@workos-inc/authkit-nextjs 2.0.1 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +53 -3
- package/dist/esm/actions.js +4 -1
- package/dist/esm/actions.js.map +1 -1
- package/dist/esm/auth.js +51 -9
- package/dist/esm/auth.js.map +1 -1
- package/dist/esm/authkit-callback-route.js +3 -10
- package/dist/esm/authkit-callback-route.js.map +1 -1
- package/dist/esm/components/authkit-provider.js +14 -1
- package/dist/esm/components/authkit-provider.js.map +1 -1
- package/dist/esm/cookie.js +12 -4
- package/dist/esm/cookie.js.map +1 -1
- package/dist/esm/env-variables.js +2 -1
- package/dist/esm/env-variables.js.map +1 -1
- package/dist/esm/get-authorization-url.js +2 -1
- package/dist/esm/get-authorization-url.js.map +1 -1
- package/dist/esm/index.js +3 -7
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/session.js +43 -18
- package/dist/esm/session.js.map +1 -1
- package/dist/esm/types/actions.d.ts +2 -1
- package/dist/esm/types/auth.d.ts +11 -4
- package/dist/esm/types/components/authkit-provider.d.ts +4 -0
- package/dist/esm/types/env-variables.d.ts +2 -1
- package/dist/esm/types/index.d.ts +3 -3
- package/dist/esm/types/interfaces.d.ts +7 -1
- package/dist/esm/types/session.d.ts +35 -1
- package/dist/esm/types/workos.d.ts +1 -1
- package/dist/esm/workos.js +1 -1
- package/package.json +2 -2
- package/src/actions.ts +6 -2
- package/src/auth.ts +63 -9
- package/src/authkit-callback-route.ts +3 -11
- package/src/components/authkit-provider.tsx +28 -1
- package/src/cookie.ts +20 -4
- package/src/env-variables.ts +2 -0
- package/src/get-authorization-url.ts +8 -1
- package/src/index.ts +8 -8
- package/src/interfaces.ts +8 -1
- package/src/session.ts +52 -24
- package/src/workos.ts +1 -1
package/README.md
CHANGED
|
@@ -54,11 +54,16 @@ WORKOS_COOKIE_NAME='authkit-cookie'
|
|
|
54
54
|
WORKOS_API_HOSTNAME='api.workos.com' # base WorkOS API URL
|
|
55
55
|
WORKOS_API_HTTPS=true # whether to use HTTPS in API calls
|
|
56
56
|
WORKOS_API_PORT=3000 # port to use for API calls
|
|
57
|
+
|
|
58
|
+
# Only change this if you specifically need cross-origin cookie support.
|
|
59
|
+
WORKOS_COOKIE_SAMESITE='lax' # SameSite attribute for cookies: 'lax' (default), 'strict', or 'none'.
|
|
57
60
|
```
|
|
58
61
|
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
+
>[!WARNING]
|
|
63
|
+
>Setting `WORKOS_COOKIE_SAMESITE='none'` allows cookies to be sent in cross-origin contexts (like iframes), but reduces protection against CSRF attacks. This setting forces cookies to be secure (HTTPS only) and should only be used when absolutely necessary for your application architecture.
|
|
64
|
+
|
|
65
|
+
>[!TIP]
|
|
66
|
+
>`WORKOS_COOKIE_DOMAIN` can be used to share WorkOS sessions between apps/domains. Note: The `WORKOS_COOKIE_PASSWORD` would need to be the same across apps/domains. Not needed for most use cases.
|
|
62
67
|
|
|
63
68
|
## Setup
|
|
64
69
|
|
|
@@ -417,6 +422,51 @@ const organizations = await workos.organizations.listOrganizations({
|
|
|
417
422
|
});
|
|
418
423
|
````
|
|
419
424
|
|
|
425
|
+
### Advanced: Custom authentication flows
|
|
426
|
+
|
|
427
|
+
While the standard authentication flow handles session management automatically, some use cases require manually creating and storing a session. This is useful for custom authentication flows like email verification or token exchange.
|
|
428
|
+
|
|
429
|
+
For these scenarios, you can use the `saveSession` function:
|
|
430
|
+
|
|
431
|
+
```typescript
|
|
432
|
+
import { saveSession } from '@workos-inc/authkit-nextjs';
|
|
433
|
+
import { getWorkOS } from '@workos-inc/authkit-nextjs';
|
|
434
|
+
|
|
435
|
+
// Example: Email verification flow
|
|
436
|
+
async function handleEmailVerification(req) {
|
|
437
|
+
const { code } = await req.json();
|
|
438
|
+
|
|
439
|
+
// Authenticate with the WorkOS API directly
|
|
440
|
+
const authResponse = await getWorkOS().userManagement.authenticateWithEmailVerification({
|
|
441
|
+
clientId: process.env.WORKOS_CLIENT_ID,
|
|
442
|
+
code,
|
|
443
|
+
});
|
|
444
|
+
|
|
445
|
+
// Save the session data to a cookie
|
|
446
|
+
await saveSession({
|
|
447
|
+
accessToken: authResponse.accessToken,
|
|
448
|
+
refreshToken: authResponse.refreshToken,
|
|
449
|
+
user: authResponse.user,
|
|
450
|
+
impersonator: authResponse.impersonator
|
|
451
|
+
}, req);
|
|
452
|
+
|
|
453
|
+
return Response.redirect('/dashboard');
|
|
454
|
+
}
|
|
455
|
+
```
|
|
456
|
+
|
|
457
|
+
>[!NOTE]
|
|
458
|
+
>This is an advanced API intended for specific integration scenarios, such as those users using self-hosted AuthKit. If you're using hosted AuthKit you should not need this.
|
|
459
|
+
|
|
460
|
+
The `saveSession` function accepts either a `NextRequest` object or a URL string as its second parameter.
|
|
461
|
+
|
|
462
|
+
```typescript
|
|
463
|
+
// With NextRequest
|
|
464
|
+
await saveSession(session, req);
|
|
465
|
+
|
|
466
|
+
// With URL string
|
|
467
|
+
await saveSession(session, 'https://example.com/callback');
|
|
468
|
+
```
|
|
469
|
+
|
|
420
470
|
### Debugging
|
|
421
471
|
|
|
422
472
|
To enable debug logs, initialize the middleware with the debug flag enabled.
|
package/dist/esm/actions.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
'use server';
|
|
2
|
-
import { signOut } from './auth.js';
|
|
2
|
+
import { signOut, switchToOrganization } from './auth.js';
|
|
3
3
|
import { refreshSession, withAuth } from './session.js';
|
|
4
4
|
import { getWorkOS } from './workos.js';
|
|
5
5
|
/**
|
|
@@ -33,4 +33,7 @@ export const getAuthAction = async (options) => {
|
|
|
33
33
|
export const refreshAuthAction = async ({ ensureSignedIn, organizationId, }) => {
|
|
34
34
|
return sanitize(await refreshSession({ ensureSignedIn, organizationId }));
|
|
35
35
|
};
|
|
36
|
+
export const switchToOrganizationAction = async (organizationId, options) => {
|
|
37
|
+
return sanitize(await switchToOrganization(organizationId, options));
|
|
38
|
+
};
|
|
36
39
|
//# sourceMappingURL=actions.js.map
|
package/dist/esm/actions.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actions.js","sourceRoot":"","sources":["../../src/actions.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"actions.js","sourceRoot":"","sources":["../../src/actions.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAE1D,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC;;;;;GAKG;AACH,SAAS,QAAQ,CAAkC,KAAQ;IACzD,6DAA6D;IAC7D,MAAM,EAAE,WAAW,EAAE,GAAG,SAAS,EAAE,GAAG,KAAK,CAAC;IAC5C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,IAAI,EAAE;IAC3C,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EAAE,EAAE,QAAQ,KAA4B,EAAE,EAAE,EAAE;IACpF,MAAM,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;AAC9B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EAAE,cAAsB,EAAE,EAAE;IACpE,OAAO,MAAM,SAAS,EAAE,CAAC,aAAa,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;AACzE,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,OAAsC,EAAE,EAAE;IAC5E,OAAO,QAAQ,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;AAC3C,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EAAE,EACtC,cAAc,EACd,cAAc,GAIf,EAAE,EAAE;IACH,OAAO,QAAQ,CAAC,MAAM,cAAc,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;AAC5E,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,0BAA0B,GAAG,KAAK,EAAE,cAAsB,EAAE,OAAqC,EAAE,EAAE;IAChH,OAAO,QAAQ,CAAC,MAAM,oBAAoB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC;AACvE,CAAC,CAAC"}
|
package/dist/esm/auth.js
CHANGED
|
@@ -1,15 +1,17 @@
|
|
|
1
1
|
'use server';
|
|
2
|
+
import { revalidatePath, revalidateTag } from 'next/cache';
|
|
3
|
+
import { cookies, headers } from 'next/headers';
|
|
4
|
+
import { redirect } from 'next/navigation';
|
|
5
|
+
import { WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
2
6
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
3
|
-
import {
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
async function getSignInUrl({ organizationId } = {}) {
|
|
7
|
-
return getAuthorizationUrl({ organizationId, screenHint: 'sign-in' });
|
|
7
|
+
import { refreshSession, terminateSession } from './session.js';
|
|
8
|
+
export async function getSignInUrl({ organizationId, loginHint, redirectUri, } = {}) {
|
|
9
|
+
return getAuthorizationUrl({ organizationId, screenHint: 'sign-in', loginHint, redirectUri });
|
|
8
10
|
}
|
|
9
|
-
async function getSignUpUrl() {
|
|
10
|
-
return getAuthorizationUrl({ screenHint: 'sign-up' });
|
|
11
|
+
export async function getSignUpUrl({ organizationId, loginHint, redirectUri, } = {}) {
|
|
12
|
+
return getAuthorizationUrl({ organizationId, screenHint: 'sign-up', loginHint, redirectUri });
|
|
11
13
|
}
|
|
12
|
-
async function signOut({ returnTo } = {}) {
|
|
14
|
+
export async function signOut({ returnTo } = {}) {
|
|
13
15
|
const cookie = {
|
|
14
16
|
name: WORKOS_COOKIE_NAME || 'wos-session',
|
|
15
17
|
};
|
|
@@ -19,5 +21,45 @@ async function signOut({ returnTo } = {}) {
|
|
|
19
21
|
nextCookies.delete(cookie);
|
|
20
22
|
await terminateSession({ returnTo });
|
|
21
23
|
}
|
|
22
|
-
export
|
|
24
|
+
export async function switchToOrganization(organizationId, options = {}) {
|
|
25
|
+
var _a;
|
|
26
|
+
const { returnTo, revalidationStrategy = 'path', revalidationTags = [] } = options;
|
|
27
|
+
const headersList = await headers();
|
|
28
|
+
let result;
|
|
29
|
+
// istanbul ignore next
|
|
30
|
+
const pathname = returnTo || headersList.get('x-url') || '/';
|
|
31
|
+
try {
|
|
32
|
+
result = await refreshSession({ organizationId, ensureSignedIn: true });
|
|
33
|
+
}
|
|
34
|
+
catch (
|
|
35
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
36
|
+
error) {
|
|
37
|
+
const { cause } = error;
|
|
38
|
+
/* istanbul ignore next */
|
|
39
|
+
if ((_a = cause === null || cause === void 0 ? void 0 : cause.rawData) === null || _a === void 0 ? void 0 : _a.authkit_redirect_url) {
|
|
40
|
+
redirect(cause.rawData.authkit_redirect_url);
|
|
41
|
+
}
|
|
42
|
+
else {
|
|
43
|
+
if ((cause === null || cause === void 0 ? void 0 : cause.error) === 'sso_required' || (cause === null || cause === void 0 ? void 0 : cause.error) === 'mfa_enrollment') {
|
|
44
|
+
const url = await getAuthorizationUrl({ organizationId });
|
|
45
|
+
return redirect(url);
|
|
46
|
+
}
|
|
47
|
+
throw error;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
switch (revalidationStrategy) {
|
|
51
|
+
case 'path':
|
|
52
|
+
revalidatePath(pathname);
|
|
53
|
+
break;
|
|
54
|
+
case 'tag':
|
|
55
|
+
for (const tag of revalidationTags) {
|
|
56
|
+
revalidateTag(tag);
|
|
57
|
+
}
|
|
58
|
+
break;
|
|
59
|
+
}
|
|
60
|
+
if (revalidationStrategy !== 'none') {
|
|
61
|
+
redirect(pathname);
|
|
62
|
+
}
|
|
63
|
+
return result;
|
|
64
|
+
}
|
|
23
65
|
//# sourceMappingURL=auth.js.map
|
package/dist/esm/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhE,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EACjC,cAAc,EACd,SAAS,EACT,WAAW,MAC8D,EAAE;IAC3E,OAAO,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;AAChG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EACjC,cAAc,EACd,SAAS,EACT,WAAW,MAC8D,EAAE;IAC3E,OAAO,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;AAChG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,QAAQ,KAA4B,EAAE;IACpE,MAAM,MAAM,GAAsC;QAChD,IAAI,EAAE,kBAAkB,IAAI,aAAa;KAC1C,CAAC;IACF,IAAI,oBAAoB;QAAE,MAAM,CAAC,MAAM,GAAG,oBAAoB,CAAC;IAE/D,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IAEpC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3B,MAAM,gBAAgB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,cAAsB,EACtB,UAAuC,EAAE;;IAEzC,MAAM,EAAE,QAAQ,EAAE,oBAAoB,GAAG,MAAM,EAAE,gBAAgB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IACnF,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,IAAI,MAAgB,CAAC;IACrB,uBAAuB;IACvB,MAAM,QAAQ,GAAG,QAAQ,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,cAAc,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC;IAAC;IACA,8DAA8D;IAC9D,KAAU,EACV,CAAC;QACD,MAAM,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC;QACxB,0BAA0B;QAC1B,IAAI,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,0CAAE,oBAAoB,EAAE,CAAC;YACzC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,MAAK,cAAc,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,MAAK,gBAAgB,EAAE,CAAC;gBACzE,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;gBAC1D,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,QAAQ,oBAAoB,EAAE,CAAC;QAC7B,KAAK,MAAM;YACT,cAAc,CAAC,QAAQ,CAAC,CAAC;YACzB,MAAM;QACR,KAAK,KAAK;YACR,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;gBACnC,aAAa,CAAC,GAAG,CAAC,CAAC;YACrB,CAAC;YACD,MAAM;IACV,CAAC;IACD,IAAI,oBAAoB,KAAK,MAAM,EAAE,CAAC;QACpC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1,7 +1,5 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
4
|
-
import { encryptSession } from './session.js';
|
|
1
|
+
import { WORKOS_CLIENT_ID } from './env-variables.js';
|
|
2
|
+
import { saveSession } from './session.js';
|
|
5
3
|
import { errorResponseWithFallback, redirectWithFallback } from './utils.js';
|
|
6
4
|
import { getWorkOS } from './workos.js';
|
|
7
5
|
export function handleAuth(options = {}) {
|
|
@@ -54,12 +52,7 @@ export function handleAuth(options = {}) {
|
|
|
54
52
|
if (onSuccess) {
|
|
55
53
|
await onSuccess({ accessToken, refreshToken, user, impersonator, oauthTokens });
|
|
56
54
|
}
|
|
57
|
-
|
|
58
|
-
// Alternatively you could persist the refresh token in a backend database
|
|
59
|
-
const session = await encryptSession({ accessToken, refreshToken, user, impersonator });
|
|
60
|
-
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
61
|
-
const nextCookies = await cookies();
|
|
62
|
-
nextCookies.set(cookieName, session, getCookieOptions(request.url));
|
|
55
|
+
await saveSession({ accessToken, refreshToken, user, impersonator }, request);
|
|
63
56
|
return response;
|
|
64
57
|
}
|
|
65
58
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC7E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,UAAU,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAE5F,iDAAiD;IACjD,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,oBAAoB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,cAAc,GAAG,KAAK,IAAI,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC;QAE/F,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,+EAA+E;gBAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,GAClE,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,oBAAoB,CAAC;oBACpD,QAAQ,EAAE,gBAAgB;oBAC1B,IAAI;iBACL,CAAC,CAAC;gBAEL,4DAA4D;gBAC5D,0EAA0E;gBAC1E,4DAA4D;gBAC5D,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAEjE,iBAAiB;gBACjB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEjC,uDAAuD;gBACvD,cAAc,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,oBAAoB,CAAC;gBAExD,gDAAgD;gBAChD,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACjC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,qBAAqB,CAAC,CAAC;oBAC9D,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;oBAE/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;wBAC/C,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,QAAQ,GAAG,cAAc,CAAC;gBAChC,CAAC;gBAED,mEAAmE;gBACnE,iCAAiC;gBACjC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAEtD,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;oBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAEjF,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,SAAS,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;gBAClF,CAAC;gBAED,MAAM,WAAW,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,OAAO,CAAC,CAAC;gBAE9E,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG;oBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;gBAEF,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAExB,OAAO,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAED,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC,CAAC;IAEF,SAAS,aAAa,CAAC,OAAoB,EAAE,KAAe;QAC1D,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,OAAO,yBAAyB,CAAC;YAC/B,KAAK,EAAE;gBACL,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,8FAA8F;aAC5G;SACF,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
'use client';
|
|
2
2
|
import React, { createContext, useContext, useEffect, useState } from 'react';
|
|
3
|
-
import { checkSessionAction, getAuthAction, handleSignOutAction, refreshAuthAction } from '../actions.js';
|
|
3
|
+
import { checkSessionAction, getAuthAction, handleSignOutAction, refreshAuthAction, switchToOrganizationAction, } from '../actions.js';
|
|
4
4
|
const AuthContext = createContext(undefined);
|
|
5
5
|
export const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
6
6
|
const [user, setUser] = useState(null);
|
|
@@ -12,6 +12,7 @@ export const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
|
12
12
|
const [impersonator, setImpersonator] = useState(undefined);
|
|
13
13
|
const [loading, setLoading] = useState(true);
|
|
14
14
|
const getAuth = async ({ ensureSignedIn = false } = {}) => {
|
|
15
|
+
setLoading(true);
|
|
15
16
|
try {
|
|
16
17
|
const auth = await getAuthAction({ ensureSignedIn });
|
|
17
18
|
setUser(auth.user);
|
|
@@ -35,6 +36,17 @@ export const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
|
35
36
|
setLoading(false);
|
|
36
37
|
}
|
|
37
38
|
};
|
|
39
|
+
const switchToOrganization = async (organizationId, options = {}) => {
|
|
40
|
+
const opts = { revalidationStrategy: 'none', ...options };
|
|
41
|
+
const result = await switchToOrganizationAction(organizationId, {
|
|
42
|
+
revalidationStrategy: 'none',
|
|
43
|
+
...options,
|
|
44
|
+
});
|
|
45
|
+
if (opts.revalidationStrategy === 'none') {
|
|
46
|
+
await getAuth({ ensureSignedIn: true });
|
|
47
|
+
}
|
|
48
|
+
return result;
|
|
49
|
+
};
|
|
38
50
|
const refreshAuth = async ({ ensureSignedIn = false, organizationId, } = {}) => {
|
|
39
51
|
try {
|
|
40
52
|
setLoading(true);
|
|
@@ -115,6 +127,7 @@ export const AuthKitProvider = ({ children, onSessionExpired }) => {
|
|
|
115
127
|
getAuth,
|
|
116
128
|
refreshAuth,
|
|
117
129
|
signOut,
|
|
130
|
+
switchToOrganization,
|
|
118
131
|
} }, children));
|
|
119
132
|
};
|
|
120
133
|
export function useAuth({ ensureSignedIn = false } = {}) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-provider.js","sourceRoot":"","sources":["../../../src/components/authkit-provider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAa,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACzF,OAAO,
|
|
1
|
+
{"version":3,"file":"authkit-provider.js","sourceRoot":"","sources":["../../../src/components/authkit-provider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAa,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACzF,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,iBAAiB,EACjB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AAsBvB,MAAM,WAAW,GAAG,aAAa,CAA8B,SAAS,CAAC,CAAC;AAW1E,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,gBAAgB,EAAwB,EAAE,EAAE;IACtF,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAc,IAAI,CAAC,CAAC;IACpD,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAqB,SAAS,CAAC,CAAC;IAC1E,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAqB,SAAS,CAAC,CAAC;IACpF,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAqB,SAAS,CAAC,CAAC;IAChE,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAuB,SAAS,CAAC,CAAC;IAChF,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAuB,SAAS,CAAC,CAAC;IAClF,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAA2B,SAAS,CAAC,CAAC;IACtF,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE7C,MAAM,OAAO,GAAG,KAAK,EAAE,EAAE,cAAc,GAAG,KAAK,KAAmC,EAAE,EAAE,EAAE;QACtF,UAAU,CAAC,IAAI,CAAC,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,CAAC;YACd,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC7B,OAAO,CAAC,SAAS,CAAC,CAAC;YACnB,cAAc,CAAC,SAAS,CAAC,CAAC;YAC1B,eAAe,CAAC,SAAS,CAAC,CAAC;YAC3B,eAAe,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,oBAAoB,GAAG,KAAK,EAAE,cAAsB,EAAE,UAAuC,EAAE,EAAE,EAAE;QACvG,MAAM,IAAI,GAAG,EAAE,oBAAoB,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAM,0BAA0B,CAAC,cAAc,EAAE;YAC9D,oBAAoB,EAAE,MAAM;YAC5B,GAAG,OAAO;SACX,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,oBAAoB,KAAK,MAAM,EAAE,CAAC;YACzC,MAAM,OAAO,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,KAAK,EAAE,EACzB,cAAc,GAAG,KAAK,EACtB,cAAc,MAC2C,EAAE,EAAE,EAAE;QAC/D,IAAI,CAAC;YACH,UAAU,CAAC,IAAI,CAAC,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,CAAC,CAAC;YAEzE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACtF,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,OAAO,GAAG,KAAK,EAAE,EAAE,QAAQ,KAA4B,EAAE,EAAE,EAAE;QACjE,MAAM,mBAAmB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1C,CAAC,CAAC;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAC;QAEV,2DAA2D;QAC3D,IAAI,gBAAgB,KAAK,KAAK,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QAED,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,sBAAsB,GAAG,KAAK,IAAI,EAAE;YACxC,IAAI,uBAAuB,EAAE,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,oGAAoG;YACpG,qFAAqF;YACrF,oGAAoG;YACpG,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBAC3C,uBAAuB,GAAG,IAAI,CAAC;gBAE/B,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,kBAAkB,EAAE,CAAC;oBAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;oBACrC,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,wEAAwE;oBACxE,+EAA+E;oBAC/E,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;wBACxE,IAAI,gBAAgB,EAAE,CAAC;4BACrB,gBAAgB,EAAE,CAAC;wBACrB,CAAC;6BAAM,CAAC;4BACN,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;wBAC3B,CAAC;oBACH,CAAC;gBACH,CAAC;wBAAS,CAAC;oBACT,uBAAuB,GAAG,KAAK,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACpE,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAEzD,OAAO,GAAG,EAAE;YACV,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;YAC5D,MAAM,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACzE,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAEvB,OAAO,CACL,oBAAC,WAAW,CAAC,QAAQ,IACnB,KAAK,EAAE;YACL,IAAI;YACJ,SAAS;YACT,cAAc;YACd,IAAI;YACJ,WAAW;YACX,YAAY;YACZ,YAAY;YACZ,OAAO;YACP,OAAO;YACP,WAAW;YACX,OAAO;YACP,oBAAoB;SACrB,IAEA,QAAQ,CACY,CACxB,CAAC;AACJ,CAAC,CAAC;AAMF,MAAM,UAAU,OAAO,CAAC,EAAE,cAAc,GAAG,KAAK,KAAmC,EAAE;IACnF,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IAExC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,IAAI,cAAc,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACnE,OAAO,CAAC,OAAO,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,EAAE,CAAC,cAAc,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,CAAC,CAAC;IAExE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/esm/cookie.js
CHANGED
|
@@ -1,14 +1,22 @@
|
|
|
1
|
-
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
|
|
1
|
+
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_SAMESITE, } from './env-variables.js';
|
|
2
|
+
function assertValidSamSite(sameSite) {
|
|
3
|
+
if (!['lax', 'strict', 'none'].includes(sameSite.toLowerCase())) {
|
|
4
|
+
throw new Error(`Invalid SameSite value: ${sameSite}`);
|
|
5
|
+
}
|
|
6
|
+
}
|
|
2
7
|
export function getCookieOptions(redirectUri, asString = false, expired = false) {
|
|
3
8
|
const url = new URL(redirectUri || WORKOS_REDIRECT_URI);
|
|
9
|
+
const sameSite = WORKOS_COOKIE_SAMESITE || 'lax';
|
|
10
|
+
assertValidSamSite(sameSite);
|
|
11
|
+
const secure = sameSite.toLowerCase() === 'none' ? true : url.protocol === 'https:';
|
|
4
12
|
const maxAge = expired ? 0 : WORKOS_COOKIE_MAX_AGE ? parseInt(WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400;
|
|
5
13
|
return asString
|
|
6
|
-
? `Path=/; HttpOnly; Secure=${
|
|
14
|
+
? `Path=/; HttpOnly; Secure=${secure}; SameSite="${sameSite}"; Max-Age=${maxAge}; Domain=${WORKOS_COOKIE_DOMAIN || ''}`
|
|
7
15
|
: {
|
|
8
16
|
path: '/',
|
|
9
17
|
httpOnly: true,
|
|
10
|
-
secure
|
|
11
|
-
sameSite
|
|
18
|
+
secure,
|
|
19
|
+
sameSite,
|
|
12
20
|
// Defaults to 400 days, the maximum allowed by Chrome
|
|
13
21
|
// It's fine to have a long cookie expiry date as the access/refresh tokens
|
|
14
22
|
// act as the actual time-limited aspects of the session.
|
package/dist/esm/cookie.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/cookie.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAK5B,SAAS,kBAAkB,CAAC,QAAgB;IAC1C,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAeD,MAAM,UAAU,gBAAgB,CAC9B,WAA2B,EAC3B,WAAoB,KAAK,EACzB,UAAmB,KAAK;IAExB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,IAAI,mBAAmB,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,sBAAsB,IAAI,KAAK,CAAC;IACjD,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC7B,MAAM,MAAM,GAAG,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC;IAEpF,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,QAAQ,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;IAE9G,OAAO,QAAQ;QACb,CAAC,CAAC,4BAA4B,MAAM,eAAe,QAAQ,cAAc,MAAM,YAAY,oBAAoB,IAAI,EAAE,EAAE;QACvH,CAAC,CAAC;YACE,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;YACd,MAAM;YACN,QAAQ;YACR,sDAAsD;YACtD,2EAA2E;YAC3E,yDAAyD;YACzD,MAAM;YACN,MAAM,EAAE,oBAAoB,IAAI,EAAE;SACnC,CAAC;AACR,CAAC"}
|
|
@@ -10,10 +10,11 @@ const WORKOS_API_PORT = getEnvVariable('WORKOS_API_PORT');
|
|
|
10
10
|
const WORKOS_COOKIE_DOMAIN = getEnvVariable('WORKOS_COOKIE_DOMAIN');
|
|
11
11
|
const WORKOS_COOKIE_MAX_AGE = getEnvVariable('WORKOS_COOKIE_MAX_AGE');
|
|
12
12
|
const WORKOS_COOKIE_NAME = getEnvVariable('WORKOS_COOKIE_NAME');
|
|
13
|
+
const WORKOS_COOKIE_SAMESITE = getEnvVariable('WORKOS_COOKIE_SAMESITE');
|
|
13
14
|
// Required env variables
|
|
14
15
|
const WORKOS_API_KEY = (_a = getEnvVariable('WORKOS_API_KEY')) !== null && _a !== void 0 ? _a : '';
|
|
15
16
|
const WORKOS_CLIENT_ID = (_b = getEnvVariable('WORKOS_CLIENT_ID')) !== null && _b !== void 0 ? _b : '';
|
|
16
17
|
const WORKOS_COOKIE_PASSWORD = (_c = getEnvVariable('WORKOS_COOKIE_PASSWORD')) !== null && _c !== void 0 ? _c : '';
|
|
17
18
|
const WORKOS_REDIRECT_URI = (_d = process.env.NEXT_PUBLIC_WORKOS_REDIRECT_URI) !== null && _d !== void 0 ? _d : '';
|
|
18
|
-
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, };
|
|
19
|
+
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, WORKOS_COOKIE_SAMESITE, };
|
|
19
20
|
//# sourceMappingURL=env-variables.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":"AAAA,0BAA0B;;AAE1B,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,yBAAyB;AACzB,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAClE,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;AAC5D,MAAM,eAAe,GAAG,cAAc,CAAC,iBAAiB,CAAC,CAAC;AAC1D,MAAM,oBAAoB,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;AACpE,MAAM,qBAAqB,GAAG,cAAc,CAAC,uBAAuB,CAAC,CAAC;AACtE,MAAM,kBAAkB,GAAG,cAAc,CAAC,oBAAoB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":"AAAA,0BAA0B;;AAE1B,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,yBAAyB;AACzB,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAClE,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;AAC5D,MAAM,eAAe,GAAG,cAAc,CAAC,iBAAiB,CAAC,CAAC;AAC1D,MAAM,oBAAoB,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;AACpE,MAAM,qBAAqB,GAAG,cAAc,CAAC,uBAAuB,CAAC,CAAC;AACtE,MAAM,kBAAkB,GAAG,cAAc,CAAC,oBAAoB,CAAC,CAAC;AAChE,MAAM,sBAAsB,GAAG,cAAc,CAAC,wBAAwB,CAAC,CAAC;AAExE,yBAAyB;AACzB,MAAM,cAAc,GAAG,MAAA,cAAc,CAAC,gBAAgB,CAAC,mCAAI,EAAE,CAAC;AAC9D,MAAM,gBAAgB,GAAG,MAAA,cAAc,CAAC,kBAAkB,CAAC,mCAAI,EAAE,CAAC;AAClE,MAAM,sBAAsB,GAAG,MAAA,cAAc,CAAC,wBAAwB,CAAC,mCAAI,EAAE,CAAC;AAC9E,MAAM,mBAAmB,GAAG,MAAA,OAAO,CAAC,GAAG,CAAC,+BAA+B,mCAAI,EAAE,CAAC;AAE9E,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,GACvB,CAAC"}
|
|
@@ -3,7 +3,7 @@ import { WORKOS_CLIENT_ID, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
|
3
3
|
import { headers } from 'next/headers';
|
|
4
4
|
async function getAuthorizationUrl(options = {}) {
|
|
5
5
|
const headersList = await headers();
|
|
6
|
-
const { returnPathname, screenHint, organizationId, redirectUri = headersList.get('x-redirect-uri') } = options;
|
|
6
|
+
const { returnPathname, screenHint, organizationId, redirectUri = headersList.get('x-redirect-uri'), loginHint, } = options;
|
|
7
7
|
return getWorkOS().userManagement.getAuthorizationUrl({
|
|
8
8
|
provider: 'authkit',
|
|
9
9
|
clientId: WORKOS_CLIENT_ID,
|
|
@@ -11,6 +11,7 @@ async function getAuthorizationUrl(options = {}) {
|
|
|
11
11
|
state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
|
|
12
12
|
screenHint,
|
|
13
13
|
organizationId,
|
|
14
|
+
loginHint,
|
|
14
15
|
});
|
|
15
16
|
}
|
|
16
17
|
export { getAuthorizationUrl };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE3E,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,
|
|
1
|
+
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE3E,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,EACJ,cAAc,EACd,UAAU,EACV,cAAc,EACd,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAC/C,SAAS,GACV,GAAG,OAAO,CAAC;IAEZ,OAAO,SAAS,EAAE,CAAC,cAAc,CAAC,mBAAmB,CAAC;QACpD,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,gBAAgB;QAC1B,WAAW,EAAE,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,mBAAmB;QAC/C,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;QAC5E,UAAU;QACV,cAAc;QACd,SAAS;KACV,CAAC,CAAC;AACL,CAAC;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
|
package/dist/esm/index.js
CHANGED
|
@@ -1,12 +1,8 @@
|
|
|
1
|
+
import { getSignInUrl, getSignUpUrl, signOut, switchToOrganization } from './auth.js';
|
|
1
2
|
import { handleAuth } from './authkit-callback-route.js';
|
|
2
3
|
import { authkit, authkitMiddleware } from './middleware.js';
|
|
3
|
-
import {
|
|
4
|
-
import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
|
|
4
|
+
import { refreshSession, saveSession, withAuth } from './session.js';
|
|
5
5
|
import { getWorkOS } from './workos.js';
|
|
6
6
|
export * from './interfaces.js';
|
|
7
|
-
export { getWorkOS, handleAuth,
|
|
8
|
-
//
|
|
9
|
-
authkitMiddleware, authkit,
|
|
10
|
-
//
|
|
11
|
-
getSignInUrl, getSignUpUrl, withAuth, refreshSession, signOut, };
|
|
7
|
+
export { authkit, authkitMiddleware, getSignInUrl, getSignUpUrl, getWorkOS, handleAuth, refreshSession, saveSession, signOut, switchToOrganization, withAuth, };
|
|
12
8
|
//# sourceMappingURL=index.js.map
|
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACrE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,cAAc,iBAAiB,CAAC;AAEhC,OAAO,EACL,OAAO,EACP,iBAAiB,EACjB,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,UAAU,EACV,cAAc,EACd,WAAW,EACX,OAAO,EACP,oBAAoB,EACpB,QAAQ,GACT,CAAC"}
|
package/dist/esm/session.js
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
'use server';
|
|
2
|
-
import {
|
|
2
|
+
import { sealData, unsealData } from 'iron-session';
|
|
3
|
+
import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';
|
|
3
4
|
import { cookies, headers } from 'next/headers';
|
|
5
|
+
import { redirect } from 'next/navigation';
|
|
4
6
|
import { NextResponse } from 'next/server';
|
|
5
|
-
import { jwtVerify, createRemoteJWKSet, decodeJwt } from 'jose';
|
|
6
|
-
import { sealData, unsealData } from 'iron-session';
|
|
7
7
|
import { getCookieOptions } from './cookie.js';
|
|
8
|
-
import {
|
|
9
|
-
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD, WORKOS_COOKIE_NAME, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
8
|
+
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
10
9
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
10
|
+
import { getWorkOS } from './workos.js';
|
|
11
11
|
import { parse, tokensToRegexp } from 'path-to-regexp';
|
|
12
12
|
import { lazy, redirectWithFallback } from './utils.js';
|
|
13
13
|
const sessionHeaderName = 'x-workos-session';
|
|
@@ -175,7 +175,6 @@ async function updateSession(request, options = { debug: false }) {
|
|
|
175
175
|
};
|
|
176
176
|
}
|
|
177
177
|
}
|
|
178
|
-
/* istanbul ignore next */
|
|
179
178
|
async function refreshSession({ organizationId: nextOrganizationId, ensureSignedIn = false, } = {}) {
|
|
180
179
|
const session = await getSessionFromCookie();
|
|
181
180
|
if (!session) {
|
|
@@ -198,19 +197,10 @@ async function refreshSession({ organizationId: nextOrganizationId, ensureSigned
|
|
|
198
197
|
cause: error,
|
|
199
198
|
});
|
|
200
199
|
}
|
|
201
|
-
const { accessToken, refreshToken, user, impersonator } = refreshResult;
|
|
202
|
-
// Encrypt session with new access and refresh tokens
|
|
203
|
-
const encryptedSession = await encryptSession({
|
|
204
|
-
accessToken,
|
|
205
|
-
refreshToken,
|
|
206
|
-
user,
|
|
207
|
-
impersonator,
|
|
208
|
-
});
|
|
209
|
-
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
210
200
|
const headersList = await headers();
|
|
211
201
|
const url = headersList.get('x-url');
|
|
212
|
-
|
|
213
|
-
|
|
202
|
+
await saveSession(refreshResult, url || WORKOS_REDIRECT_URI);
|
|
203
|
+
const { accessToken, user, impersonator } = refreshResult;
|
|
214
204
|
const { sid: sessionId, org_id: organizationId, role, permissions, entitlements, } = decodeJwt(accessToken);
|
|
215
205
|
return {
|
|
216
206
|
sessionId,
|
|
@@ -330,5 +320,40 @@ function getScreenHint(signUpPaths, pathname) {
|
|
|
330
320
|
});
|
|
331
321
|
return screenHintPaths.length > 0 ? 'sign-up' : 'sign-in';
|
|
332
322
|
}
|
|
333
|
-
|
|
323
|
+
/**
|
|
324
|
+
* Saves a WorkOS session to a cookie for use with AuthKit.
|
|
325
|
+
*
|
|
326
|
+
* This function is intended for advanced use cases where you need to manually manage sessions,
|
|
327
|
+
* such as custom authentication flows (email verification, etc.) that don't use
|
|
328
|
+
* the standard AuthKit authentication flow.
|
|
329
|
+
*
|
|
330
|
+
* @param sessionOrResponse The WorkOS session or AuthenticationResponse containing access token, refresh token, and user information.
|
|
331
|
+
* @param request Either a NextRequest object or a URL string, used to determine cookie settings.
|
|
332
|
+
*
|
|
333
|
+
* @example
|
|
334
|
+
* // With a NextRequest object
|
|
335
|
+
* import { saveSession } from '@workos-inc/authkit-nextjs';
|
|
336
|
+
*
|
|
337
|
+
* async function handleEmailVerification(req: NextRequest) {
|
|
338
|
+
* const { code } = await req.json();
|
|
339
|
+
* const authResponse = await workos.userManagement.authenticateWithEmailVerification({
|
|
340
|
+
* clientId: process.env.WORKOS_CLIENT_ID,
|
|
341
|
+
* code,
|
|
342
|
+
* });
|
|
343
|
+
*
|
|
344
|
+
* await saveSession(authResponse, req);
|
|
345
|
+
* }
|
|
346
|
+
*
|
|
347
|
+
* @example
|
|
348
|
+
* // With a URL string
|
|
349
|
+
* await saveSession(authResponse, 'https://example.com/callback');
|
|
350
|
+
*/
|
|
351
|
+
export async function saveSession(sessionOrResponse, request) {
|
|
352
|
+
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
353
|
+
const encryptedSession = await encryptSession(sessionOrResponse);
|
|
354
|
+
const nextCookies = await cookies();
|
|
355
|
+
const url = typeof request === 'string' ? request : request.url;
|
|
356
|
+
nextCookies.set(cookieName, encryptedSession, getCookieOptions(url));
|
|
357
|
+
}
|
|
358
|
+
export { encryptSession, refreshSession, terminateSession, updateSession, updateSessionMiddleware, withAuth };
|
|
334
359
|
//# sourceMappingURL=session.js.map
|
package/dist/esm/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAYjE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAExD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAEhD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9G,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,sBAAsB;QAChC,GAAG,EAAE,CAAC;KACP,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB,EACnB,WAAqB;IAErB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC;IAER,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE;QAC1E,KAAK;QACL,WAAW;QACX,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;KACjE,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,oBAAoB,CAAC,gBAA0B,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC;QACvB,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,UAA0B,EAAE,KAAK,EAAE,KAAK,EAAE;IAE1C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEpD,0GAA0G;IAC1G,uBAAuB;IACvB,6EAA6E;IAC7E,MAAM,iBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;IAExC,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,mGAAmG;QACnG,gEAAgE;QAChE,iBAAiB,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/D,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;gBACvD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAEhD,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc;gBACd,IAAI;gBACJ,WAAW;gBACX,YAAY;gBACZ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACT,oBAAoB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,wCAAwC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GACrD,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5D,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,6BAA6B;SAC9C,CAAC,CAAC;QAEL,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QACD,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,UAAU,IAAI,gBAAgB,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;QAExC,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI;gBACJ,cAAc;gBACd,IAAI;gBACJ,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,WAAW;aACZ;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,0GAA0G;QAC1G,MAAM,YAAY,GAAG,GAAG,UAAU,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1H,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAErD,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;aAC/C,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAOD,0BAA0B;AAC1B,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,IAAI,aAAa,CAAC;IAElB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5E,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;SACpE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE;YACtG,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IACxE,qDAAqD;IACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;QAC5C,WAAW;QACX,YAAY;QACZ,IAAI;QACJ,YAAY;KACb,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAkB,CAAC,CAAC;IAEtF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAE5C,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE9C,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,OAAsC;IAC5D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,EAAE,CAAC;YAC5B,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhD,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,EAAE,QAAQ,KAA4B,EAAE;IACtE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,QAAQ,EAAE,CAAC;IACvC,IAAI,SAAS,EAAE,CAAC;QACd,QAAQ,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,GAAG,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,OAAqB;IACvD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,IAAI,MAAM,CAAC;IAEX,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,SAAS,iLAAiL,CACnO,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,SAAS,aAAa,CAAC,WAAiC,EAAE,QAAgB;IACxE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,eAAe,GAAa,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChE,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5D,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,cAAc,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,aAAa,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAChE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAUjE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAExD,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAEhD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9G,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,sBAAsB;QAChC,GAAG,EAAE,CAAC;KACP,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB,EACnB,WAAqB;IAErB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC;IAER,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE;QAC1E,KAAK;QACL,WAAW;QACX,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;KACjE,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,oBAAoB,CAAC,gBAA0B,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC;QACvB,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,UAA0B,EAAE,KAAK,EAAE,KAAK,EAAE;IAE1C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEpD,0GAA0G;IAC1G,uBAAuB;IACvB,6EAA6E;IAC7E,MAAM,iBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;IAExC,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,mGAAmG;QACnG,gEAAgE;QAChE,iBAAiB,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/D,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;gBACvD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAEhD,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc;gBACd,IAAI;gBACJ,WAAW;gBACX,YAAY;gBACZ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACT,oBAAoB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,wCAAwC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GACrD,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5D,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,6BAA6B;SAC9C,CAAC,CAAC;QAEL,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QACD,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,UAAU,IAAI,gBAAgB,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;QAExC,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI;gBACJ,cAAc;gBACd,IAAI;gBACJ,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,WAAW;aACZ;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,0GAA0G;QAC1G,MAAM,YAAY,GAAG,GAAG,UAAU,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1H,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAErD,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;aAC/C,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAOD,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,IAAI,aAAa,CAAC;IAElB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5E,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;SACpE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE;YACtG,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,CAAC,aAAa,EAAE,GAAG,IAAI,mBAAmB,CAAC,CAAC;IAE7D,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IAE1D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAE5C,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE9C,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,OAAsC;IAC5D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,EAAE,CAAC;YAC5B,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,WAAW,EACX,YAAY,GACb,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhD,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,EAAE,QAAQ,KAA4B,EAAE;IACtE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,QAAQ,EAAE,CAAC;IACvC,IAAI,SAAS,EAAE,CAAC;QACd,QAAQ,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,GAAG,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,OAAqB;IACvD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,IAAI,MAAM,CAAC;IAEX,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,SAAS,iLAAiL,CACnO,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,SAAS,aAAa,CAAC,WAAiC,EAAE,QAAgB;IACxE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,eAAe,GAAa,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChE,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,iBAAmD,EACnD,OAA6B;IAE7B,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,iBAAiB,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChE,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,gBAAgB,EAAE,aAAa,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { NoUserInfo, UserInfo } from './interfaces.js';
|
|
1
|
+
import { NoUserInfo, UserInfo, SwitchToOrganizationOptions } from './interfaces.js';
|
|
2
2
|
/**
|
|
3
3
|
* This action is only accessible to authenticated users,
|
|
4
4
|
* there is no need to check the session here as the middleware will
|
|
@@ -16,3 +16,4 @@ export declare const refreshAuthAction: ({ ensureSignedIn, organizationId, }: {
|
|
|
16
16
|
ensureSignedIn?: boolean | undefined;
|
|
17
17
|
organizationId?: string | undefined;
|
|
18
18
|
}) => Promise<Omit<UserInfo | NoUserInfo, "accessToken">>;
|
|
19
|
+
export declare const switchToOrganizationAction: (organizationId: string, options?: SwitchToOrganizationOptions) => Promise<Omit<UserInfo, "accessToken">>;
|
package/dist/esm/types/auth.d.ts
CHANGED
|
@@ -1,8 +1,15 @@
|
|
|
1
|
-
|
|
1
|
+
import { SwitchToOrganizationOptions, UserInfo } from './interfaces.js';
|
|
2
|
+
export declare function getSignInUrl({ organizationId, loginHint, redirectUri, }?: {
|
|
2
3
|
organizationId?: string;
|
|
4
|
+
loginHint?: string;
|
|
5
|
+
redirectUri?: string;
|
|
3
6
|
}): Promise<string>;
|
|
4
|
-
declare function getSignUpUrl(
|
|
5
|
-
|
|
7
|
+
export declare function getSignUpUrl({ organizationId, loginHint, redirectUri, }?: {
|
|
8
|
+
organizationId?: string;
|
|
9
|
+
loginHint?: string;
|
|
10
|
+
redirectUri?: string;
|
|
11
|
+
}): Promise<string>;
|
|
12
|
+
export declare function signOut({ returnTo }?: {
|
|
6
13
|
returnTo?: string;
|
|
7
14
|
}): Promise<void>;
|
|
8
|
-
export
|
|
15
|
+
export declare function switchToOrganization(organizationId: string, options?: SwitchToOrganizationOptions): Promise<UserInfo>;
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import React, { ReactNode } from 'react';
|
|
2
2
|
import type { Impersonator, User } from '@workos-inc/node';
|
|
3
|
+
import type { UserInfo, SwitchToOrganizationOptions } from '../interfaces.js';
|
|
3
4
|
type AuthContextType = {
|
|
4
5
|
user: User | null;
|
|
5
6
|
sessionId: string | undefined;
|
|
@@ -21,6 +22,9 @@ type AuthContextType = {
|
|
|
21
22
|
signOut: (options?: {
|
|
22
23
|
returnTo?: string;
|
|
23
24
|
}) => Promise<void>;
|
|
25
|
+
switchToOrganization: (organizationId: string, options?: SwitchToOrganizationOptions) => Promise<Omit<UserInfo, 'accessToken'> | {
|
|
26
|
+
error: string;
|
|
27
|
+
}>;
|
|
24
28
|
};
|
|
25
29
|
interface AuthKitProviderProps {
|
|
26
30
|
children: ReactNode;
|
|
@@ -4,8 +4,9 @@ declare const WORKOS_API_PORT: string | undefined;
|
|
|
4
4
|
declare const WORKOS_COOKIE_DOMAIN: string | undefined;
|
|
5
5
|
declare const WORKOS_COOKIE_MAX_AGE: string | undefined;
|
|
6
6
|
declare const WORKOS_COOKIE_NAME: string | undefined;
|
|
7
|
+
declare const WORKOS_COOKIE_SAMESITE: string | undefined;
|
|
7
8
|
declare const WORKOS_API_KEY: string;
|
|
8
9
|
declare const WORKOS_CLIENT_ID: string;
|
|
9
10
|
declare const WORKOS_COOKIE_PASSWORD: string;
|
|
10
11
|
declare const WORKOS_REDIRECT_URI: string;
|
|
11
|
-
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, };
|
|
12
|
+
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, WORKOS_COOKIE_SAMESITE, };
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
+
import { getSignInUrl, getSignUpUrl, signOut, switchToOrganization } from './auth.js';
|
|
1
2
|
import { handleAuth } from './authkit-callback-route.js';
|
|
2
3
|
import { authkit, authkitMiddleware } from './middleware.js';
|
|
3
|
-
import {
|
|
4
|
-
import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
|
|
4
|
+
import { refreshSession, saveSession, withAuth } from './session.js';
|
|
5
5
|
import { getWorkOS } from './workos.js';
|
|
6
6
|
export * from './interfaces.js';
|
|
7
|
-
export {
|
|
7
|
+
export { authkit, authkitMiddleware, getSignInUrl, getSignUpUrl, getWorkOS, handleAuth, refreshSession, saveSession, signOut, switchToOrganization, withAuth, };
|
|
@@ -54,6 +54,7 @@ export interface GetAuthURLOptions {
|
|
|
54
54
|
returnPathname?: string;
|
|
55
55
|
organizationId?: string;
|
|
56
56
|
redirectUri?: string;
|
|
57
|
+
loginHint?: string;
|
|
57
58
|
}
|
|
58
59
|
export interface AuthkitMiddlewareAuth {
|
|
59
60
|
enabled: boolean;
|
|
@@ -79,7 +80,12 @@ export interface CookieOptions {
|
|
|
79
80
|
path: '/';
|
|
80
81
|
httpOnly: true;
|
|
81
82
|
secure: boolean;
|
|
82
|
-
sameSite: 'lax';
|
|
83
|
+
sameSite: 'lax' | 'strict' | 'none';
|
|
83
84
|
maxAge: number;
|
|
84
85
|
domain: string | undefined;
|
|
85
86
|
}
|
|
87
|
+
export interface SwitchToOrganizationOptions {
|
|
88
|
+
returnTo?: string;
|
|
89
|
+
revalidationStrategy?: 'none' | 'tag' | 'path';
|
|
90
|
+
revalidationTags?: string[];
|
|
91
|
+
}
|
|
@@ -1,9 +1,14 @@
|
|
|
1
1
|
import { NextRequest } from 'next/server';
|
|
2
2
|
import { AuthkitMiddlewareAuth, AuthkitOptions, AuthkitResponse, NoUserInfo, Session, UserInfo } from './interfaces.js';
|
|
3
|
+
import type { AuthenticationResponse } from '@workos-inc/node';
|
|
3
4
|
declare function encryptSession(session: Session): Promise<string>;
|
|
4
5
|
declare function updateSessionMiddleware(request: NextRequest, debug: boolean, middlewareAuth: AuthkitMiddlewareAuth, redirectUri: string, signUpPaths: string[]): Promise<Response>;
|
|
5
6
|
declare function updateSession(request: NextRequest, options?: AuthkitOptions): Promise<AuthkitResponse>;
|
|
6
7
|
declare function refreshSession(options: {
|
|
8
|
+
organizationId?: string;
|
|
9
|
+
ensureSignedIn: true;
|
|
10
|
+
}): Promise<UserInfo>;
|
|
11
|
+
declare function refreshSession(options?: {
|
|
7
12
|
organizationId?: string;
|
|
8
13
|
ensureSignedIn?: boolean;
|
|
9
14
|
}): Promise<UserInfo | NoUserInfo>;
|
|
@@ -16,4 +21,33 @@ declare function withAuth(options?: {
|
|
|
16
21
|
declare function terminateSession({ returnTo }?: {
|
|
17
22
|
returnTo?: string;
|
|
18
23
|
}): Promise<void>;
|
|
19
|
-
|
|
24
|
+
/**
|
|
25
|
+
* Saves a WorkOS session to a cookie for use with AuthKit.
|
|
26
|
+
*
|
|
27
|
+
* This function is intended for advanced use cases where you need to manually manage sessions,
|
|
28
|
+
* such as custom authentication flows (email verification, etc.) that don't use
|
|
29
|
+
* the standard AuthKit authentication flow.
|
|
30
|
+
*
|
|
31
|
+
* @param sessionOrResponse The WorkOS session or AuthenticationResponse containing access token, refresh token, and user information.
|
|
32
|
+
* @param request Either a NextRequest object or a URL string, used to determine cookie settings.
|
|
33
|
+
*
|
|
34
|
+
* @example
|
|
35
|
+
* // With a NextRequest object
|
|
36
|
+
* import { saveSession } from '@workos-inc/authkit-nextjs';
|
|
37
|
+
*
|
|
38
|
+
* async function handleEmailVerification(req: NextRequest) {
|
|
39
|
+
* const { code } = await req.json();
|
|
40
|
+
* const authResponse = await workos.userManagement.authenticateWithEmailVerification({
|
|
41
|
+
* clientId: process.env.WORKOS_CLIENT_ID,
|
|
42
|
+
* code,
|
|
43
|
+
* });
|
|
44
|
+
*
|
|
45
|
+
* await saveSession(authResponse, req);
|
|
46
|
+
* }
|
|
47
|
+
*
|
|
48
|
+
* @example
|
|
49
|
+
* // With a URL string
|
|
50
|
+
* await saveSession(authResponse, 'https://example.com/callback');
|
|
51
|
+
*/
|
|
52
|
+
export declare function saveSession(sessionOrResponse: Session | AuthenticationResponse, request: NextRequest | string): Promise<void>;
|
|
53
|
+
export { encryptSession, refreshSession, terminateSession, updateSession, updateSessionMiddleware, withAuth };
|
package/dist/esm/workos.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { WorkOS } from '@workos-inc/node';
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_KEY, WORKOS_API_HTTPS, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
import { lazy } from './utils.js';
|
|
4
|
-
export const VERSION = '2.0
|
|
4
|
+
export const VERSION = '2.2.0';
|
|
5
5
|
const options = {
|
|
6
6
|
apiHostname: WORKOS_API_HOSTNAME,
|
|
7
7
|
https: WORKOS_API_HTTPS ? WORKOS_API_HTTPS === 'true' : true,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@workos-inc/authkit-nextjs",
|
|
3
|
-
"version": "2.0
|
|
3
|
+
"version": "2.2.0",
|
|
4
4
|
"description": "Authentication and session helpers for using WorkOS & AuthKit with Next.js",
|
|
5
5
|
"sideEffects": false,
|
|
6
6
|
"type": "module",
|
|
@@ -40,7 +40,7 @@
|
|
|
40
40
|
"path-to-regexp": "^6.2.2"
|
|
41
41
|
},
|
|
42
42
|
"peerDependencies": {
|
|
43
|
-
"next": "^13.5.
|
|
43
|
+
"next": "^13.5.9 || ^14.2.25 || ^15.2.3",
|
|
44
44
|
"react": "^18.0 || ^19.0.0",
|
|
45
45
|
"react-dom": "^18.0 || ^19.0.0"
|
|
46
46
|
},
|
package/src/actions.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
'use server';
|
|
2
2
|
|
|
3
|
-
import { signOut } from './auth.js';
|
|
4
|
-
import { NoUserInfo, UserInfo } from './interfaces.js';
|
|
3
|
+
import { signOut, switchToOrganization } from './auth.js';
|
|
4
|
+
import { NoUserInfo, UserInfo, SwitchToOrganizationOptions } from './interfaces.js';
|
|
5
5
|
import { refreshSession, withAuth } from './session.js';
|
|
6
6
|
import { getWorkOS } from './workos.js';
|
|
7
7
|
|
|
@@ -47,3 +47,7 @@ export const refreshAuthAction = async ({
|
|
|
47
47
|
}) => {
|
|
48
48
|
return sanitize(await refreshSession({ ensureSignedIn, organizationId }));
|
|
49
49
|
};
|
|
50
|
+
|
|
51
|
+
export const switchToOrganizationAction = async (organizationId: string, options?: SwitchToOrganizationOptions) => {
|
|
52
|
+
return sanitize(await switchToOrganization(organizationId, options));
|
|
53
|
+
};
|
package/src/auth.ts
CHANGED
|
@@ -1,19 +1,30 @@
|
|
|
1
1
|
'use server';
|
|
2
2
|
|
|
3
|
+
import { revalidatePath, revalidateTag } from 'next/cache';
|
|
4
|
+
import { cookies, headers } from 'next/headers';
|
|
5
|
+
import { redirect } from 'next/navigation';
|
|
6
|
+
import { WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
3
7
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
4
|
-
import {
|
|
5
|
-
import { terminateSession } from './session.js';
|
|
6
|
-
import { WORKOS_COOKIE_NAME, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
|
|
8
|
+
import { SwitchToOrganizationOptions, UserInfo } from './interfaces.js';
|
|
9
|
+
import { refreshSession, terminateSession } from './session.js';
|
|
7
10
|
|
|
8
|
-
async function getSignInUrl({
|
|
9
|
-
|
|
11
|
+
export async function getSignInUrl({
|
|
12
|
+
organizationId,
|
|
13
|
+
loginHint,
|
|
14
|
+
redirectUri,
|
|
15
|
+
}: { organizationId?: string; loginHint?: string; redirectUri?: string } = {}) {
|
|
16
|
+
return getAuthorizationUrl({ organizationId, screenHint: 'sign-in', loginHint, redirectUri });
|
|
10
17
|
}
|
|
11
18
|
|
|
12
|
-
async function getSignUpUrl(
|
|
13
|
-
|
|
19
|
+
export async function getSignUpUrl({
|
|
20
|
+
organizationId,
|
|
21
|
+
loginHint,
|
|
22
|
+
redirectUri,
|
|
23
|
+
}: { organizationId?: string; loginHint?: string; redirectUri?: string } = {}) {
|
|
24
|
+
return getAuthorizationUrl({ organizationId, screenHint: 'sign-up', loginHint, redirectUri });
|
|
14
25
|
}
|
|
15
26
|
|
|
16
|
-
async function signOut({ returnTo }: { returnTo?: string } = {}) {
|
|
27
|
+
export async function signOut({ returnTo }: { returnTo?: string } = {}) {
|
|
17
28
|
const cookie: { name: string; domain?: string } = {
|
|
18
29
|
name: WORKOS_COOKIE_NAME || 'wos-session',
|
|
19
30
|
};
|
|
@@ -25,4 +36,47 @@ async function signOut({ returnTo }: { returnTo?: string } = {}) {
|
|
|
25
36
|
await terminateSession({ returnTo });
|
|
26
37
|
}
|
|
27
38
|
|
|
28
|
-
export
|
|
39
|
+
export async function switchToOrganization(
|
|
40
|
+
organizationId: string,
|
|
41
|
+
options: SwitchToOrganizationOptions = {},
|
|
42
|
+
): Promise<UserInfo> {
|
|
43
|
+
const { returnTo, revalidationStrategy = 'path', revalidationTags = [] } = options;
|
|
44
|
+
const headersList = await headers();
|
|
45
|
+
let result: UserInfo;
|
|
46
|
+
// istanbul ignore next
|
|
47
|
+
const pathname = returnTo || headersList.get('x-url') || '/';
|
|
48
|
+
try {
|
|
49
|
+
result = await refreshSession({ organizationId, ensureSignedIn: true });
|
|
50
|
+
} catch (
|
|
51
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
52
|
+
error: any
|
|
53
|
+
) {
|
|
54
|
+
const { cause } = error;
|
|
55
|
+
/* istanbul ignore next */
|
|
56
|
+
if (cause?.rawData?.authkit_redirect_url) {
|
|
57
|
+
redirect(cause.rawData.authkit_redirect_url);
|
|
58
|
+
} else {
|
|
59
|
+
if (cause?.error === 'sso_required' || cause?.error === 'mfa_enrollment') {
|
|
60
|
+
const url = await getAuthorizationUrl({ organizationId });
|
|
61
|
+
return redirect(url);
|
|
62
|
+
}
|
|
63
|
+
throw error;
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
switch (revalidationStrategy) {
|
|
68
|
+
case 'path':
|
|
69
|
+
revalidatePath(pathname);
|
|
70
|
+
break;
|
|
71
|
+
case 'tag':
|
|
72
|
+
for (const tag of revalidationTags) {
|
|
73
|
+
revalidateTag(tag);
|
|
74
|
+
}
|
|
75
|
+
break;
|
|
76
|
+
}
|
|
77
|
+
if (revalidationStrategy !== 'none') {
|
|
78
|
+
redirect(pathname);
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
return result;
|
|
82
|
+
}
|
|
@@ -1,9 +1,7 @@
|
|
|
1
|
-
import { cookies } from 'next/headers';
|
|
2
1
|
import { NextRequest } from 'next/server';
|
|
3
|
-
import {
|
|
4
|
-
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
2
|
+
import { WORKOS_CLIENT_ID } from './env-variables.js';
|
|
5
3
|
import { HandleAuthOptions } from './interfaces.js';
|
|
6
|
-
import {
|
|
4
|
+
import { saveSession } from './session.js';
|
|
7
5
|
import { errorResponseWithFallback, redirectWithFallback } from './utils.js';
|
|
8
6
|
import { getWorkOS } from './workos.js';
|
|
9
7
|
|
|
@@ -67,13 +65,7 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
67
65
|
await onSuccess({ accessToken, refreshToken, user, impersonator, oauthTokens });
|
|
68
66
|
}
|
|
69
67
|
|
|
70
|
-
|
|
71
|
-
// Alternatively you could persist the refresh token in a backend database
|
|
72
|
-
const session = await encryptSession({ accessToken, refreshToken, user, impersonator });
|
|
73
|
-
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
74
|
-
const nextCookies = await cookies();
|
|
75
|
-
|
|
76
|
-
nextCookies.set(cookieName, session, getCookieOptions(request.url));
|
|
68
|
+
await saveSession({ accessToken, refreshToken, user, impersonator }, request);
|
|
77
69
|
|
|
78
70
|
return response;
|
|
79
71
|
} catch (error) {
|
|
@@ -1,8 +1,15 @@
|
|
|
1
1
|
'use client';
|
|
2
2
|
|
|
3
3
|
import React, { createContext, ReactNode, useContext, useEffect, useState } from 'react';
|
|
4
|
-
import {
|
|
4
|
+
import {
|
|
5
|
+
checkSessionAction,
|
|
6
|
+
getAuthAction,
|
|
7
|
+
handleSignOutAction,
|
|
8
|
+
refreshAuthAction,
|
|
9
|
+
switchToOrganizationAction,
|
|
10
|
+
} from '../actions.js';
|
|
5
11
|
import type { Impersonator, User } from '@workos-inc/node';
|
|
12
|
+
import type { UserInfo, SwitchToOrganizationOptions } from '../interfaces.js';
|
|
6
13
|
|
|
7
14
|
type AuthContextType = {
|
|
8
15
|
user: User | null;
|
|
@@ -16,6 +23,10 @@ type AuthContextType = {
|
|
|
16
23
|
getAuth: (options?: { ensureSignedIn?: boolean }) => Promise<void>;
|
|
17
24
|
refreshAuth: (options?: { ensureSignedIn?: boolean; organizationId?: string }) => Promise<void | { error: string }>;
|
|
18
25
|
signOut: (options?: { returnTo?: string }) => Promise<void>;
|
|
26
|
+
switchToOrganization: (
|
|
27
|
+
organizationId: string,
|
|
28
|
+
options?: SwitchToOrganizationOptions,
|
|
29
|
+
) => Promise<Omit<UserInfo, 'accessToken'> | { error: string }>;
|
|
19
30
|
};
|
|
20
31
|
|
|
21
32
|
const AuthContext = createContext<AuthContextType | undefined>(undefined);
|
|
@@ -40,6 +51,7 @@ export const AuthKitProvider = ({ children, onSessionExpired }: AuthKitProviderP
|
|
|
40
51
|
const [loading, setLoading] = useState(true);
|
|
41
52
|
|
|
42
53
|
const getAuth = async ({ ensureSignedIn = false }: { ensureSignedIn?: boolean } = {}) => {
|
|
54
|
+
setLoading(true);
|
|
43
55
|
try {
|
|
44
56
|
const auth = await getAuthAction({ ensureSignedIn });
|
|
45
57
|
setUser(auth.user);
|
|
@@ -62,6 +74,20 @@ export const AuthKitProvider = ({ children, onSessionExpired }: AuthKitProviderP
|
|
|
62
74
|
}
|
|
63
75
|
};
|
|
64
76
|
|
|
77
|
+
const switchToOrganization = async (organizationId: string, options: SwitchToOrganizationOptions = {}) => {
|
|
78
|
+
const opts = { revalidationStrategy: 'none', ...options };
|
|
79
|
+
const result = await switchToOrganizationAction(organizationId, {
|
|
80
|
+
revalidationStrategy: 'none',
|
|
81
|
+
...options,
|
|
82
|
+
});
|
|
83
|
+
|
|
84
|
+
if (opts.revalidationStrategy === 'none') {
|
|
85
|
+
await getAuth({ ensureSignedIn: true });
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
return result;
|
|
89
|
+
};
|
|
90
|
+
|
|
65
91
|
const refreshAuth = async ({
|
|
66
92
|
ensureSignedIn = false,
|
|
67
93
|
organizationId,
|
|
@@ -153,6 +179,7 @@ export const AuthKitProvider = ({ children, onSessionExpired }: AuthKitProviderP
|
|
|
153
179
|
getAuth,
|
|
154
180
|
refreshAuth,
|
|
155
181
|
signOut,
|
|
182
|
+
switchToOrganization,
|
|
156
183
|
}}
|
|
157
184
|
>
|
|
158
185
|
{children}
|
package/src/cookie.ts
CHANGED
|
@@ -1,6 +1,19 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import {
|
|
2
|
+
WORKOS_REDIRECT_URI,
|
|
3
|
+
WORKOS_COOKIE_MAX_AGE,
|
|
4
|
+
WORKOS_COOKIE_DOMAIN,
|
|
5
|
+
WORKOS_COOKIE_SAMESITE,
|
|
6
|
+
} from './env-variables.js';
|
|
2
7
|
import { CookieOptions } from './interfaces.js';
|
|
3
8
|
|
|
9
|
+
type ValidSameSite = CookieOptions['sameSite'];
|
|
10
|
+
|
|
11
|
+
function assertValidSamSite(sameSite: string): asserts sameSite is ValidSameSite {
|
|
12
|
+
if (!['lax', 'strict', 'none'].includes(sameSite.toLowerCase())) {
|
|
13
|
+
throw new Error(`Invalid SameSite value: ${sameSite}`);
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
|
|
4
17
|
export function getCookieOptions(): CookieOptions;
|
|
5
18
|
export function getCookieOptions(redirectUri?: string | null): CookieOptions;
|
|
6
19
|
export function getCookieOptions(redirectUri: string | null | undefined, asString: true, expired?: boolean): string;
|
|
@@ -20,16 +33,19 @@ export function getCookieOptions(
|
|
|
20
33
|
expired: boolean = false,
|
|
21
34
|
): CookieOptions | string {
|
|
22
35
|
const url = new URL(redirectUri || WORKOS_REDIRECT_URI);
|
|
36
|
+
const sameSite = WORKOS_COOKIE_SAMESITE || 'lax';
|
|
37
|
+
assertValidSamSite(sameSite);
|
|
38
|
+
const secure = sameSite.toLowerCase() === 'none' ? true : url.protocol === 'https:';
|
|
23
39
|
|
|
24
40
|
const maxAge = expired ? 0 : WORKOS_COOKIE_MAX_AGE ? parseInt(WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400;
|
|
25
41
|
|
|
26
42
|
return asString
|
|
27
|
-
? `Path=/; HttpOnly; Secure=${
|
|
43
|
+
? `Path=/; HttpOnly; Secure=${secure}; SameSite="${sameSite}"; Max-Age=${maxAge}; Domain=${WORKOS_COOKIE_DOMAIN || ''}`
|
|
28
44
|
: {
|
|
29
45
|
path: '/',
|
|
30
46
|
httpOnly: true,
|
|
31
|
-
secure
|
|
32
|
-
sameSite
|
|
47
|
+
secure,
|
|
48
|
+
sameSite,
|
|
33
49
|
// Defaults to 400 days, the maximum allowed by Chrome
|
|
34
50
|
// It's fine to have a long cookie expiry date as the access/refresh tokens
|
|
35
51
|
// act as the actual time-limited aspects of the session.
|
package/src/env-variables.ts
CHANGED
|
@@ -11,6 +11,7 @@ const WORKOS_API_PORT = getEnvVariable('WORKOS_API_PORT');
|
|
|
11
11
|
const WORKOS_COOKIE_DOMAIN = getEnvVariable('WORKOS_COOKIE_DOMAIN');
|
|
12
12
|
const WORKOS_COOKIE_MAX_AGE = getEnvVariable('WORKOS_COOKIE_MAX_AGE');
|
|
13
13
|
const WORKOS_COOKIE_NAME = getEnvVariable('WORKOS_COOKIE_NAME');
|
|
14
|
+
const WORKOS_COOKIE_SAMESITE = getEnvVariable('WORKOS_COOKIE_SAMESITE');
|
|
14
15
|
|
|
15
16
|
// Required env variables
|
|
16
17
|
const WORKOS_API_KEY = getEnvVariable('WORKOS_API_KEY') ?? '';
|
|
@@ -29,4 +30,5 @@ export {
|
|
|
29
30
|
WORKOS_COOKIE_NAME,
|
|
30
31
|
WORKOS_COOKIE_PASSWORD,
|
|
31
32
|
WORKOS_REDIRECT_URI,
|
|
33
|
+
WORKOS_COOKIE_SAMESITE,
|
|
32
34
|
};
|
|
@@ -5,7 +5,13 @@ import { headers } from 'next/headers';
|
|
|
5
5
|
|
|
6
6
|
async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
7
7
|
const headersList = await headers();
|
|
8
|
-
const {
|
|
8
|
+
const {
|
|
9
|
+
returnPathname,
|
|
10
|
+
screenHint,
|
|
11
|
+
organizationId,
|
|
12
|
+
redirectUri = headersList.get('x-redirect-uri'),
|
|
13
|
+
loginHint,
|
|
14
|
+
} = options;
|
|
9
15
|
|
|
10
16
|
return getWorkOS().userManagement.getAuthorizationUrl({
|
|
11
17
|
provider: 'authkit',
|
|
@@ -14,6 +20,7 @@ async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
|
14
20
|
state: returnPathname ? btoa(JSON.stringify({ returnPathname })) : undefined,
|
|
15
21
|
screenHint,
|
|
16
22
|
organizationId,
|
|
23
|
+
loginHint,
|
|
17
24
|
});
|
|
18
25
|
}
|
|
19
26
|
|
package/src/index.ts
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
|
+
import { getSignInUrl, getSignUpUrl, signOut, switchToOrganization } from './auth.js';
|
|
1
2
|
import { handleAuth } from './authkit-callback-route.js';
|
|
2
3
|
import { authkit, authkitMiddleware } from './middleware.js';
|
|
3
|
-
import {
|
|
4
|
-
import { getSignInUrl, getSignUpUrl, signOut } from './auth.js';
|
|
4
|
+
import { refreshSession, saveSession, withAuth } from './session.js';
|
|
5
5
|
import { getWorkOS } from './workos.js';
|
|
6
6
|
|
|
7
7
|
export * from './interfaces.js';
|
|
8
8
|
|
|
9
9
|
export {
|
|
10
|
-
getWorkOS,
|
|
11
|
-
handleAuth,
|
|
12
|
-
//
|
|
13
|
-
authkitMiddleware,
|
|
14
10
|
authkit,
|
|
15
|
-
|
|
11
|
+
authkitMiddleware,
|
|
16
12
|
getSignInUrl,
|
|
17
13
|
getSignUpUrl,
|
|
18
|
-
|
|
14
|
+
getWorkOS,
|
|
15
|
+
handleAuth,
|
|
19
16
|
refreshSession,
|
|
17
|
+
saveSession,
|
|
20
18
|
signOut,
|
|
19
|
+
switchToOrganization,
|
|
20
|
+
withAuth,
|
|
21
21
|
};
|
package/src/interfaces.ts
CHANGED
|
@@ -57,6 +57,7 @@ export interface GetAuthURLOptions {
|
|
|
57
57
|
returnPathname?: string;
|
|
58
58
|
organizationId?: string;
|
|
59
59
|
redirectUri?: string;
|
|
60
|
+
loginHint?: string;
|
|
60
61
|
}
|
|
61
62
|
|
|
62
63
|
export interface AuthkitMiddlewareAuth {
|
|
@@ -87,7 +88,13 @@ export interface CookieOptions {
|
|
|
87
88
|
path: '/';
|
|
88
89
|
httpOnly: true;
|
|
89
90
|
secure: boolean;
|
|
90
|
-
sameSite: 'lax';
|
|
91
|
+
sameSite: 'lax' | 'strict' | 'none';
|
|
91
92
|
maxAge: number;
|
|
92
93
|
domain: string | undefined;
|
|
93
94
|
}
|
|
95
|
+
|
|
96
|
+
export interface SwitchToOrganizationOptions {
|
|
97
|
+
returnTo?: string;
|
|
98
|
+
revalidationStrategy?: 'none' | 'tag' | 'path';
|
|
99
|
+
revalidationTags?: string[];
|
|
100
|
+
}
|
package/src/session.ts
CHANGED
|
@@ -1,25 +1,25 @@
|
|
|
1
1
|
'use server';
|
|
2
2
|
|
|
3
|
-
import {
|
|
3
|
+
import { sealData, unsealData } from 'iron-session';
|
|
4
|
+
import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';
|
|
4
5
|
import { cookies, headers } from 'next/headers';
|
|
6
|
+
import { redirect } from 'next/navigation';
|
|
5
7
|
import { NextRequest, NextResponse } from 'next/server';
|
|
6
|
-
import { jwtVerify, createRemoteJWKSet, decodeJwt } from 'jose';
|
|
7
|
-
import { sealData, unsealData } from 'iron-session';
|
|
8
8
|
import { getCookieOptions } from './cookie.js';
|
|
9
|
-
import {
|
|
10
|
-
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD, WORKOS_COOKIE_NAME, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
9
|
+
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
11
10
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
12
11
|
import {
|
|
13
12
|
AccessToken,
|
|
14
13
|
AuthkitMiddlewareAuth,
|
|
15
14
|
AuthkitOptions,
|
|
16
15
|
AuthkitResponse,
|
|
17
|
-
CookieOptions,
|
|
18
16
|
NoUserInfo,
|
|
19
17
|
Session,
|
|
20
18
|
UserInfo,
|
|
21
19
|
} from './interfaces.js';
|
|
20
|
+
import { getWorkOS } from './workos.js';
|
|
22
21
|
|
|
22
|
+
import type { AuthenticationResponse } from '@workos-inc/node';
|
|
23
23
|
import { parse, tokensToRegexp } from 'path-to-regexp';
|
|
24
24
|
import { lazy, redirectWithFallback } from './utils.js';
|
|
25
25
|
|
|
@@ -251,19 +251,18 @@ async function updateSession(
|
|
|
251
251
|
}
|
|
252
252
|
}
|
|
253
253
|
|
|
254
|
-
async function refreshSession(options: {
|
|
254
|
+
async function refreshSession(options: { organizationId?: string; ensureSignedIn: true }): Promise<UserInfo>;
|
|
255
|
+
async function refreshSession(options?: {
|
|
255
256
|
organizationId?: string;
|
|
256
257
|
ensureSignedIn?: boolean;
|
|
257
258
|
}): Promise<UserInfo | NoUserInfo>;
|
|
258
|
-
|
|
259
|
-
/* istanbul ignore next */
|
|
260
259
|
async function refreshSession({
|
|
261
260
|
organizationId: nextOrganizationId,
|
|
262
261
|
ensureSignedIn = false,
|
|
263
262
|
}: {
|
|
264
263
|
organizationId?: string;
|
|
265
264
|
ensureSignedIn?: boolean;
|
|
266
|
-
} = {}) {
|
|
265
|
+
} = {}): Promise<UserInfo | NoUserInfo> {
|
|
267
266
|
const session = await getSessionFromCookie();
|
|
268
267
|
if (!session) {
|
|
269
268
|
if (ensureSignedIn) {
|
|
@@ -288,22 +287,12 @@ async function refreshSession({
|
|
|
288
287
|
});
|
|
289
288
|
}
|
|
290
289
|
|
|
291
|
-
const { accessToken, refreshToken, user, impersonator } = refreshResult;
|
|
292
|
-
// Encrypt session with new access and refresh tokens
|
|
293
|
-
const encryptedSession = await encryptSession({
|
|
294
|
-
accessToken,
|
|
295
|
-
refreshToken,
|
|
296
|
-
user,
|
|
297
|
-
impersonator,
|
|
298
|
-
});
|
|
299
|
-
|
|
300
|
-
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
301
|
-
|
|
302
290
|
const headersList = await headers();
|
|
303
291
|
const url = headersList.get('x-url');
|
|
304
292
|
|
|
305
|
-
|
|
306
|
-
|
|
293
|
+
await saveSession(refreshResult, url || WORKOS_REDIRECT_URI);
|
|
294
|
+
|
|
295
|
+
const { accessToken, user, impersonator } = refreshResult;
|
|
307
296
|
|
|
308
297
|
const {
|
|
309
298
|
sid: sessionId,
|
|
@@ -463,4 +452,43 @@ function getScreenHint(signUpPaths: string[] | undefined, pathname: string) {
|
|
|
463
452
|
return screenHintPaths.length > 0 ? 'sign-up' : 'sign-in';
|
|
464
453
|
}
|
|
465
454
|
|
|
466
|
-
|
|
455
|
+
/**
|
|
456
|
+
* Saves a WorkOS session to a cookie for use with AuthKit.
|
|
457
|
+
*
|
|
458
|
+
* This function is intended for advanced use cases where you need to manually manage sessions,
|
|
459
|
+
* such as custom authentication flows (email verification, etc.) that don't use
|
|
460
|
+
* the standard AuthKit authentication flow.
|
|
461
|
+
*
|
|
462
|
+
* @param sessionOrResponse The WorkOS session or AuthenticationResponse containing access token, refresh token, and user information.
|
|
463
|
+
* @param request Either a NextRequest object or a URL string, used to determine cookie settings.
|
|
464
|
+
*
|
|
465
|
+
* @example
|
|
466
|
+
* // With a NextRequest object
|
|
467
|
+
* import { saveSession } from '@workos-inc/authkit-nextjs';
|
|
468
|
+
*
|
|
469
|
+
* async function handleEmailVerification(req: NextRequest) {
|
|
470
|
+
* const { code } = await req.json();
|
|
471
|
+
* const authResponse = await workos.userManagement.authenticateWithEmailVerification({
|
|
472
|
+
* clientId: process.env.WORKOS_CLIENT_ID,
|
|
473
|
+
* code,
|
|
474
|
+
* });
|
|
475
|
+
*
|
|
476
|
+
* await saveSession(authResponse, req);
|
|
477
|
+
* }
|
|
478
|
+
*
|
|
479
|
+
* @example
|
|
480
|
+
* // With a URL string
|
|
481
|
+
* await saveSession(authResponse, 'https://example.com/callback');
|
|
482
|
+
*/
|
|
483
|
+
export async function saveSession(
|
|
484
|
+
sessionOrResponse: Session | AuthenticationResponse,
|
|
485
|
+
request: NextRequest | string,
|
|
486
|
+
): Promise<void> {
|
|
487
|
+
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
488
|
+
const encryptedSession = await encryptSession(sessionOrResponse);
|
|
489
|
+
const nextCookies = await cookies();
|
|
490
|
+
const url = typeof request === 'string' ? request : request.url;
|
|
491
|
+
nextCookies.set(cookieName, encryptedSession, getCookieOptions(url));
|
|
492
|
+
}
|
|
493
|
+
|
|
494
|
+
export { encryptSession, refreshSession, terminateSession, updateSession, updateSessionMiddleware, withAuth };
|
package/src/workos.ts
CHANGED
|
@@ -2,7 +2,7 @@ import { WorkOS } from '@workos-inc/node';
|
|
|
2
2
|
import { WORKOS_API_HOSTNAME, WORKOS_API_KEY, WORKOS_API_HTTPS, WORKOS_API_PORT } from './env-variables.js';
|
|
3
3
|
import { lazy } from './utils.js';
|
|
4
4
|
|
|
5
|
-
export const VERSION = '2.0
|
|
5
|
+
export const VERSION = '2.2.0';
|
|
6
6
|
|
|
7
7
|
const options = {
|
|
8
8
|
apiHostname: WORKOS_API_HOSTNAME,
|