181
|
signOut,
|
|
182
|
+
switchToOrganization,
|
|
156
183
|
}}
|
|
157
184
|
>
|
|
158
185
|
{children}
|
package/src/cookie.ts
CHANGED
|
@@ -1,6 +1,19 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import {
|
|
2
|
+
WORKOS_REDIRECT_URI,
|
|
3
|
+
WORKOS_COOKIE_MAX_AGE,
|
|
4
|
+
WORKOS_COOKIE_DOMAIN,
|
|
5
|
+
WORKOS_COOKIE_SAMESITE,
|
|
6
|
+
} from './env-variables.js';
|
|
2
7
|
import { CookieOptions } from './interfaces.js';
|
|
3
8
|
|
|
9
|
+
type ValidSameSite = CookieOptions['sameSite'];
|
|
10
|
+
|
|
11
|
+
function assertValidSamSite(sameSite: string): asserts sameSite is ValidSameSite {
|
|
12
|
+
if (!['lax', 'strict', 'none'].includes(sameSite.toLowerCase())) {
|
|
13
|
+
throw new Error(`Invalid SameSite value: ${sameSite}`);
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
|
|
4
17
|
export function getCookieOptions(): CookieOptions;
|
|
5
18
|
export function getCookieOptions(redirectUri?: string | null): CookieOptions;
|
|
6
19
|
export function getCookieOptions(redirectUri: string | null | undefined, asString: true, expired?: boolean): string;
|
|
@@ -20,16 +33,19 @@ export function getCookieOptions(
|
|
|
20
33
|
expired: boolean = false,
|
|
21
34
|
): CookieOptions | string {
|
|
22
35
|
const url = new URL(redirectUri || WORKOS_REDIRECT_URI);
|
|
36
|
+
const sameSite = WORKOS_COOKIE_SAMESITE || 'lax';
|
|
37
|
+
assertValidSamSite(sameSite);
|
|
38
|
+
const secure = sameSite.toLowerCase() === 'none' ? true : url.protocol === 'https:';
|
|
23
39
|
|
|
24
40
|
const maxAge = expired ? 0 : WORKOS_COOKIE_MAX_AGE ? parseInt(WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400;
|
|
25
41
|
|
|
26
42
|
return asString
|
|
27
|
-
? `Path=/; HttpOnly; Secure=${
|
|
43
|
+
? `Path=/; HttpOnly; Secure=${secure}; SameSite="${sameSite}"; Max-Age=${maxAge}; Domain=${WORKOS_COOKIE_DOMAIN || ''}`
|
|
28
44
|
: {
|
|
29
45
|
path: '/',
|
|
30
46
|
httpOnly: true,
|
|
31
|
-
secure
|
|
32
|
-
sameSite
|
|
47
|
+
secure,
|
|
48
|
+
sameSite,
|
|
33
49
|
// Defaults to 400 days, the maximum allowed by Chrome
|
|
34
50
|
// It's fine to have a long cookie expiry date as the access/refresh tokens
|
|
35
51
|
// act as the actual time-limited aspects of the session.
|
package/src/env-variables.ts
CHANGED
|
@@ -11,6 +11,7 @@ const WORKOS_API_PORT = getEnvVariable('WORKOS_API_PORT');
|
|
|
11
11
|
const WORKOS_COOKIE_DOMAIN = getEnvVariable('WORKOS_COOKIE_DOMAIN');
|
|
12
12
|
const WORKOS_COOKIE_MAX_AGE = getEnvVariable('WORKOS_COOKIE_MAX_AGE');
|
|
13
13
|
const WORKOS_COOKIE_NAME = getEnvVariable('WORKOS_COOKIE_NAME');
|
|
14
|
+
const WORKOS_COOKIE_SAMESITE = getEnvVariable('WORKOS_COOKIE_SAMESITE');
|
|
14
15
|
|
|
15
16
|
// Required env variables
|
|
16
17
|
const WORKOS_API_KEY = getEnvVariable('WORKOS_API_KEY') ?? '';
|
|
@@ -29,4 +30,5 @@ export {
|
|
|
29
30
|
WORKOS_COOKIE_NAME,
|
|
30
31
|
WORKOS_COOKIE_PASSWORD,
|
|
31
32
|
WORKOS_REDIRECT_URI,
|
|
33
|
+
WORKOS_COOKIE_SAMESITE,
|
|
32
34
|
};
|
|
@@ -5,7 +5,13 @@ import { headers } from 'next/headers';
|
|
|
5
5
|
|
|
6
6
|
async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
7
7
|
const headersList = await headers();
|
|
8
|
-
const {
|
|
8
|
+
const {
|
|
9
|
+
returnPathname,
|
|
10
|
+
screenHint,
|
|
11
|
+
organizationId,
|
|
12
|
+
redirectUri = headersList.get('x-redirect-uri'),
|
|
13
|
+
loginHint,
|
|
14
|
+
} = options;
|
|
9
15
|
|
|
10
16
|
return getWorkOS().userManagement.getAuthorizationUrl({
|
|
11
17
|
provider: 'authkit',
|
|
@@ -14,6 +20,7 @@ async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
|
14
20
|
state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
|
|
15
21
|
screenHint,
|
|
16
22
|
organizationId,
|
|
23
|
+
loginHint,
|
|
17
24
|
});
|
|
18
25
|
}
|
|
19
26
|
|
package/src/index.ts
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
|
+
import { getSignInUrl, getSignUpUrl, signOut, switchToOrganization } from './auth.js';
|
|
1
2
|
import { handleAuth } from './authkit-callback-route.js';
|
|
2
3
|
import { authkit, authkitMiddleware } from './middleware.js';
|
|
3
|
-
import {
|
|
4
|
-
import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
|
|
4
|
+
import { refreshSession, saveSession, withAuth } from './session.js';
|
|
5
5
|
import { getWorkOS } from './workos.js';
|
|
6
6
|
|
|
7
7
|
export * from './interfaces.js';
|
|
8
8
|
|
|
9
9
|
export {
|
|
10
|
-
getWorkOS,
|
|
11
|
-
handleAuth,
|
|
12
|
-
//
|
|
13
|
-
authkitMiddleware,
|
|
14
10
|
authkit,
|
|
15
|
-
|
|
11
|
+
authkitMiddleware,
|
|
16
12
|
getSignInUrl,
|
|
17
13
|
getSignUpUrl,
|
|
18
|
-
|
|
14
|
+
getWorkOS,
|
|
15
|
+
handleAuth,
|
|
19
16
|
refreshSession,
|
|
17
|
+
saveSession,
|
|
20
18
|
signOut,
|
|
19
|
+
switchToOrganization,
|
|
20
|
+
withAuth,
|
|
21
21
|
};
|
package/src/interfaces.ts
CHANGED
|
@@ -57,6 +57,7 @@ export interface GetAuthURLOptions {
|
|
|
57
57
|
returnPathname?: string;
|
|
58
58
|
organizationId?: string;
|
|
59
59
|
redirectUri?: string;
|
|
60
|
+
loginHint?: string;
|
|
60
61
|
}
|
|
61
62
|
|
|
62
63
|
export interface AuthkitMiddlewareAuth {
|
|
@@ -87,7 +88,13 @@ export interface CookieOptions {
|
|
|
87
88
|
path: '/';
|
|
88
89
|
httpOnly: true;
|
|
89
90
|
secure: boolean;
|
|
90
|
-
sameSite: 'lax';
|
|
91
|
+
sameSite: 'lax' | 'strict' | 'none';
|
|
91
92
|
maxAge: number;
|
|
92
93
|
domain: string | undefined;
|
|
93
94
|
}
|
|
95
|
+
|
|
96
|
+
export interface SwitchToOrganizationOptions {
|
|
97
|
+
returnTo?: string;
|
|
98
|
+
revalidationStrategy?: 'none' | 'tag' | 'path';
|
|
99
|
+
revalidationTags?: string[];
|
|
100
|
+
}
|
package/src/session.ts
CHANGED
|
@@ -1,25 +1,25 @@
|
|
|
1
1
|
'use server';
|
|
2
2
|
|
|
3
|
-
import {
|
|
3
|
+
import { sealData, unsealData } from 'iron-session';
|
|
4
|
+
import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';
|
|
4
5
|
import { cookies, headers } from 'next/headers';
|
|
6
|
+
import { redirect } from 'next/navigation';
|
|
5
7
|
import { NextRequest, NextResponse } from 'next/server';
|
|
6
|
-
import { jwtVerify, createRemoteJWKSet, decodeJwt } from 'jose';
|
|
7
|
-
import { sealData, unsealData } from 'iron-session';
|
|
8
8
|
import { getCookieOptions } from './cookie.js';
|
|
9
|
-
import {
|
|
10
|
-
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD, WORKOS_COOKIE_NAME, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
9
|
+
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
11
10
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
12
11
|
import {
|
|
13
12
|
AccessToken,
|
|
14
13
|
AuthkitMiddlewareAuth,
|
|
15
14
|
AuthkitOptions,
|
|
16
15
|
AuthkitResponse,
|
|
17
|
-
CookieOptions,
|
|
18
16
|
NoUserInfo,
|
|
19
17
|
Session,
|
|
20
18
|
UserInfo,
|
|
21
19
|
} from './interfaces.js';
|
|
20
|
+
import { getWorkOS } from './workos.js';
|
|
22
21
|
|
|
22
|
+
import type { AuthenticationResponse } from '@workos-inc/node';
|
|
23
23
|
import { parse, tokensToRegexp } from 'path-to-regexp';
|
|
24
24
|
import { lazy, redirectWithFallback } from './utils.js';
|
|
25
25
|
|
|
@@ -126,6 +126,12 @@ async function updateSession(
|
|
|
126
126
|
// `pathname` to be able to return the users where they came from before sign-in
|
|
127
127
|
newRequestHeaders.set('x-url', request.url);
|
|
128
128
|
|
|
129
|
+
if (options.redirectUri) {
|
|
130
|
+
// Store the redirect URI in a custom header, so we always have access to it and so that subsequent
|
|
131
|
+
// calls to `getAuthorizationUrl` will use the same redirect URI
|
|
132
|
+
newRequestHeaders.set('x-redirect-uri', options.redirectUri);
|
|
133
|
+
}
|
|
134
|
+
|
|
129
135
|
newRequestHeaders.delete(sessionHeaderName);
|
|
130
136
|
|
|
131
137
|
if (!session) {
|
|
@@ -245,19 +251,18 @@ async function updateSession(
|
|
|
245
251
|
}
|
|
246
252
|
}
|
|
247
253
|
|
|
248
|
-
async function refreshSession(options: {
|
|
254
|
+
async function refreshSession(options: { organizationId?: string; ensureSignedIn: true }): Promise<UserInfo>;
|
|
255
|
+
async function refreshSession(options?: {
|
|
249
256
|
organizationId?: string;
|
|
250
257
|
ensureSignedIn?: boolean;
|
|
251
258
|
}): Promise<UserInfo | NoUserInfo>;
|
|
252
|
-
|
|
253
|
-
/* istanbul ignore next */
|
|
254
259
|
async function refreshSession({
|
|
255
260
|
organizationId: nextOrganizationId,
|
|
256
261
|
ensureSignedIn = false,
|
|
257
262
|
}: {
|
|
258
263
|
organizationId?: string;
|
|
259
264
|
ensureSignedIn?: boolean;
|
|
260
|
-
} = {}) {
|
|
265
|
+
} = {}): Promise<UserInfo | NoUserInfo> {
|
|
261
266
|
const session = await getSessionFromCookie();
|
|
262
267
|
if (!session) {
|
|
263
268
|
if (ensureSignedIn) {
|
|
@@ -282,22 +287,12 @@ async function refreshSession({
|
|
|
282
287
|
});
|
|
283
288
|
}
|
|
284
289
|
|
|
285
|
-
const { accessToken, refreshToken, user, impersonator } = refreshResult;
|
|
286
|
-
// Encrypt session with new access and refresh tokens
|
|
287
|
-
const encryptedSession = await encryptSession({
|
|
288
|
-
accessToken,
|
|
289
|
-
refreshToken,
|
|
290
|
-
user,
|
|
291
|
-
impersonator,
|
|
292
|
-
});
|
|
293
|
-
|
|
294
|
-
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
295
|
-
|
|
296
290
|
const headersList = await headers();
|
|
297
291
|
const url = headersList.get('x-url');
|
|
298
292
|
|
|
299
|
-
|
|
300
|
-
|
|
293
|
+
await saveSession(refreshResult, url || WORKOS_REDIRECT_URI);
|
|
294
|
+
|
|
295
|
+
const { accessToken, user, impersonator } = refreshResult;
|
|
301
296
|
|
|
302
297
|
const {
|
|
303
298
|
sid: sessionId,
|
|
@@ -457,4 +452,43 @@ function getScreenHint(signUpPaths: string[] | undefined, pathname: string) {
|
|
|
457
452
|
return screenHintPaths.length > 0 ? 'sign-up' : 'sign-in';
|
|
458
453
|
}
|
|
459
454
|
|
|
460
|
-
|
|
455
|
+
/**
|
|
456
|
+
* Saves a WorkOS session to a cookie for use with AuthKit.
|
|
457
|
+
*
|
|
458
|
+
* This function is intended for advanced use cases where you need to manually manage sessions,
|
|
459
|
+
* such as custom authentication flows (email verification, etc.) that don't use
|
|
460
|
+
* the standard AuthKit authentication flow.
|
|
461
|
+
*
|
|
462
|
+
* @param sessionOrResponse The WorkOS session or AuthenticationResponse containing access token, refresh token, and user information.
|
|
463
|
+
* @param request Either a NextRequest object or a URL string, used to determine cookie settings.
|
|
464
|
+
*
|
|
465
|
+
* @example
|
|
466
|
+
* // With a NextRequest object
|
|
467
|
+
* import { saveSession } from '@workos-inc/authkit-nextjs';
|
|
468
|
+
*
|
|
469
|
+
* async function handleEmailVerification(req: NextRequest) {
|
|
470
|
+
* const { code } = await req.json();
|
|
471
|
+
* const authResponse = await workos.userManagement.authenticateWithEmailVerification({
|
|
472
|
+
* clientId: process.env.WORKOS_CLIENT_ID,
|
|
473
|
+
* code,
|
|
474
|
+
* });
|
|
475
|
+
*
|
|
476
|
+
* await saveSession(authResponse, req);
|
|
477
|
+
* }
|
|
478
|
+
*
|
|
479
|
+
* @example
|
|
480
|
+
* // With a URL string
|
|
481
|
+
* await saveSession(authResponse, 'https://example.com/callback');
|
|
482
|
+
*/
|
|
483
|
+
export async function saveSession(
|
|
484
|
+
sessionOrResponse: Session | AuthenticationResponse,
|
|
485
|
+
request: NextRequest | string,
|
|
486
|
+
): Promise<void> {
|
|
487
|
+
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
488
|
+
const encryptedSession = await encryptSession(sessionOrResponse);
|
|
489
|
+
const nextCookies = await cookies();
|
|
490
|
+
const url = typeof request === 'string' ? request : request.url;
|
|
491
|
+
nextCookies.set(cookieName, encryptedSession, getCookieOptions(url));
|
|
492
|
+
}
|
|
493
|
+
|
|
494
|
+
export { encryptSession, refreshSession, terminateSession, updateSession, updateSessionMiddleware, withAuth };
|
package/src/workos.ts
CHANGED
|
@@ -2,7 +2,7 @@ import { WorkOS } from '@workos-inc/node';
|
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_KEY, WORKOS_API_HTTPS, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
import { lazy } from './utils.js';
|
|
4
4
|
|
|
5
|
-
export const VERSION = '2.
|
|
5
|
+
export const VERSION = '2.1.0';
|
|
6
6
|
|
|
7
7
|
const options = {
|
|
8
8
|
apiHostname: WORKOS_API_HOSTNAME,
|