@workos-inc/authkit-nextjs 2.15.0 → 2.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/esm/auth.js +30 -14
- package/dist/esm/auth.js.map +1 -1
- package/dist/esm/authkit-callback-route.js +14 -3
- package/dist/esm/authkit-callback-route.js.map +1 -1
- package/dist/esm/components/authkit-provider.js +1 -1
- package/dist/esm/components/authkit-provider.js.map +1 -1
- package/dist/esm/env-variables.js +2 -1
- package/dist/esm/env-variables.js.map +1 -1
- package/dist/esm/get-authorization-url.js +15 -3
- package/dist/esm/get-authorization-url.js.map +1 -1
- package/dist/esm/pkce.js +43 -0
- package/dist/esm/pkce.js.map +1 -0
- package/dist/esm/session.js +22 -10
- package/dist/esm/session.js.map +1 -1
- package/dist/esm/types/env-variables.d.ts +2 -1
- package/dist/esm/types/get-authorization-url.d.ts +2 -2
- package/dist/esm/types/interfaces.d.ts +4 -0
- package/dist/esm/types/pkce.d.ts +11 -0
- package/package.json +16 -16
- package/src/auth.spec.ts +14 -0
- package/src/auth.ts +30 -15
- package/src/authkit-callback-route.spec.ts +85 -0
- package/src/authkit-callback-route.ts +15 -3
- package/src/components/authkit-provider.tsx +1 -1
- package/src/components/tokenStore.spec.ts +3 -3
- package/src/env-variables.ts +2 -0
- package/src/get-authorization-url.spec.ts +62 -0
- package/src/get-authorization-url.ts +24 -6
- package/src/interfaces.ts +5 -0
- package/src/pkce.ts +42 -0
- package/src/session.ts +27 -10
package/README.md
CHANGED
|
@@ -56,6 +56,7 @@ Certain environment variables are optional and can be used to debug or configure
|
|
|
56
56
|
| `WORKOS_API_HTTPS` | `true` | Whether to use HTTPS in API calls |
|
|
57
57
|
| `WORKOS_API_PORT` | None | Port to use for API calls. When not set, uses standard ports (443 for HTTPS, 80 for HTTP) |
|
|
58
58
|
| `WORKOS_COOKIE_SAMESITE` | `'lax'` | SameSite attribute for cookies. Options: `'lax'`, `'strict'`, or `'none'` |
|
|
59
|
+
| `WORKOS_DISABLE_PKCE` | None | Set to `'true'` to disable PKCE on authorization requests |
|
|
59
60
|
|
|
60
61
|
Example usage:
|
|
61
62
|
|
package/dist/esm/auth.js
CHANGED
|
@@ -6,6 +6,7 @@ import { redirect } from 'next/navigation';
|
|
|
6
6
|
import { WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
7
7
|
import { getCookieOptions } from './cookie.js';
|
|
8
8
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
9
|
+
import { setPKCECookie } from './pkce.js';
|
|
9
10
|
import { getSessionFromCookie, refreshSession, withAuth } from './session.js';
|
|
10
11
|
import { getWorkOS } from './workos.js';
|
|
11
12
|
/**
|
|
@@ -16,8 +17,13 @@ function revalidateTagCompat(tag) {
|
|
|
16
17
|
const fn = revalidateTag;
|
|
17
18
|
return fn(tag, 'max');
|
|
18
19
|
}
|
|
20
|
+
async function getAuthURLAndSetPKCECookie(options) {
|
|
21
|
+
const { url, pkceCookieValue } = await getAuthorizationUrl(options);
|
|
22
|
+
await setPKCECookie(pkceCookieValue);
|
|
23
|
+
return url;
|
|
24
|
+
}
|
|
19
25
|
export async function getSignInUrl({ organizationId, loginHint, redirectUri, prompt, state, returnTo, } = {}) {
|
|
20
|
-
return
|
|
26
|
+
return getAuthURLAndSetPKCECookie({
|
|
21
27
|
organizationId,
|
|
22
28
|
screenHint: 'sign-in',
|
|
23
29
|
loginHint,
|
|
@@ -28,7 +34,7 @@ export async function getSignInUrl({ organizationId, loginHint, redirectUri, pro
|
|
|
28
34
|
});
|
|
29
35
|
}
|
|
30
36
|
export async function getSignUpUrl({ organizationId, loginHint, redirectUri, prompt, state, returnTo, } = {}) {
|
|
31
|
-
return
|
|
37
|
+
return getAuthURLAndSetPKCECookie({
|
|
32
38
|
organizationId,
|
|
33
39
|
screenHint: 'sign-up',
|
|
34
40
|
loginHint,
|
|
@@ -65,7 +71,13 @@ export async function signOut({ returnTo } = {}) {
|
|
|
65
71
|
const nextCookies = await cookies();
|
|
66
72
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
67
73
|
const { domain, path, sameSite, secure } = getCookieOptions();
|
|
68
|
-
|
|
74
|
+
try {
|
|
75
|
+
nextCookies.delete({ name: cookieName, domain, path, sameSite, secure });
|
|
76
|
+
}
|
|
77
|
+
catch (_a) {
|
|
78
|
+
// Some environments (e.g., vinext) only accept a string cookie name
|
|
79
|
+
nextCookies.delete(cookieName);
|
|
80
|
+
}
|
|
69
81
|
if (sessionId) {
|
|
70
82
|
redirect(getWorkOS().userManagement.getLogoutUrl({ sessionId, returnTo }));
|
|
71
83
|
}
|
|
@@ -94,21 +106,25 @@ export async function switchToOrganization(organizationId, options = {}) {
|
|
|
94
106
|
}
|
|
95
107
|
else {
|
|
96
108
|
if ((cause === null || cause === void 0 ? void 0 : cause.error) === 'sso_required' || (cause === null || cause === void 0 ? void 0 : cause.error) === 'mfa_enrollment') {
|
|
97
|
-
|
|
98
|
-
return redirect(url);
|
|
109
|
+
return redirect(await getAuthURLAndSetPKCECookie({ organizationId }));
|
|
99
110
|
}
|
|
100
111
|
throw error;
|
|
101
112
|
}
|
|
102
113
|
}
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
114
|
+
try {
|
|
115
|
+
switch (revalidationStrategy) {
|
|
116
|
+
case 'path':
|
|
117
|
+
revalidatePath(pathname);
|
|
118
|
+
break;
|
|
119
|
+
case 'tag':
|
|
120
|
+
for (const tag of revalidationTags) {
|
|
121
|
+
revalidateTagCompat(tag);
|
|
122
|
+
}
|
|
123
|
+
break;
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
catch (_b) {
|
|
127
|
+
// revalidatePath/revalidateTag may not be available in non-Next.js environments (e.g., vinext)
|
|
112
128
|
}
|
|
113
129
|
if (revalidationStrategy !== 'none') {
|
|
114
130
|
redirect(pathname);
|
package/dist/esm/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,OAAO,EAAE,oBAAoB,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAC9E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC;;;GAGG;AACH,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,EAAE,GAAG,aAAuD,CAAC;IACnE,OAAO,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EACjC,cAAc,EACd,SAAS,EACT,WAAW,EACX,MAAM,EACN,KAAK,EACL,QAAQ,MAQN,EAAE;IACJ,OAAO,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/auth.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAC9E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC;;;GAGG;AACH,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,EAAE,GAAG,aAAuD,CAAC;IACnE,OAAO,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,KAAK,UAAU,0BAA0B,CAAC,OAA0B;IAClE,MAAM,EAAE,GAAG,EAAE,eAAe,EAAE,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACpE,MAAM,aAAa,CAAC,eAAe,CAAC,CAAC;IACrC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EACjC,cAAc,EACd,SAAS,EACT,WAAW,EACX,MAAM,EACN,KAAK,EACL,QAAQ,MAQN,EAAE;IACJ,OAAO,0BAA0B,CAAC;QAChC,cAAc;QACd,UAAU,EAAE,SAAS;QACrB,SAAS;QACT,WAAW;QACX,MAAM;QACN,KAAK;QACL,cAAc,EAAE,QAAQ;KACzB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EACjC,cAAc,EACd,SAAS,EACT,WAAW,EACX,MAAM,EACN,KAAK,EACL,QAAQ,MAQN,EAAE;IACJ,OAAO,0BAA0B,CAAC;QAChC,cAAc;QACd,UAAU,EAAE,SAAS;QACrB,SAAS;QACT,WAAW;QACX,MAAM;QACN,KAAK;QACL,cAAc,EAAE,QAAQ;KACzB,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,QAAQ,KAA4B,EAAE;IACpE,IAAI,SAA6B,CAAC;IAElC,IAAI,CAAC;QACH,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,MAAM,QAAQ,EAAE,CAAC;QAC5C,SAAS,GAAG,GAAG,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,oFAAoF;QACpF,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;QAC7C,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACnC,MAAM,EAAE,GAAG,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;YAC5D,SAAS,GAAG,GAAG,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,4CAA4C;YAC5C,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;QACvD,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,gBAAgB,EAAE,CAAC;QAC9D,IAAI,CAAC;YACH,WAAW,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3E,CAAC;QAAC,WAAM,CAAC;YACP,oEAAoE;YACpE,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,QAAQ,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,GAAG,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,cAAsB,EACtB,UAAuC,EAAE;;IAEzC,MAAM,EAAE,QAAQ,EAAE,oBAAoB,GAAG,MAAM,EAAE,gBAAgB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IACnF,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,IAAI,MAAgB,CAAC;IACrB,uBAAuB;IACvB,MAAM,QAAQ,GAAG,QAAQ,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,cAAc,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC;IAAC;IACA,8DAA8D;IAC9D,KAAU,EACV,CAAC;QACD,MAAM,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC;QACxB,0BAA0B;QAC1B,IAAI,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,0CAAE,oBAAoB,EAAE,CAAC;YACzC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,MAAK,cAAc,IAAI,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,MAAK,gBAAgB,EAAE,CAAC;gBACzE,OAAO,QAAQ,CAAC,MAAM,0BAA0B,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;YACxE,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,QAAQ,oBAAoB,EAAE,CAAC;YAC7B,KAAK,MAAM;gBACT,cAAc,CAAC,QAAQ,CAAC,CAAC;gBACzB,MAAM;YACR,KAAK,KAAK;gBACR,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;oBACnC,mBAAmB,CAAC,GAAG,CAAC,CAAC;gBAC3B,CAAC;gBACD,MAAM;QACV,CAAC;IACH,CAAC;IAAC,WAAM,CAAC;QACP,+FAA+F;IACjG,CAAC;IACD,IAAI,oBAAoB,KAAK,MAAM,EAAE,CAAC;QACpC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
+
import { getCookieOptions } from './cookie.js';
|
|
1
2
|
import { WORKOS_CLIENT_ID } from './env-variables.js';
|
|
3
|
+
import { PKCE_COOKIE_NAME, getPKCECodeVerifier } from './pkce.js';
|
|
2
4
|
import { saveSession } from './session.js';
|
|
3
5
|
import { errorResponseWithFallback, redirectWithFallback, setCachePreventionHeaders } from './utils.js';
|
|
4
6
|
import { getWorkOS } from './workos.js';
|
|
@@ -52,20 +54,26 @@ export function handleAuth(options = {}) {
|
|
|
52
54
|
}
|
|
53
55
|
}
|
|
54
56
|
return async function GET(request) {
|
|
55
|
-
|
|
56
|
-
|
|
57
|
+
var _a;
|
|
58
|
+
// Fall back to standard URL parsing when nextUrl is not available (e.g., vinext)
|
|
59
|
+
const requestUrl = (_a = request.nextUrl) !== null && _a !== void 0 ? _a : new URL(request.url);
|
|
60
|
+
const code = requestUrl.searchParams.get('code');
|
|
61
|
+
const state = requestUrl.searchParams.get('state');
|
|
57
62
|
const { state: customState, returnPathname: returnPathnameState } = handleState(state);
|
|
58
63
|
if (code) {
|
|
59
64
|
try {
|
|
65
|
+
const pkceCookie = request.cookies.get(PKCE_COOKIE_NAME);
|
|
66
|
+
const codeVerifier = await getPKCECodeVerifier(pkceCookie === null || pkceCookie === void 0 ? void 0 : pkceCookie.value);
|
|
60
67
|
// Use the code returned to us by AuthKit and authenticate the user with WorkOS
|
|
61
68
|
const { accessToken, refreshToken, user, impersonator, oauthTokens, authenticationMethod, organizationId } = await getWorkOS().userManagement.authenticateWithCode({
|
|
62
69
|
clientId: WORKOS_CLIENT_ID,
|
|
63
70
|
code,
|
|
71
|
+
codeVerifier,
|
|
64
72
|
});
|
|
65
73
|
// If baseURL is provided, use it instead of request.nextUrl
|
|
66
74
|
// This is useful if the app is being run in a container like docker where
|
|
67
75
|
// the hostname can be different from the one in the request
|
|
68
|
-
const url = baseURL ? new URL(baseURL) :
|
|
76
|
+
const url = baseURL ? new URL(baseURL) : new URL(requestUrl.toString());
|
|
69
77
|
// Cleanup params
|
|
70
78
|
url.searchParams.delete('code');
|
|
71
79
|
url.searchParams.delete('state');
|
|
@@ -79,6 +87,9 @@ export function handleAuth(options = {}) {
|
|
|
79
87
|
// This is to support Next.js 13.
|
|
80
88
|
const response = redirectWithFallback(url.toString());
|
|
81
89
|
preventCaching(response.headers);
|
|
90
|
+
if (pkceCookie) {
|
|
91
|
+
response.headers.append('Set-Cookie', `${PKCE_COOKIE_NAME}=; ${getCookieOptions(request.url, true, true)}`);
|
|
92
|
+
}
|
|
82
93
|
if (!accessToken || !refreshToken)
|
|
83
94
|
throw new Error('response is missing tokens');
|
|
84
95
|
await saveSession({ accessToken, refreshToken, user, impersonator }, request);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AACxG,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,SAAS,cAAc,CAAC,OAAgB;IACtC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,cAAc,GAAuB,SAAS,CAAC;IACnD,IAAI,SAA6B,CAAC;IAClC,IAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7C,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3B,IAAI,CAAC;YACH,mCAAmC;YACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC/D,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC;QAC5D,CAAC;QAAC,WAAM,CAAC;YACP,qCAAqC;QACvC,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACxC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC3B,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,KAAK,CAAC;YACpB,CAAC;QACH,CAAC;QAAC,WAAM,CAAC;YACP,SAAS,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO;QACL,cAAc;QACd,KAAK,EAAE,SAAS;KACjB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAE5F,iDAAiD;IACjD,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,oBAAoB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB
|
|
1
|
+
{"version":3,"file":"authkit-callback-route.js","sourceRoot":"","sources":["../../src/authkit-callback-route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AACxG,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,SAAS,cAAc,CAAC,OAAgB;IACtC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9B,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,cAAc,GAAuB,SAAS,CAAC;IACnD,IAAI,SAA6B,CAAC;IAClC,IAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7C,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3B,IAAI,CAAC;YACH,mCAAmC;YACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC/D,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC;QAC5D,CAAC;QAAC,WAAM,CAAC;YACP,qCAAqC;QACvC,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACxC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC3B,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,KAAK,CAAC;YACpB,CAAC;QACH,CAAC;QAAC,WAAM,CAAC;YACP,SAAS,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO;QACL,cAAc;QACd,KAAK,EAAE,SAAS;KACjB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,UAA6B,EAAE;IACxD,MAAM,EAAE,cAAc,EAAE,oBAAoB,GAAG,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAE5F,iDAAiD;IACjD,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,oBAAoB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,UAAU,GAAG,CAAC,OAAoB;;QAC5C,iFAAiF;QACjF,MAAM,UAAU,GAAG,MAAA,OAAO,CAAC,OAAO,mCAAI,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3D,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEnD,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,mBAAmB,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAEvF,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBACzD,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,KAAK,CAAC,CAAC;gBAElE,+EAA+E;gBAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,cAAc,EAAE,GACxG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,oBAAoB,CAAC;oBACpD,QAAQ,EAAE,gBAAgB;oBAC1B,IAAI;oBACJ,YAAY;iBACb,CAAC,CAAC;gBAEL,4DAA4D;gBAC5D,0EAA0E;gBAC1E,4DAA4D;gBAC5D,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAExE,iBAAiB;gBACjB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEjC,uDAAuD;gBACvD,MAAM,cAAc,GAAG,mBAAmB,aAAnB,mBAAmB,cAAnB,mBAAmB,GAAI,oBAAoB,CAAC;gBAEnE,yDAAyD;gBACzD,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,yBAAyB,CAAC,CAAC;gBAC3E,GAAG,CAAC,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC;gBACxC,GAAG,CAAC,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC;gBAEpC,mEAAmE;gBACnE,iCAAiC;gBACjC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACtD,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAEjC,IAAI,UAAU,EAAE,CAAC;oBACf,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,gBAAgB,MAAM,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC9G,CAAC;gBAED,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;oBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAEjF,MAAM,WAAW,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,OAAO,CAAC,CAAC;gBAE9E,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,SAAS,CAAC;wBACd,WAAW;wBACX,YAAY;wBACZ,IAAI;wBACJ,YAAY;wBACZ,WAAW;wBACX,oBAAoB;wBACpB,cAAc;wBACd,KAAK,EAAE,WAAW;qBACnB,CAAC,CAAC;gBACL,CAAC;gBAED,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG;oBACf,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC;gBAEF,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAExB,OAAO,MAAM,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,OAAO,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC;IAEF,KAAK,UAAU,aAAa,CAAC,OAAoB,EAAE,KAAe;QAChE,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACnD,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACjC,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,QAAQ,GAAG,yBAAyB,CAAC;YACzC,KAAK,EAAE;gBACL,OAAO,EAAE,sBAAsB;gBAC/B,WAAW,EAAE,8FAA8F;aAC5G;SACF,CAAC,CAAC;QAEH,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjC,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC"}
|
|
@@ -28,7 +28,7 @@ export const AuthKitProvider = ({ children, onSessionExpired, initialAuth }) =>
|
|
|
28
28
|
setFeatureFlags(auth.featureFlags);
|
|
29
29
|
setImpersonator(auth.impersonator);
|
|
30
30
|
}
|
|
31
|
-
catch (
|
|
31
|
+
catch (_a) {
|
|
32
32
|
setUser(null);
|
|
33
33
|
setSessionId(undefined);
|
|
34
34
|
setOrganizationId(undefined);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authkit-provider.js","sourceRoot":"","sources":["../../../src/components/authkit-provider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAa,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACtG,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,iBAAiB,EACjB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AAwBvB,MAAM,WAAW,GAAG,aAAa,CAA8B,SAAS,CAAC,CAAC;AAe1E,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,gBAAgB,EAAE,WAAW,EAAwB,EAAE,EAAE;;IACnG,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAc,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,IAAI,mCAAI,IAAI,CAAC,CAAC;IACzE,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAqB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,SAAS,CAAC,CAAC;IACvF,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAqB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,cAAc,CAAC,CAAC;IACtG,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAqB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,IAAI,CAAC,CAAC;IACxE,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,KAAK,CAAC,CAAC;IAC7E,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,WAAW,CAAC,CAAC;IAC/F,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,CAAC,CAAC;IAClG,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,CAAC,CAAC;IAClG,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAA2B,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,CAAC,CAAC;IACtG,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,CAAC,WAAW,CAAC,CAAC;IAErD,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,cAAc,GAAG,KAAK,KAAmC,EAAE,EAAE,EAAE;QAClG,UAAU,CAAC,IAAI,CAAC,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,
|
|
1
|
+
{"version":3,"file":"authkit-provider.js","sourceRoot":"","sources":["../../../src/components/authkit-provider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EAAE,aAAa,EAAa,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACtG,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,iBAAiB,EACjB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AAwBvB,MAAM,WAAW,GAAG,aAAa,CAA8B,SAAS,CAAC,CAAC;AAe1E,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,gBAAgB,EAAE,WAAW,EAAwB,EAAE,EAAE;;IACnG,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAc,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,IAAI,mCAAI,IAAI,CAAC,CAAC;IACzE,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAqB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,SAAS,CAAC,CAAC;IACvF,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAqB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,cAAc,CAAC,CAAC;IACtG,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAqB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,IAAI,CAAC,CAAC;IACxE,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,KAAK,CAAC,CAAC;IAC7E,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,WAAW,CAAC,CAAC;IAC/F,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,CAAC,CAAC;IAClG,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAuB,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,CAAC,CAAC;IAClG,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAA2B,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,YAAY,CAAC,CAAC;IACtG,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,CAAC,WAAW,CAAC,CAAC;IAErD,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,cAAc,GAAG,KAAK,KAAmC,EAAE,EAAE,EAAE;QAClG,UAAU,CAAC,IAAI,CAAC,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,WAAM,CAAC;YACP,OAAO,CAAC,IAAI,CAAC,CAAC;YACd,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC7B,OAAO,CAAC,SAAS,CAAC,CAAC;YACnB,QAAQ,CAAC,SAAS,CAAC,CAAC;YACpB,cAAc,CAAC,SAAS,CAAC,CAAC;YAC1B,eAAe,CAAC,SAAS,CAAC,CAAC;YAC3B,eAAe,CAAC,SAAS,CAAC,CAAC;YAC3B,eAAe,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,oBAAoB,GAAG,WAAW,CACtC,KAAK,EAAE,cAAsB,EAAE,UAAuC,EAAE,EAAE,EAAE;QAC1E,MAAM,IAAI,GAAG,EAAE,oBAAoB,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAM,0BAA0B,CAAC,cAAc,EAAE;YAC9D,oBAAoB,EAAE,MAAM;YAC5B,GAAG,OAAO;SACX,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,oBAAoB,KAAK,MAAM,EAAE,CAAC;YACzC,MAAM,OAAO,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC,EACD,EAAE,CACH,CAAC;IAEF,MAAM,WAAW,GAAG,WAAW,CAC7B,KAAK,EAAE,EAAE,cAAc,GAAG,KAAK,EAAE,cAAc,KAA4D,EAAE,EAAE,EAAE;QAC/G,IAAI,CAAC;YACH,UAAU,CAAC,IAAI,CAAC,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,CAAC,CAAC;YAEzE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACtF,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,EACD,EAAE,CACH,CAAC;IAEF,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,QAAQ,KAA4B,EAAE,EAAE,EAAE;QAC7E,MAAM,mBAAmB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,2DAA2D;QAC3D,IAAI,gBAAgB,KAAK,KAAK,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QAED,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,sBAAsB,GAAG,KAAK,IAAI,EAAE;YACxC,IAAI,uBAAuB,EAAE,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,oGAAoG;YACpG,qFAAqF;YACrF,oGAAoG;YACpG,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBAC3C,uBAAuB,GAAG,IAAI,CAAC;gBAE/B,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,kBAAkB,EAAE,CAAC;oBAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;oBACrC,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,wEAAwE;oBACxE,+EAA+E;oBAC/E,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;wBACxE,IAAI,gBAAgB,EAAE,CAAC;4BACrB,gBAAgB,EAAE,CAAC;wBACrB,CAAC;6BAAM,CAAC;4BACN,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;wBAC3B,CAAC;oBACH,CAAC;gBACH,CAAC;wBAAS,CAAC;oBACT,uBAAuB,GAAG,KAAK,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACpE,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAEzD,OAAO,GAAG,EAAE;YACV,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;YAC5D,MAAM,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;QACzE,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAEvB,OAAO,CACL,oBAAC,WAAW,CAAC,QAAQ,IACnB,KAAK,EAAE;YACL,IAAI;YACJ,SAAS;YACT,cAAc;YACd,IAAI;YACJ,KAAK;YACL,WAAW;YACX,YAAY;YACZ,YAAY;YACZ,YAAY;YACZ,OAAO;YACP,OAAO;YACP,WAAW;YACX,OAAO;YACP,oBAAoB;SACrB,IAEA,QAAQ,CACY,CACxB,CAAC;AACJ,CAAC,CAAC;AAMF,MAAM,UAAU,OAAO,CAAC,EAAE,cAAc,GAAG,KAAK,KAAmC,EAAE;IACnF,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IAExC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,IAAI,cAAc,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACnE,OAAO,CAAC,OAAO,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,EAAE,CAAC,cAAc,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC,CAAC,CAAC;IAExE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -11,10 +11,11 @@ const WORKOS_COOKIE_DOMAIN = getEnvVariable('WORKOS_COOKIE_DOMAIN');
|
|
|
11
11
|
const WORKOS_COOKIE_MAX_AGE = getEnvVariable('WORKOS_COOKIE_MAX_AGE');
|
|
12
12
|
const WORKOS_COOKIE_NAME = getEnvVariable('WORKOS_COOKIE_NAME');
|
|
13
13
|
const WORKOS_COOKIE_SAMESITE = getEnvVariable('WORKOS_COOKIE_SAMESITE');
|
|
14
|
+
const WORKOS_DISABLE_PKCE = getEnvVariable('WORKOS_DISABLE_PKCE');
|
|
14
15
|
// Required env variables
|
|
15
16
|
const WORKOS_API_KEY = (_a = getEnvVariable('WORKOS_API_KEY')) !== null && _a !== void 0 ? _a : '';
|
|
16
17
|
const WORKOS_CLIENT_ID = (_b = getEnvVariable('WORKOS_CLIENT_ID')) !== null && _b !== void 0 ? _b : '';
|
|
17
18
|
const WORKOS_COOKIE_PASSWORD = (_c = getEnvVariable('WORKOS_COOKIE_PASSWORD')) !== null && _c !== void 0 ? _c : '';
|
|
18
19
|
const WORKOS_REDIRECT_URI = (_d = process.env.NEXT_PUBLIC_WORKOS_REDIRECT_URI) !== null && _d !== void 0 ? _d : '';
|
|
19
|
-
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, WORKOS_COOKIE_SAMESITE, };
|
|
20
|
+
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, WORKOS_COOKIE_SAMESITE, WORKOS_DISABLE_PKCE, };
|
|
20
21
|
//# sourceMappingURL=env-variables.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":"AAAA,0BAA0B;;AAE1B,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,yBAAyB;AACzB,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAClE,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;AAC5D,MAAM,eAAe,GAAG,cAAc,CAAC,iBAAiB,CAAC,CAAC;AAC1D,MAAM,oBAAoB,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;AACpE,MAAM,qBAAqB,GAAG,cAAc,CAAC,uBAAuB,CAAC,CAAC;AACtE,MAAM,kBAAkB,GAAG,cAAc,CAAC,oBAAoB,CAAC,CAAC;AAChE,MAAM,sBAAsB,GAAG,cAAc,CAAC,wBAAwB,CAA0C,CAAC;
|
|
1
|
+
{"version":3,"file":"env-variables.js","sourceRoot":"","sources":["../../src/env-variables.ts"],"names":[],"mappings":"AAAA,0BAA0B;;AAE1B,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED,yBAAyB;AACzB,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAClE,MAAM,gBAAgB,GAAG,cAAc,CAAC,kBAAkB,CAAC,CAAC;AAC5D,MAAM,eAAe,GAAG,cAAc,CAAC,iBAAiB,CAAC,CAAC;AAC1D,MAAM,oBAAoB,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;AACpE,MAAM,qBAAqB,GAAG,cAAc,CAAC,uBAAuB,CAAC,CAAC;AACtE,MAAM,kBAAkB,GAAG,cAAc,CAAC,oBAAoB,CAAC,CAAC;AAChE,MAAM,sBAAsB,GAAG,cAAc,CAAC,wBAAwB,CAA0C,CAAC;AACjH,MAAM,mBAAmB,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AAElE,yBAAyB;AACzB,MAAM,cAAc,GAAG,MAAA,cAAc,CAAC,gBAAgB,CAAC,mCAAI,EAAE,CAAC;AAC9D,MAAM,gBAAgB,GAAG,MAAA,cAAc,CAAC,kBAAkB,CAAC,mCAAI,EAAE,CAAC;AAClE,MAAM,sBAAsB,GAAG,MAAA,cAAc,CAAC,wBAAwB,CAAC,mCAAI,EAAE,CAAC;AAC9E,MAAM,mBAAmB,GAAG,MAAA,OAAO,CAAC,GAAG,CAAC,+BAA+B,mCAAI,EAAE,CAAC;AAE9E,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,EACtB,mBAAmB,GACpB,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { WORKOS_CLIENT_ID, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
1
|
+
import { sealData } from 'iron-session';
|
|
3
2
|
import { headers } from 'next/headers';
|
|
3
|
+
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD, WORKOS_DISABLE_PKCE, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
4
|
+
import { getWorkOS } from './workos.js';
|
|
4
5
|
async function getAuthorizationUrl(options = {}) {
|
|
5
6
|
var _a;
|
|
6
7
|
const { returnPathname, screenHint, organizationId, loginHint, prompt, state: customState } = options;
|
|
@@ -13,7 +14,7 @@ async function getAuthorizationUrl(options = {}) {
|
|
|
13
14
|
? btoa(JSON.stringify({ returnPathname })).replace(/\+/g, '-').replace(/\//g, '_')
|
|
14
15
|
: null;
|
|
15
16
|
const finalState = internalState && customState ? `${internalState}.${customState}` : internalState || customState || undefined;
|
|
16
|
-
|
|
17
|
+
const baseOptions = {
|
|
17
18
|
provider: 'authkit',
|
|
18
19
|
clientId: WORKOS_CLIENT_ID,
|
|
19
20
|
redirectUri: redirectUri !== null && redirectUri !== void 0 ? redirectUri : WORKOS_REDIRECT_URI,
|
|
@@ -22,7 +23,18 @@ async function getAuthorizationUrl(options = {}) {
|
|
|
22
23
|
organizationId,
|
|
23
24
|
loginHint,
|
|
24
25
|
prompt,
|
|
26
|
+
};
|
|
27
|
+
if (WORKOS_DISABLE_PKCE === 'true') {
|
|
28
|
+
return { url: getWorkOS().userManagement.getAuthorizationUrl(baseOptions), pkceCookieValue: undefined };
|
|
29
|
+
}
|
|
30
|
+
const pkce = await getWorkOS().pkce.generate();
|
|
31
|
+
const pkceCookieValue = await sealData({ codeVerifier: pkce.codeVerifier }, { password: WORKOS_COOKIE_PASSWORD, ttl: 600 });
|
|
32
|
+
const url = getWorkOS().userManagement.getAuthorizationUrl({
|
|
33
|
+
...baseOptions,
|
|
34
|
+
codeChallenge: pkce.codeChallenge,
|
|
35
|
+
codeChallengeMethod: pkce.codeChallengeMethod,
|
|
25
36
|
});
|
|
37
|
+
return { url, pkceCookieValue };
|
|
26
38
|
}
|
|
27
39
|
export { getAuthorizationUrl };
|
|
28
40
|
//# sourceMappingURL=get-authorization-url.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAExH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;;IAChE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IACtG,IAAI,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IACtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,mCAAI,SAAS,CAAC;IAC/D,CAAC;IAED,MAAM,aAAa,GAAG,cAAc;QAClC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;QAClF,CAAC,CAAC,IAAI,CAAC;IAET,MAAM,UAAU,GACd,aAAa,IAAI,WAAW,CAAC,CAAC,CAAC,GAAG,aAAa,IAAI,WAAW,EAAE,CAAC,CAAC,CAAC,aAAa,IAAI,WAAW,IAAI,SAAS,CAAC;IAE/G,MAAM,WAAW,GAAG;QAClB,QAAQ,EAAE,SAAkB;QAC5B,QAAQ,EAAE,gBAAgB;QAC1B,WAAW,EAAE,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,mBAAmB;QAC/C,KAAK,EAAE,UAAU;QACjB,UAAU;QACV,cAAc;QACd,SAAS;QACT,MAAM;KACP,CAAC;IAEF,IAAI,mBAAmB,KAAK,MAAM,EAAE,CAAC;QACnC,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,cAAc,CAAC,mBAAmB,CAAC,WAAW,CAAC,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC;IAC1G,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,SAAS,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC/C,MAAM,eAAe,GAAG,MAAM,QAAQ,CACpC,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,EACnC,EAAE,QAAQ,EAAE,sBAAsB,EAAE,GAAG,EAAE,GAAG,EAAE,CAC/C,CAAC;IACF,MAAM,GAAG,GAAG,SAAS,EAAE,CAAC,cAAc,CAAC,mBAAmB,CAAC;QACzD,GAAG,WAAW;QACd,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;KAC9C,CAAC,CAAC;IAEH,OAAO,EAAE,GAAG,EAAE,eAAe,EAAE,CAAC;AAClC,CAAC;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
|
package/dist/esm/pkce.js
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { unsealData } from 'iron-session';
|
|
2
|
+
import { cookies } from 'next/headers';
|
|
3
|
+
import { getCookieOptions } from './cookie.js';
|
|
4
|
+
import { WORKOS_COOKIE_PASSWORD } from './env-variables.js';
|
|
5
|
+
export const PKCE_COOKIE_NAME = 'wos-pkce-verifier';
|
|
6
|
+
const PKCE_COOKIE_MAX_AGE = 600; // 10 minutes
|
|
7
|
+
/**
|
|
8
|
+
* Set the PKCE verifier cookie in server action context.
|
|
9
|
+
* In middleware context, callers must set the cookie via Set-Cookie headers instead.
|
|
10
|
+
*/
|
|
11
|
+
export async function setPKCECookie(pkceCookieValue) {
|
|
12
|
+
if (!pkceCookieValue)
|
|
13
|
+
return;
|
|
14
|
+
const nextCookies = await cookies();
|
|
15
|
+
const { domain, path, sameSite, secure } = getCookieOptions();
|
|
16
|
+
nextCookies.set(PKCE_COOKIE_NAME, pkceCookieValue, {
|
|
17
|
+
domain,
|
|
18
|
+
path,
|
|
19
|
+
sameSite,
|
|
20
|
+
secure,
|
|
21
|
+
httpOnly: true,
|
|
22
|
+
maxAge: PKCE_COOKIE_MAX_AGE,
|
|
23
|
+
});
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Read and unseal the PKCE code verifier from the cookie.
|
|
27
|
+
* Returns undefined if the cookie is missing or corrupted.
|
|
28
|
+
*/
|
|
29
|
+
export async function getPKCECodeVerifier(cookieValue) {
|
|
30
|
+
if (!cookieValue)
|
|
31
|
+
return undefined;
|
|
32
|
+
try {
|
|
33
|
+
const unsealed = await unsealData(cookieValue, {
|
|
34
|
+
password: WORKOS_COOKIE_PASSWORD,
|
|
35
|
+
});
|
|
36
|
+
return unsealed.codeVerifier;
|
|
37
|
+
}
|
|
38
|
+
catch (_a) {
|
|
39
|
+
// Cookie corrupted or expired — caller will proceed without PKCE
|
|
40
|
+
return undefined;
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
//# sourceMappingURL=pkce.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../../src/pkce.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAE5D,MAAM,CAAC,MAAM,gBAAgB,GAAG,mBAAmB,CAAC;AACpD,MAAM,mBAAmB,GAAG,GAAG,CAAC,CAAC,aAAa;AAE9C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,eAAmC;IACrE,IAAI,CAAC,eAAe;QAAE,OAAO;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,gBAAgB,EAAE,CAAC;IAC9D,WAAW,CAAC,GAAG,CAAC,gBAAgB,EAAE,eAAe,EAAE;QACjD,MAAM;QACN,IAAI;QACJ,QAAQ;QACR,MAAM;QACN,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,mBAAmB;KAC5B,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,WAA+B;IACvE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,UAAU,CAA2B,WAAW,EAAE;YACvE,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,YAAY,CAAC;IAC/B,CAAC;IAAC,WAAM,CAAC;QACP,iEAAiE;QACjE,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC"}
|
package/dist/esm/session.js
CHANGED
|
@@ -7,10 +7,16 @@ import { getCookieOptions, getJwtCookie } from './cookie.js';
|
|
|
7
7
|
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
8
8
|
import { TokenRefreshError, getSessionErrorContext } from './errors.js';
|
|
9
9
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
10
|
+
import { PKCE_COOKIE_NAME, setPKCECookie } from './pkce.js';
|
|
10
11
|
import { getWorkOS } from './workos.js';
|
|
11
12
|
import { parse, tokensToRegexp } from 'path-to-regexp';
|
|
12
13
|
import { handleAuthkitHeaders } from './middleware-helpers.js';
|
|
13
14
|
import { lazy, setCachePreventionHeaders } from './utils.js';
|
|
15
|
+
function appendPKCESetCookieHeader(headers, pkceCookieValue, requestUrl) {
|
|
16
|
+
if (pkceCookieValue) {
|
|
17
|
+
headers.append('Set-Cookie', `${PKCE_COOKIE_NAME}=${pkceCookieValue}; ${getCookieOptions(requestUrl, true)}`);
|
|
18
|
+
}
|
|
19
|
+
}
|
|
14
20
|
const sessionHeaderName = 'x-workos-session';
|
|
15
21
|
const middlewareHeaderName = 'x-workos-middleware';
|
|
16
22
|
const signUpPathsHeaderName = 'x-sign-up-paths';
|
|
@@ -138,14 +144,16 @@ async function updateSession(request, options = { debug: false }) {
|
|
|
138
144
|
if (options.debug) {
|
|
139
145
|
console.log('No session found from cookie');
|
|
140
146
|
}
|
|
147
|
+
const { url: authorizationUrl, pkceCookieValue } = await getAuthorizationUrl({
|
|
148
|
+
returnPathname: getReturnPathname(request.url),
|
|
149
|
+
redirectUri: options.redirectUri || WORKOS_REDIRECT_URI,
|
|
150
|
+
screenHint: options.screenHint,
|
|
151
|
+
});
|
|
152
|
+
appendPKCESetCookieHeader(newRequestHeaders, pkceCookieValue, request.url);
|
|
141
153
|
return {
|
|
142
154
|
session: { user: null },
|
|
143
155
|
headers: newRequestHeaders,
|
|
144
|
-
authorizationUrl
|
|
145
|
-
returnPathname: getReturnPathname(request.url),
|
|
146
|
-
redirectUri: options.redirectUri || WORKOS_REDIRECT_URI,
|
|
147
|
-
screenHint: options.screenHint,
|
|
148
|
-
}),
|
|
156
|
+
authorizationUrl,
|
|
149
157
|
};
|
|
150
158
|
}
|
|
151
159
|
const hasValidSession = await verifyAccessToken(session.accessToken);
|
|
@@ -238,13 +246,15 @@ async function updateSession(request, options = { debug: false }) {
|
|
|
238
246
|
newRequestHeaders.append('Set-Cookie', deleteJwtCookie);
|
|
239
247
|
}
|
|
240
248
|
(_b = options.onSessionRefreshError) === null || _b === void 0 ? void 0 : _b.call(options, { error: e, request });
|
|
249
|
+
const { url: authorizationUrl, pkceCookieValue } = await getAuthorizationUrl({
|
|
250
|
+
returnPathname: getReturnPathname(request.url),
|
|
251
|
+
redirectUri: options.redirectUri || WORKOS_REDIRECT_URI,
|
|
252
|
+
});
|
|
253
|
+
appendPKCESetCookieHeader(newRequestHeaders, pkceCookieValue, request.url);
|
|
241
254
|
return {
|
|
242
255
|
session: { user: null },
|
|
243
256
|
headers: newRequestHeaders,
|
|
244
|
-
authorizationUrl
|
|
245
|
-
returnPathname: getReturnPathname(request.url),
|
|
246
|
-
redirectUri: options.redirectUri || WORKOS_REDIRECT_URI,
|
|
247
|
-
}),
|
|
257
|
+
authorizationUrl,
|
|
248
258
|
};
|
|
249
259
|
}
|
|
250
260
|
}
|
|
@@ -312,7 +322,9 @@ async function redirectToSignIn() {
|
|
|
312
322
|
const pathname = new URL(url).pathname;
|
|
313
323
|
const screenHint = getScreenHint(signUpPaths, pathname);
|
|
314
324
|
const returnPathname = getReturnPathname(url);
|
|
315
|
-
|
|
325
|
+
const { url: authkitUrl, pkceCookieValue } = await getAuthorizationUrl({ returnPathname, screenHint });
|
|
326
|
+
await setPKCECookie(pkceCookieValue);
|
|
327
|
+
redirect(authkitUrl);
|
|
316
328
|
}
|
|
317
329
|
export async function getTokenClaims(accessToken) {
|
|
318
330
|
const token = accessToken !== null && accessToken !== void 0 ? accessToken : (await withAuth()).accessToken;
|
package/dist/esm/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAc,kBAAkB,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC5E,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE3C,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAUjE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,IAAI,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAE7D,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAChD,MAAM,aAAa,GAAG,qBAAqB,CAAC;AAE5C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9G;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAChC,OAAgB,EAChB,OAAoB,EACpB,WAAgD;IAEhD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,sDAAsD;IACtD,IAAI,CAAC,CAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,WAAW,CAAA,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/C,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACzC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,WAAW,EAAE,CAAC;QAChB,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YACnC,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,OAAO;gBAAE,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,CACT,MAAM,EACN,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;SACnB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAClD,IAAI,CAAC,IAAI,CAAC,CACd,CAAC;IAEF,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAAoB;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnD,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACjG,MAAM,UAAU,GACd,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,UAAU;QAC7C,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,UAAU;QACjD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE9C,OAAO,iBAAiB,IAAI,CAAC,YAAY,IAAI,CAAC,UAAU,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,sBAAsB;QAChC,GAAG,EAAE,CAAC;KACP,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB,EACnB,WAAqB,EACrB,SAAS,GAAG,KAAK;IAEjB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC;IAER,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE;QAC1E,KAAK;QACL,WAAW;QACX,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAChE,SAAS;KACV,CAAC,CAAC;IAEH,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAErD,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,gBAA0B,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAChD,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,UAA0B,EAAE,KAAK,EAAE,KAAK,EAAE;;IAE1C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEpD,0GAA0G;IAC1G,uBAAuB;IACvB,6EAA6E;IAC7E,MAAM,iBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;IAExC,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,mGAAmG;QACnG,gEAAgE;QAChE,iBAAiB,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/D,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;gBACvD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,yBAAyB,CAAC,iBAAiB,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAE/D,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAEhD,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC7D,0DAA0D;YAC1D,IAAI,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,KAAK,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC1E,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YACzF,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACT,oBAAoB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,wCAAwC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GACrD,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5D,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,6BAA6B;SAC9C,CAAC,CAAC;QAEL,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QACD,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,UAAU,IAAI,gBAAgB,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;QAExC,MAAA,OAAO,CAAC,uBAAuB,wDAAG,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvF,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI;gBACJ,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY;gBACZ,WAAW;aACZ;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,0GAA0G;QAC1G,MAAM,YAAY,GAAG,GAAG,UAAU,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1H,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAErD,4CAA4C;QAC5C,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAC1D,CAAC;QAED,MAAA,OAAO,CAAC,qBAAqB,wDAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QAEvD,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;aACxD,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAOD,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,IAAI,aAAa,CAAC;IAElB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5E,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;SACpE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,iBAAiB,CACzB,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EACtF,KAAK,EACL,sBAAsB,CAAC,OAAO,CAAC,CAChC,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,CAAC,aAAa,EAAE,GAAG,IAAI,mBAAmB,CAAC,CAAC;IAE7D,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IAE1D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAE5C,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE9C,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,MAAM,QAAQ,EAAE,CAAC,CAAC,WAAW,CAAC;IAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,SAAS,CAAI,KAAK,CAAC,CAAC;AAC7B,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,OAAsC;IAC5D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,EAAE,CAAC;YAC5B,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhD,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAqB;IAC9D,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,IAAI,MAAM,CAAC;IAEX,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,SAAS,iLAAiL,CACnO,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,SAAS,aAAa,CAAC,WAAiC,EAAE,QAAgB;IACxE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,eAAe,GAAa,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChE,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,iBAAmD,EACnD,OAA6B;IAE7B,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,iBAAiB,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChE,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAc,kBAAkB,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC5E,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE3C,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAUjE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,IAAI,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAE7D,SAAS,yBAAyB,CAAC,OAAgB,EAAE,eAAmC,EAAE,UAAkB;IAC1G,IAAI,eAAe,EAAE,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,gBAAgB,IAAI,eAAe,KAAK,gBAAgB,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;IAChH,CAAC;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAChD,MAAM,aAAa,GAAG,qBAAqB,CAAC;AAE5C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9G;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAChC,OAAgB,EAChB,OAAoB,EACpB,WAAgD;IAEhD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,sDAAsD;IACtD,IAAI,CAAC,CAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,WAAW,CAAA,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/C,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACzC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,WAAW,EAAE,CAAC;QAChB,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YACnC,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,OAAO;gBAAE,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,CACT,MAAM,EACN,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;SACnB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAClD,IAAI,CAAC,IAAI,CAAC,CACd,CAAC;IAEF,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAAoB;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnD,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACjG,MAAM,UAAU,GACd,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,UAAU;QAC7C,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,UAAU;QACjD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE9C,OAAO,iBAAiB,IAAI,CAAC,YAAY,IAAI,CAAC,UAAU,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,sBAAsB;QAChC,GAAG,EAAE,CAAC;KACP,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB,EACnB,WAAqB,EACrB,SAAS,GAAG,KAAK;IAEjB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC;IAER,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE;QAC1E,KAAK;QACL,WAAW;QACX,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAChE,SAAS;KACV,CAAC,CAAC;IAEH,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAErD,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,gBAA0B,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAChD,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,UAA0B,EAAE,KAAK,EAAE,KAAK,EAAE;;IAE1C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEpD,0GAA0G;IAC1G,uBAAuB;IACvB,6EAA6E;IAC7E,MAAM,iBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;IAExC,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,mGAAmG;QACnG,gEAAgE;QAChE,iBAAiB,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/D,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,gBAAgB,EAAE,eAAe,EAAE,GAAG,MAAM,mBAAmB,CAAC;YAC3E,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;YAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;YACvD,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC,CAAC;QAEH,yBAAyB,CAAC,iBAAiB,EAAE,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAE3E,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB;SACjB,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,yBAAyB,CAAC,iBAAiB,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAE/D,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAEhD,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC7D,0DAA0D;YAC1D,IAAI,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,KAAK,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC1E,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YACzF,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACT,oBAAoB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,wCAAwC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GACrD,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5D,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,6BAA6B;SAC9C,CAAC,CAAC;QAEL,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QACD,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,UAAU,IAAI,gBAAgB,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;QAExC,MAAA,OAAO,CAAC,uBAAuB,wDAAG,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvF,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI;gBACJ,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY;gBACZ,WAAW;aACZ;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,0GAA0G;QAC1G,MAAM,YAAY,GAAG,GAAG,UAAU,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1H,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAErD,4CAA4C;QAC5C,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAC1D,CAAC;QAED,MAAA,OAAO,CAAC,qBAAqB,wDAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QAEvD,MAAM,EAAE,GAAG,EAAE,gBAAgB,EAAE,eAAe,EAAE,GAAG,MAAM,mBAAmB,CAAC;YAC3E,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;YAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;SACxD,CAAC,CAAC;QAEH,yBAAyB,CAAC,iBAAiB,EAAE,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAE3E,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB;SACjB,CAAC;IACJ,CAAC;AACH,CAAC;AAOD,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,IAAI,aAAa,CAAC;IAElB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5E,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;SACpE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,iBAAiB,CACzB,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EACtF,KAAK,EACL,sBAAsB,CAAC,OAAO,CAAC,CAChC,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,CAAC,aAAa,EAAE,GAAG,IAAI,mBAAmB,CAAC,CAAC;IAE7D,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IAE1D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAE5C,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE9C,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC;IACvG,MAAM,aAAa,CAAC,eAAe,CAAC,CAAC;IACrC,QAAQ,CAAC,UAAU,CAAC,CAAC;AACvB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,MAAM,QAAQ,EAAE,CAAC,CAAC,WAAW,CAAC;IAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,SAAS,CAAI,KAAK,CAAC,CAAC;AAC7B,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,OAAsC;IAC5D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,EAAE,CAAC;YAC5B,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhD,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAqB;IAC9D,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,IAAI,MAAM,CAAC;IAEX,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,SAAS,iLAAiL,CACnO,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,SAAS,aAAa,CAAC,WAAiC,EAAE,QAAgB;IACxE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,eAAe,GAAa,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChE,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,iBAAmD,EACnD,OAA6B;IAE7B,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,iBAAiB,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChE,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC"}
|
|
@@ -5,8 +5,9 @@ declare const WORKOS_COOKIE_DOMAIN: string | undefined;
|
|
|
5
5
|
declare const WORKOS_COOKIE_MAX_AGE: string | undefined;
|
|
6
6
|
declare const WORKOS_COOKIE_NAME: string | undefined;
|
|
7
7
|
declare const WORKOS_COOKIE_SAMESITE: "lax" | "strict" | "none" | undefined;
|
|
8
|
+
declare const WORKOS_DISABLE_PKCE: string | undefined;
|
|
8
9
|
declare const WORKOS_API_KEY: string;
|
|
9
10
|
declare const WORKOS_CLIENT_ID: string;
|
|
10
11
|
declare const WORKOS_COOKIE_PASSWORD: string;
|
|
11
12
|
declare const WORKOS_REDIRECT_URI: string;
|
|
12
|
-
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, WORKOS_COOKIE_SAMESITE, };
|
|
13
|
+
export { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT, WORKOS_CLIENT_ID, WORKOS_COOKIE_DOMAIN, WORKOS_COOKIE_MAX_AGE, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI, WORKOS_COOKIE_SAMESITE, WORKOS_DISABLE_PKCE, };
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import { GetAuthURLOptions } from './interfaces.js';
|
|
2
|
-
declare function getAuthorizationUrl(options?: GetAuthURLOptions): Promise<
|
|
1
|
+
import { GetAuthURLOptions, GetAuthURLResult } from './interfaces.js';
|
|
2
|
+
declare function getAuthorizationUrl(options?: GetAuthURLOptions): Promise<GetAuthURLResult>;
|
|
3
3
|
export { getAuthorizationUrl };
|
|
@@ -58,6 +58,10 @@ export interface AccessToken {
|
|
|
58
58
|
entitlements?: string[];
|
|
59
59
|
feature_flags?: string[];
|
|
60
60
|
}
|
|
61
|
+
export interface GetAuthURLResult {
|
|
62
|
+
url: string;
|
|
63
|
+
pkceCookieValue?: string;
|
|
64
|
+
}
|
|
61
65
|
export interface GetAuthURLOptions {
|
|
62
66
|
screenHint?: 'sign-up' | 'sign-in';
|
|
63
67
|
returnPathname?: string;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export declare const PKCE_COOKIE_NAME = "wos-pkce-verifier";
|
|
2
|
+
/**
|
|
3
|
+
* Set the PKCE verifier cookie in server action context.
|
|
4
|
+
* In middleware context, callers must set the cookie via Set-Cookie headers instead.
|
|
5
|
+
*/
|
|
6
|
+
export declare function setPKCECookie(pkceCookieValue: string | undefined): Promise<void>;
|
|
7
|
+
/**
|
|
8
|
+
* Read and unseal the PKCE code verifier from the cookie.
|
|
9
|
+
* Returns undefined if the cookie is missing or corrupted.
|
|
10
|
+
*/
|
|
11
|
+
export declare function getPKCECodeVerifier(cookieValue: string | undefined): Promise<string | undefined>;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@workos-inc/authkit-nextjs",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.16.0",
|
|
4
4
|
"description": "Authentication and session helpers for using WorkOS & AuthKit with Next.js",
|
|
5
5
|
"sideEffects": false,
|
|
6
6
|
"type": "module",
|
|
@@ -23,10 +23,10 @@
|
|
|
23
23
|
}
|
|
24
24
|
},
|
|
25
25
|
"dependencies": {
|
|
26
|
-
"@workos-inc/node": "^8.
|
|
27
|
-
"iron-session": "^8.0.
|
|
28
|
-
"jose": "^5.
|
|
29
|
-
"path-to-regexp": "^6.
|
|
26
|
+
"@workos-inc/node": "^8.7.0",
|
|
27
|
+
"iron-session": "^8.0.4",
|
|
28
|
+
"jose": "^5.10.0",
|
|
29
|
+
"path-to-regexp": "^6.3.0"
|
|
30
30
|
},
|
|
31
31
|
"peerDependencies": {
|
|
32
32
|
"next": "^13.5.9 || ^14.2.26 || ^15.2.3 || ^16",
|
|
@@ -34,22 +34,22 @@
|
|
|
34
34
|
"react-dom": "^18.0 || ^19.0.0"
|
|
35
35
|
},
|
|
36
36
|
"devDependencies": {
|
|
37
|
-
"@testing-library/jest-dom": "^6.
|
|
38
|
-
"@testing-library/react": "^16.
|
|
39
|
-
"@types/node": "^20.
|
|
37
|
+
"@testing-library/jest-dom": "^6.9.1",
|
|
38
|
+
"@testing-library/react": "^16.3.2",
|
|
39
|
+
"@types/node": "^20.19.35",
|
|
40
40
|
"@types/react": "18.2.67",
|
|
41
41
|
"@types/react-dom": "18.2.22",
|
|
42
|
-
"@vitest/coverage-v8": "^3.
|
|
43
|
-
"eslint": "^8.
|
|
44
|
-
"eslint-config-prettier": "^9.1.
|
|
42
|
+
"@vitest/coverage-v8": "^3.2.4",
|
|
43
|
+
"eslint": "^8.57.1",
|
|
44
|
+
"eslint-config-prettier": "^9.1.2",
|
|
45
45
|
"eslint-plugin-require-extensions": "^0.1.3",
|
|
46
|
-
"jsdom": "^26.
|
|
47
|
-
"next": "^16.
|
|
48
|
-
"prettier": "^3.
|
|
46
|
+
"jsdom": "^26.1.0",
|
|
47
|
+
"next": "^16.1.6",
|
|
48
|
+
"prettier": "^3.8.1",
|
|
49
49
|
"tslib": "^2.8.1",
|
|
50
50
|
"typescript": "5.4.2",
|
|
51
|
-
"typescript-eslint": "^7.
|
|
52
|
-
"vitest": "^3.
|
|
51
|
+
"typescript-eslint": "^7.18.0",
|
|
52
|
+
"vitest": "^3.2.4"
|
|
53
53
|
},
|
|
54
54
|
"license": "MIT",
|
|
55
55
|
"homepage": "https://github.com/workos/authkit-nextjs#readme",
|
package/src/auth.spec.ts
CHANGED
|
@@ -29,6 +29,13 @@ const fakeWorkosInstance = {
|
|
|
29
29
|
getJwksUrl: vi.fn(() => 'https://api.workos.com/sso/jwks/client_1234567890'),
|
|
30
30
|
getLogoutUrl: vi.fn(),
|
|
31
31
|
},
|
|
32
|
+
pkce: {
|
|
33
|
+
generate: vi.fn().mockResolvedValue({
|
|
34
|
+
codeVerifier: 'test-code-verifier',
|
|
35
|
+
codeChallenge: 'test-code-challenge',
|
|
36
|
+
codeChallengeMethod: 'S256' as const,
|
|
37
|
+
}),
|
|
38
|
+
},
|
|
32
39
|
};
|
|
33
40
|
|
|
34
41
|
const revalidatePath = vi.mocked(cache.revalidatePath);
|
|
@@ -151,9 +158,16 @@ describe('auth.ts', () => {
|
|
|
151
158
|
nextHeaders.set('x-url', 'http://localhost/test');
|
|
152
159
|
await generateSession();
|
|
153
160
|
|
|
161
|
+
fakeWorkosInstance.pkce.generate.mockResolvedValue({
|
|
162
|
+
codeVerifier: 'test-code-verifier',
|
|
163
|
+
codeChallenge: 'test-code-challenge',
|
|
164
|
+
codeChallengeMethod: 'S256' as const,
|
|
165
|
+
});
|
|
166
|
+
|
|
154
167
|
// Create a WorkOS-like object that matches what our tests need
|
|
155
168
|
const mockWorkOS = {
|
|
156
169
|
userManagement: fakeWorkosInstance.userManagement,
|
|
170
|
+
pkce: fakeWorkosInstance.pkce,
|
|
157
171
|
// Add minimal properties to satisfy TypeScript
|
|
158
172
|
createHttpClient: vi.fn(),
|
|
159
173
|
createWebhookClient: vi.fn(),
|
package/src/auth.ts
CHANGED
|
@@ -7,7 +7,8 @@ import { redirect } from 'next/navigation';
|
|
|
7
7
|
import { WORKOS_COOKIE_NAME } from './env-variables.js';
|
|
8
8
|
import { getCookieOptions } from './cookie.js';
|
|
9
9
|
import { getAuthorizationUrl } from './get-authorization-url.js';
|
|
10
|
-
import type { AccessToken, SwitchToOrganizationOptions, UserInfo } from './interfaces.js';
|
|
10
|
+
import type { AccessToken, GetAuthURLOptions, SwitchToOrganizationOptions, UserInfo } from './interfaces.js';
|
|
11
|
+
import { setPKCECookie } from './pkce.js';
|
|
11
12
|
import { getSessionFromCookie, refreshSession, withAuth } from './session.js';
|
|
12
13
|
import { getWorkOS } from './workos.js';
|
|
13
14
|
|
|
@@ -20,6 +21,12 @@ function revalidateTagCompat(tag: string): void {
|
|
|
20
21
|
return fn(tag, 'max');
|
|
21
22
|
}
|
|
22
23
|
|
|
24
|
+
async function getAuthURLAndSetPKCECookie(options: GetAuthURLOptions): Promise<string> {
|
|
25
|
+
const { url, pkceCookieValue } = await getAuthorizationUrl(options);
|
|
26
|
+
await setPKCECookie(pkceCookieValue);
|
|
27
|
+
return url;
|
|
28
|
+
}
|
|
29
|
+
|
|
23
30
|
export async function getSignInUrl({
|
|
24
31
|
organizationId,
|
|
25
32
|
loginHint,
|
|
@@ -35,7 +42,7 @@ export async function getSignInUrl({
|
|
|
35
42
|
state?: string;
|
|
36
43
|
returnTo?: string;
|
|
37
44
|
} = {}) {
|
|
38
|
-
return
|
|
45
|
+
return getAuthURLAndSetPKCECookie({
|
|
39
46
|
organizationId,
|
|
40
47
|
screenHint: 'sign-in',
|
|
41
48
|
loginHint,
|
|
@@ -61,7 +68,7 @@ export async function getSignUpUrl({
|
|
|
61
68
|
state?: string;
|
|
62
69
|
returnTo?: string;
|
|
63
70
|
} = {}) {
|
|
64
|
-
return
|
|
71
|
+
return getAuthURLAndSetPKCECookie({
|
|
65
72
|
organizationId,
|
|
66
73
|
screenHint: 'sign-up',
|
|
67
74
|
loginHint,
|
|
@@ -97,7 +104,12 @@ export async function signOut({ returnTo }: { returnTo?: string } = {}) {
|
|
|
97
104
|
const nextCookies = await cookies();
|
|
98
105
|
const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
|
|
99
106
|
const { domain, path, sameSite, secure } = getCookieOptions();
|
|
100
|
-
|
|
107
|
+
try {
|
|
108
|
+
nextCookies.delete({ name: cookieName, domain, path, sameSite, secure });
|
|
109
|
+
} catch {
|
|
110
|
+
// Some environments (e.g., vinext) only accept a string cookie name
|
|
111
|
+
nextCookies.delete(cookieName);
|
|
112
|
+
}
|
|
101
113
|
|
|
102
114
|
if (sessionId) {
|
|
103
115
|
redirect(getWorkOS().userManagement.getLogoutUrl({ sessionId, returnTo }));
|
|
@@ -128,22 +140,25 @@ export async function switchToOrganization(
|
|
|
128
140
|
redirect(cause.rawData.authkit_redirect_url);
|
|
129
141
|
} else {
|
|
130
142
|
if (cause?.error === 'sso_required' || cause?.error === 'mfa_enrollment') {
|
|
131
|
-
|
|
132
|
-
return redirect(url);
|
|
143
|
+
return redirect(await getAuthURLAndSetPKCECookie({ organizationId }));
|
|
133
144
|
}
|
|
134
145
|
throw error;
|
|
135
146
|
}
|
|
136
147
|
}
|
|
137
148
|
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
149
|
+
try {
|
|
150
|
+
switch (revalidationStrategy) {
|
|
151
|
+
case 'path':
|
|
152
|
+
revalidatePath(pathname);
|
|
153
|
+
break;
|
|
154
|
+
case 'tag':
|
|
155
|
+
for (const tag of revalidationTags) {
|
|
156
|
+
revalidateTagCompat(tag);
|
|
157
|
+
}
|
|
158
|
+
break;
|
|
159
|
+
}
|
|
160
|
+
} catch {
|
|
161
|
+
// revalidatePath/revalidateTag may not be available in non-Next.js environments (e.g., vinext)
|
|
147
162
|
}
|
|
148
163
|
if (revalidationStrategy !== 'none') {
|
|
149
164
|
redirect(pathname);
|
|
@@ -2,6 +2,7 @@ import { getWorkOS } from './workos.js';
|
|
|
2
2
|
import { handleAuth } from './authkit-callback-route.js';
|
|
3
3
|
import { getSessionFromCookie, saveSession } from './session.js';
|
|
4
4
|
import { NextRequest, NextResponse } from 'next/server';
|
|
5
|
+
import { sealData } from 'iron-session';
|
|
5
6
|
|
|
6
7
|
// Mocked in vitest.setup.ts
|
|
7
8
|
import { cookies, headers } from 'next/headers';
|
|
@@ -13,6 +14,9 @@ const { fakeWorkosInstance } = vi.hoisted(() => ({
|
|
|
13
14
|
authenticateWithCode: vi.fn(),
|
|
14
15
|
getJwksUrl: vi.fn(() => 'https://api.workos.com/sso/jwks/client_1234567890'),
|
|
15
16
|
},
|
|
17
|
+
pkce: {
|
|
18
|
+
generate: vi.fn(),
|
|
19
|
+
},
|
|
16
20
|
},
|
|
17
21
|
}));
|
|
18
22
|
|
|
@@ -361,5 +365,86 @@ describe('authkit-callback-route', () => {
|
|
|
361
365
|
// Should still redirect correctly
|
|
362
366
|
expect(response.headers.get('Location')).toContain('/old-path');
|
|
363
367
|
});
|
|
368
|
+
|
|
369
|
+
describe('PKCE', () => {
|
|
370
|
+
it('should pass codeVerifier from cookie to authenticateWithCode', async () => {
|
|
371
|
+
vi.mocked(workos.userManagement.authenticateWithCode).mockResolvedValue(mockAuthResponse);
|
|
372
|
+
|
|
373
|
+
// Seal a verifier into a cookie value
|
|
374
|
+
const sealedVerifier = await sealData(
|
|
375
|
+
{ codeVerifier: 'test-verifier-123' },
|
|
376
|
+
{ password: process.env.WORKOS_COOKIE_PASSWORD! },
|
|
377
|
+
);
|
|
378
|
+
|
|
379
|
+
// Set the PKCE cookie on the request
|
|
380
|
+
request.cookies.set('wos-pkce-verifier', sealedVerifier);
|
|
381
|
+
request.nextUrl.searchParams.set('code', 'test-code');
|
|
382
|
+
|
|
383
|
+
const handler = handleAuth();
|
|
384
|
+
await handler(request);
|
|
385
|
+
|
|
386
|
+
expect(workos.userManagement.authenticateWithCode).toHaveBeenCalledWith(
|
|
387
|
+
expect.objectContaining({
|
|
388
|
+
code: 'test-code',
|
|
389
|
+
codeVerifier: 'test-verifier-123',
|
|
390
|
+
}),
|
|
391
|
+
);
|
|
392
|
+
});
|
|
393
|
+
|
|
394
|
+
it('should proceed without codeVerifier when PKCE cookie is missing', async () => {
|
|
395
|
+
vi.mocked(workos.userManagement.authenticateWithCode).mockResolvedValue(mockAuthResponse);
|
|
396
|
+
|
|
397
|
+
request.nextUrl.searchParams.set('code', 'test-code');
|
|
398
|
+
|
|
399
|
+
const handler = handleAuth();
|
|
400
|
+
await handler(request);
|
|
401
|
+
|
|
402
|
+
expect(workos.userManagement.authenticateWithCode).toHaveBeenCalledWith(
|
|
403
|
+
expect.objectContaining({
|
|
404
|
+
code: 'test-code',
|
|
405
|
+
codeVerifier: undefined,
|
|
406
|
+
}),
|
|
407
|
+
);
|
|
408
|
+
});
|
|
409
|
+
|
|
410
|
+
it('should proceed without codeVerifier when PKCE cookie is corrupted', async () => {
|
|
411
|
+
vi.mocked(workos.userManagement.authenticateWithCode).mockResolvedValue(mockAuthResponse);
|
|
412
|
+
|
|
413
|
+
// Set a corrupted cookie
|
|
414
|
+
request.cookies.set('wos-pkce-verifier', 'not-a-valid-sealed-value');
|
|
415
|
+
request.nextUrl.searchParams.set('code', 'test-code');
|
|
416
|
+
|
|
417
|
+
const handler = handleAuth();
|
|
418
|
+
await handler(request);
|
|
419
|
+
|
|
420
|
+
expect(workos.userManagement.authenticateWithCode).toHaveBeenCalledWith(
|
|
421
|
+
expect.objectContaining({
|
|
422
|
+
code: 'test-code',
|
|
423
|
+
codeVerifier: undefined,
|
|
424
|
+
}),
|
|
425
|
+
);
|
|
426
|
+
});
|
|
427
|
+
|
|
428
|
+
it('should delete PKCE cookie after successful authentication', async () => {
|
|
429
|
+
vi.mocked(workos.userManagement.authenticateWithCode).mockResolvedValue(mockAuthResponse);
|
|
430
|
+
|
|
431
|
+
const sealedVerifier = await sealData(
|
|
432
|
+
{ codeVerifier: 'test-verifier-123' },
|
|
433
|
+
{ password: process.env.WORKOS_COOKIE_PASSWORD! },
|
|
434
|
+
);
|
|
435
|
+
|
|
436
|
+
request.cookies.set('wos-pkce-verifier', sealedVerifier);
|
|
437
|
+
request.nextUrl.searchParams.set('code', 'test-code');
|
|
438
|
+
|
|
439
|
+
const handler = handleAuth();
|
|
440
|
+
const response = await handler(request);
|
|
441
|
+
|
|
442
|
+
// The response should have a Set-Cookie header to delete the PKCE cookie
|
|
443
|
+
const setCookieHeaders = response.headers.getSetCookie();
|
|
444
|
+
const pkceDeletionCookie = setCookieHeaders.find((c: string) => c.startsWith('wos-pkce-verifier='));
|
|
445
|
+
expect(pkceDeletionCookie).toBeDefined();
|
|
446
|
+
expect(pkceDeletionCookie).toContain('Max-Age=0');
|
|
447
|
+
});
|
|
448
|
+
});
|
|
364
449
|
});
|
|
365
450
|
});
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { NextRequest } from 'next/server';
|
|
2
|
+
import { getCookieOptions } from './cookie.js';
|
|
2
3
|
import { WORKOS_CLIENT_ID } from './env-variables.js';
|
|
3
4
|
import { HandleAuthOptions } from './interfaces.js';
|
|
5
|
+
import { PKCE_COOKIE_NAME, getPKCECodeVerifier } from './pkce.js';
|
|
4
6
|
import { saveSession } from './session.js';
|
|
5
7
|
import { errorResponseWithFallback, redirectWithFallback, setCachePreventionHeaders } from './utils.js';
|
|
6
8
|
import { getWorkOS } from './workos.js';
|
|
@@ -54,24 +56,30 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
54
56
|
}
|
|
55
57
|
|
|
56
58
|
return async function GET(request: NextRequest) {
|
|
57
|
-
|
|
58
|
-
const
|
|
59
|
+
// Fall back to standard URL parsing when nextUrl is not available (e.g., vinext)
|
|
60
|
+
const requestUrl = request.nextUrl ?? new URL(request.url);
|
|
61
|
+
const code = requestUrl.searchParams.get('code');
|
|
62
|
+
const state = requestUrl.searchParams.get('state');
|
|
59
63
|
|
|
60
64
|
const { state: customState, returnPathname: returnPathnameState } = handleState(state);
|
|
61
65
|
|
|
62
66
|
if (code) {
|
|
63
67
|
try {
|
|
68
|
+
const pkceCookie = request.cookies.get(PKCE_COOKIE_NAME);
|
|
69
|
+
const codeVerifier = await getPKCECodeVerifier(pkceCookie?.value);
|
|
70
|
+
|
|
64
71
|
// Use the code returned to us by AuthKit and authenticate the user with WorkOS
|
|
65
72
|
const { accessToken, refreshToken, user, impersonator, oauthTokens, authenticationMethod, organizationId } =
|
|
66
73
|
await getWorkOS().userManagement.authenticateWithCode({
|
|
67
74
|
clientId: WORKOS_CLIENT_ID,
|
|
68
75
|
code,
|
|
76
|
+
codeVerifier,
|
|
69
77
|
});
|
|
70
78
|
|
|
71
79
|
// If baseURL is provided, use it instead of request.nextUrl
|
|
72
80
|
// This is useful if the app is being run in a container like docker where
|
|
73
81
|
// the hostname can be different from the one in the request
|
|
74
|
-
const url = baseURL ? new URL(baseURL) :
|
|
82
|
+
const url = baseURL ? new URL(baseURL) : new URL(requestUrl.toString());
|
|
75
83
|
|
|
76
84
|
// Cleanup params
|
|
77
85
|
url.searchParams.delete('code');
|
|
@@ -90,6 +98,10 @@ export function handleAuth(options: HandleAuthOptions = {}) {
|
|
|
90
98
|
const response = redirectWithFallback(url.toString());
|
|
91
99
|
preventCaching(response.headers);
|
|
92
100
|
|
|
101
|
+
if (pkceCookie) {
|
|
102
|
+
response.headers.append('Set-Cookie', `${PKCE_COOKIE_NAME}=; ${getCookieOptions(request.url, true, true)}`);
|
|
103
|
+
}
|
|
104
|
+
|
|
93
105
|
if (!accessToken || !refreshToken) throw new Error('response is missing tokens');
|
|
94
106
|
|
|
95
107
|
await saveSession({ accessToken, refreshToken, user, impersonator }, request);
|
|
@@ -71,7 +71,7 @@ export const AuthKitProvider = ({ children, onSessionExpired, initialAuth }: Aut
|
|
|
71
71
|
setEntitlements(auth.entitlements);
|
|
72
72
|
setFeatureFlags(auth.featureFlags);
|
|
73
73
|
setImpersonator(auth.impersonator);
|
|
74
|
-
} catch
|
|
74
|
+
} catch {
|
|
75
75
|
setUser(null);
|
|
76
76
|
setSessionId(undefined);
|
|
77
77
|
setOrganizationId(undefined);
|
|
@@ -530,7 +530,7 @@ describe('tokenStore', () => {
|
|
|
530
530
|
|
|
531
531
|
try {
|
|
532
532
|
await tokenStore.refreshToken();
|
|
533
|
-
} catch
|
|
533
|
+
} catch {
|
|
534
534
|
// Expected to throw
|
|
535
535
|
}
|
|
536
536
|
|
|
@@ -547,7 +547,7 @@ describe('tokenStore', () => {
|
|
|
547
547
|
|
|
548
548
|
try {
|
|
549
549
|
await tokenStore.refreshToken();
|
|
550
|
-
} catch
|
|
550
|
+
} catch {
|
|
551
551
|
// Expected to throw
|
|
552
552
|
}
|
|
553
553
|
|
|
@@ -699,7 +699,7 @@ describe('tokenStore', () => {
|
|
|
699
699
|
|
|
700
700
|
try {
|
|
701
701
|
await tokenStore.refreshToken();
|
|
702
|
-
} catch
|
|
702
|
+
} catch {
|
|
703
703
|
// Expected to throw
|
|
704
704
|
}
|
|
705
705
|
|
package/src/env-variables.ts
CHANGED
|
@@ -12,6 +12,7 @@ const WORKOS_COOKIE_DOMAIN = getEnvVariable('WORKOS_COOKIE_DOMAIN');
|
|
|
12
12
|
const WORKOS_COOKIE_MAX_AGE = getEnvVariable('WORKOS_COOKIE_MAX_AGE');
|
|
13
13
|
const WORKOS_COOKIE_NAME = getEnvVariable('WORKOS_COOKIE_NAME');
|
|
14
14
|
const WORKOS_COOKIE_SAMESITE = getEnvVariable('WORKOS_COOKIE_SAMESITE') as 'lax' | 'strict' | 'none' | undefined;
|
|
15
|
+
const WORKOS_DISABLE_PKCE = getEnvVariable('WORKOS_DISABLE_PKCE');
|
|
15
16
|
|
|
16
17
|
// Required env variables
|
|
17
18
|
const WORKOS_API_KEY = getEnvVariable('WORKOS_API_KEY') ?? '';
|
|
@@ -31,4 +32,5 @@ export {
|
|
|
31
32
|
WORKOS_COOKIE_PASSWORD,
|
|
32
33
|
WORKOS_REDIRECT_URI,
|
|
33
34
|
WORKOS_COOKIE_SAMESITE,
|
|
35
|
+
WORKOS_DISABLE_PKCE,
|
|
34
36
|
};
|
|
@@ -8,6 +8,13 @@ const { fakeWorkosInstance } = vi.hoisted(() => ({
|
|
|
8
8
|
userManagement: {
|
|
9
9
|
getAuthorizationUrl: vi.fn(),
|
|
10
10
|
},
|
|
11
|
+
pkce: {
|
|
12
|
+
generate: vi.fn().mockResolvedValue({
|
|
13
|
+
codeVerifier: 'test-code-verifier',
|
|
14
|
+
codeChallenge: 'test-code-challenge',
|
|
15
|
+
codeChallengeMethod: 'S256' as const,
|
|
16
|
+
}),
|
|
17
|
+
},
|
|
11
18
|
},
|
|
12
19
|
}));
|
|
13
20
|
|
|
@@ -19,6 +26,12 @@ describe('getAuthorizationUrl', () => {
|
|
|
19
26
|
const workos = getWorkOS();
|
|
20
27
|
beforeEach(() => {
|
|
21
28
|
vi.clearAllMocks();
|
|
29
|
+
delete process.env.WORKOS_DISABLE_PKCE;
|
|
30
|
+
fakeWorkosInstance.pkce.generate.mockResolvedValue({
|
|
31
|
+
codeVerifier: 'test-code-verifier',
|
|
32
|
+
codeChallenge: 'test-code-challenge',
|
|
33
|
+
codeChallengeMethod: 'S256' as const,
|
|
34
|
+
});
|
|
22
35
|
});
|
|
23
36
|
|
|
24
37
|
it('uses x-redirect-uri header when redirectUri option is not provided', async () => {
|
|
@@ -56,4 +69,53 @@ describe('getAuthorizationUrl', () => {
|
|
|
56
69
|
}),
|
|
57
70
|
);
|
|
58
71
|
});
|
|
72
|
+
|
|
73
|
+
describe('PKCE', () => {
|
|
74
|
+
it('generates PKCE pair and includes codeChallenge in authorization URL', async () => {
|
|
75
|
+
vi.mocked(workos.userManagement.getAuthorizationUrl).mockReturnValue('mock-url');
|
|
76
|
+
|
|
77
|
+
const result = await getAuthorizationUrl({});
|
|
78
|
+
|
|
79
|
+
expect(fakeWorkosInstance.pkce.generate).toHaveBeenCalled();
|
|
80
|
+
expect(workos.userManagement.getAuthorizationUrl).toHaveBeenCalledWith(
|
|
81
|
+
expect.objectContaining({
|
|
82
|
+
codeChallenge: 'test-code-challenge',
|
|
83
|
+
codeChallengeMethod: 'S256',
|
|
84
|
+
}),
|
|
85
|
+
);
|
|
86
|
+
expect(result.url).toBe('mock-url');
|
|
87
|
+
expect(result.pkceCookieValue).toBeDefined();
|
|
88
|
+
expect(result.pkceCookieValue).not.toBe('');
|
|
89
|
+
});
|
|
90
|
+
|
|
91
|
+
it('returns sealed cookie value for the verifier', async () => {
|
|
92
|
+
vi.mocked(workos.userManagement.getAuthorizationUrl).mockReturnValue('mock-url');
|
|
93
|
+
|
|
94
|
+
const result = await getAuthorizationUrl({});
|
|
95
|
+
|
|
96
|
+
// pkceCookieValue should be a sealed (encrypted) string
|
|
97
|
+
expect(typeof result.pkceCookieValue).toBe('string');
|
|
98
|
+
expect(result.pkceCookieValue!.length).toBeGreaterThan(0);
|
|
99
|
+
});
|
|
100
|
+
|
|
101
|
+
it('skips PKCE when WORKOS_DISABLE_PKCE is set to true', async () => {
|
|
102
|
+
process.env.WORKOS_DISABLE_PKCE = 'true';
|
|
103
|
+
|
|
104
|
+
// Re-import to pick up the new env var
|
|
105
|
+
vi.resetModules();
|
|
106
|
+
const { getAuthorizationUrl: freshGetAuthorizationUrl } = await import('./get-authorization-url.js');
|
|
107
|
+
|
|
108
|
+
vi.mocked(workos.userManagement.getAuthorizationUrl).mockReturnValue('mock-url');
|
|
109
|
+
|
|
110
|
+
const result = await freshGetAuthorizationUrl({});
|
|
111
|
+
|
|
112
|
+
expect(fakeWorkosInstance.pkce.generate).not.toHaveBeenCalled();
|
|
113
|
+
expect(workos.userManagement.getAuthorizationUrl).toHaveBeenCalledWith(
|
|
114
|
+
expect.not.objectContaining({
|
|
115
|
+
codeChallenge: expect.any(String),
|
|
116
|
+
}),
|
|
117
|
+
);
|
|
118
|
+
expect(result.pkceCookieValue).toBeUndefined();
|
|
119
|
+
});
|
|
120
|
+
});
|
|
59
121
|
});
|
|
@@ -1,9 +1,10 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { WORKOS_CLIENT_ID, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
3
|
-
import { GetAuthURLOptions } from './interfaces.js';
|
|
1
|
+
import { sealData } from 'iron-session';
|
|
4
2
|
import { headers } from 'next/headers';
|
|
3
|
+
import { WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD, WORKOS_DISABLE_PKCE, WORKOS_REDIRECT_URI } from './env-variables.js';
|
|
4
|
+
import { GetAuthURLOptions, GetAuthURLResult } from './interfaces.js';
|
|
5
|
+
import { getWorkOS } from './workos.js';
|
|
5
6
|
|
|
6
|
-
async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
7
|
+
async function getAuthorizationUrl(options: GetAuthURLOptions = {}): Promise<GetAuthURLResult> {
|
|
7
8
|
const { returnPathname, screenHint, organizationId, loginHint, prompt, state: customState } = options;
|
|
8
9
|
let redirectUri = options.redirectUri;
|
|
9
10
|
if (!redirectUri) {
|
|
@@ -18,8 +19,8 @@ async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
|
18
19
|
const finalState =
|
|
19
20
|
internalState && customState ? `${internalState}.${customState}` : internalState || customState || undefined;
|
|
20
21
|
|
|
21
|
-
|
|
22
|
-
provider: 'authkit',
|
|
22
|
+
const baseOptions = {
|
|
23
|
+
provider: 'authkit' as const,
|
|
23
24
|
clientId: WORKOS_CLIENT_ID,
|
|
24
25
|
redirectUri: redirectUri ?? WORKOS_REDIRECT_URI,
|
|
25
26
|
state: finalState,
|
|
@@ -27,7 +28,24 @@ async function getAuthorizationUrl(options: GetAuthURLOptions = {}) {
|
|
|
27
28
|
organizationId,
|
|
28
29
|
loginHint,
|
|
29
30
|
prompt,
|
|
31
|
+
};
|
|
32
|
+
|
|
33
|
+
if (WORKOS_DISABLE_PKCE === 'true') {
|
|
34
|
+
return { url: getWorkOS().userManagement.getAuthorizationUrl(baseOptions), pkceCookieValue: undefined };
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
const pkce = await getWorkOS().pkce.generate();
|
|
38
|
+
const pkceCookieValue = await sealData(
|
|
39
|
+
{ codeVerifier: pkce.codeVerifier },
|
|
40
|
+
{ password: WORKOS_COOKIE_PASSWORD, ttl: 600 },
|
|
41
|
+
);
|
|
42
|
+
const url = getWorkOS().userManagement.getAuthorizationUrl({
|
|
43
|
+
...baseOptions,
|
|
44
|
+
codeChallenge: pkce.codeChallenge,
|
|
45
|
+
codeChallengeMethod: pkce.codeChallengeMethod,
|
|
30
46
|
});
|
|
47
|
+
|
|
48
|
+
return { url, pkceCookieValue };
|
|
31
49
|
}
|
|
32
50
|
|
|
33
51
|
export { getAuthorizationUrl };
|
package/src/interfaces.ts
CHANGED
|
@@ -61,6 +61,11 @@ export interface AccessToken {
|
|
|
61
61
|
feature_flags?: string[];
|
|
62
62
|
}
|
|
63
63
|
|
|
64
|
+
export interface GetAuthURLResult {
|
|
65
|
+
url: string;
|
|
66
|
+
pkceCookieValue?: string;
|
|
67
|
+
}
|
|
68
|
+
|
|
64
69
|
export interface GetAuthURLOptions {
|
|
65
70
|
screenHint?: 'sign-up' | 'sign-in';
|
|
66
71
|
returnPathname?: string;
|
package/src/pkce.ts
ADDED
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { unsealData } from 'iron-session';
|
|
2
|
+
import { cookies } from 'next/headers';
|
|
3
|
+
import { getCookieOptions } from './cookie.js';
|
|
4
|
+
import { WORKOS_COOKIE_PASSWORD } from './env-variables.js';
|
|
5
|
+
|
|
6
|
+
export const PKCE_COOKIE_NAME = 'wos-pkce-verifier';
|
|
7
|
+
const PKCE_COOKIE_MAX_AGE = 600; // 10 minutes
|
|
8
|
+
|
|
9
|
+
/**
|
|
10
|
+
* Set the PKCE verifier cookie in server action context.
|
|
11
|
+
* In middleware context, callers must set the cookie via Set-Cookie headers instead.
|
|
12
|
+
*/
|
|
13
|
+
export async function setPKCECookie(pkceCookieValue: string | undefined): Promise<void> {
|
|
14
|
+
if (!pkceCookieValue) return;
|
|
15
|
+
const nextCookies = await cookies();
|
|
16
|
+
const { domain, path, sameSite, secure } = getCookieOptions();
|
|
17
|
+
nextCookies.set(PKCE_COOKIE_NAME, pkceCookieValue, {
|
|
18
|
+
domain,
|
|
19
|
+
path,
|
|
20
|
+
sameSite,
|
|
21
|
+
secure,
|
|
22
|
+
httpOnly: true,
|
|
23
|
+
maxAge: PKCE_COOKIE_MAX_AGE,
|
|
24
|
+
});
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
/**
|
|
28
|
+
* Read and unseal the PKCE code verifier from the cookie.
|
|
29
|
+
* Returns undefined if the cookie is missing or corrupted.
|
|
30
|
+
*/
|
|
31
|
+
export async function getPKCECodeVerifier(cookieValue: string | undefined): Promise<string | undefined> {
|
|
32
|
+
if (!cookieValue) return undefined;
|
|
33
|
+
try {
|
|
34
|
+
const unsealed = await unsealData<{ codeVerifier: string }>(cookieValue, {
|
|
35
|
+
password: WORKOS_COOKIE_PASSWORD,
|
|
36
|
+
});
|
|
37
|
+
return unsealed.codeVerifier;
|
|
38
|
+
} catch {
|
|
39
|
+
// Cookie corrupted or expired — caller will proceed without PKCE
|
|
40
|
+
return undefined;
|
|
41
|
+
}
|
|
42
|
+
}
|
package/src/session.ts
CHANGED
|
@@ -18,6 +18,7 @@ import {
|
|
|
18
18
|
Session,
|
|
19
19
|
UserInfo,
|
|
20
20
|
} from './interfaces.js';
|
|
21
|
+
import { PKCE_COOKIE_NAME, setPKCECookie } from './pkce.js';
|
|
21
22
|
import { getWorkOS } from './workos.js';
|
|
22
23
|
|
|
23
24
|
import type { AuthenticationResponse } from '@workos-inc/node';
|
|
@@ -25,6 +26,12 @@ import { parse, tokensToRegexp } from 'path-to-regexp';
|
|
|
25
26
|
import { handleAuthkitHeaders } from './middleware-helpers.js';
|
|
26
27
|
import { lazy, setCachePreventionHeaders } from './utils.js';
|
|
27
28
|
|
|
29
|
+
function appendPKCESetCookieHeader(headers: Headers, pkceCookieValue: string | undefined, requestUrl: string): void {
|
|
30
|
+
if (pkceCookieValue) {
|
|
31
|
+
headers.append('Set-Cookie', `${PKCE_COOKIE_NAME}=${pkceCookieValue}; ${getCookieOptions(requestUrl, true)}`);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
|
|
28
35
|
const sessionHeaderName = 'x-workos-session';
|
|
29
36
|
const middlewareHeaderName = 'x-workos-middleware';
|
|
30
37
|
const signUpPathsHeaderName = 'x-sign-up-paths';
|
|
@@ -202,14 +209,18 @@ async function updateSession(
|
|
|
202
209
|
console.log('No session found from cookie');
|
|
203
210
|
}
|
|
204
211
|
|
|
212
|
+
const { url: authorizationUrl, pkceCookieValue } = await getAuthorizationUrl({
|
|
213
|
+
returnPathname: getReturnPathname(request.url),
|
|
214
|
+
redirectUri: options.redirectUri || WORKOS_REDIRECT_URI,
|
|
215
|
+
screenHint: options.screenHint,
|
|
216
|
+
});
|
|
217
|
+
|
|
218
|
+
appendPKCESetCookieHeader(newRequestHeaders, pkceCookieValue, request.url);
|
|
219
|
+
|
|
205
220
|
return {
|
|
206
221
|
session: { user: null },
|
|
207
222
|
headers: newRequestHeaders,
|
|
208
|
-
authorizationUrl
|
|
209
|
-
returnPathname: getReturnPathname(request.url),
|
|
210
|
-
redirectUri: options.redirectUri || WORKOS_REDIRECT_URI,
|
|
211
|
-
screenHint: options.screenHint,
|
|
212
|
-
}),
|
|
223
|
+
authorizationUrl,
|
|
213
224
|
};
|
|
214
225
|
}
|
|
215
226
|
|
|
@@ -340,13 +351,17 @@ async function updateSession(
|
|
|
340
351
|
|
|
341
352
|
options.onSessionRefreshError?.({ error: e, request });
|
|
342
353
|
|
|
354
|
+
const { url: authorizationUrl, pkceCookieValue } = await getAuthorizationUrl({
|
|
355
|
+
returnPathname: getReturnPathname(request.url),
|
|
356
|
+
redirectUri: options.redirectUri || WORKOS_REDIRECT_URI,
|
|
357
|
+
});
|
|
358
|
+
|
|
359
|
+
appendPKCESetCookieHeader(newRequestHeaders, pkceCookieValue, request.url);
|
|
360
|
+
|
|
343
361
|
return {
|
|
344
362
|
session: { user: null },
|
|
345
363
|
headers: newRequestHeaders,
|
|
346
|
-
authorizationUrl
|
|
347
|
-
returnPathname: getReturnPathname(request.url),
|
|
348
|
-
redirectUri: options.redirectUri || WORKOS_REDIRECT_URI,
|
|
349
|
-
}),
|
|
364
|
+
authorizationUrl,
|
|
350
365
|
};
|
|
351
366
|
}
|
|
352
367
|
}
|
|
@@ -453,7 +468,9 @@ async function redirectToSignIn() {
|
|
|
453
468
|
|
|
454
469
|
const returnPathname = getReturnPathname(url);
|
|
455
470
|
|
|
456
|
-
|
|
471
|
+
const { url: authkitUrl, pkceCookieValue } = await getAuthorizationUrl({ returnPathname, screenHint });
|
|
472
|
+
await setPKCECookie(pkceCookieValue);
|
|
473
|
+
redirect(authkitUrl);
|
|
457
474
|
}
|
|
458
475
|
|
|
459
476
|
export async function getTokenClaims<T = Record<string, unknown>>(
|