@workos-inc/authkit-nextjs 3.0.0-beta.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (106) hide show
  1. package/README.md +276 -102
  2. package/dist/esm/actions.js +35 -4
  3. package/dist/esm/actions.js.map +1 -1
  4. package/dist/esm/auth.js +51 -20
  5. package/dist/esm/auth.js.map +1 -1
  6. package/dist/esm/authkit-callback-route.js +82 -93
  7. package/dist/esm/authkit-callback-route.js.map +1 -1
  8. package/dist/esm/components/authkit-provider.js +36 -15
  9. package/dist/esm/components/authkit-provider.js.map +1 -1
  10. package/dist/esm/components/impersonation.js +17 -15
  11. package/dist/esm/components/impersonation.js.map +1 -1
  12. package/dist/esm/components/min-max-button.js +1 -1
  13. package/dist/esm/components/min-max-button.js.map +1 -1
  14. package/dist/esm/components/tokenStore.js +28 -19
  15. package/dist/esm/components/tokenStore.js.map +1 -1
  16. package/dist/esm/components/useAccessToken.js +1 -1
  17. package/dist/esm/components/useAccessToken.js.map +1 -1
  18. package/dist/esm/components/useTokenClaims.js +1 -1
  19. package/dist/esm/components/useTokenClaims.js.map +1 -1
  20. package/dist/esm/cookie.js +16 -5
  21. package/dist/esm/cookie.js.map +1 -1
  22. package/dist/esm/env-variables.js +6 -6
  23. package/dist/esm/env-variables.js.map +1 -1
  24. package/dist/esm/errors.js +36 -0
  25. package/dist/esm/errors.js.map +1 -0
  26. package/dist/esm/get-authorization-url.js +51 -12
  27. package/dist/esm/get-authorization-url.js.map +1 -1
  28. package/dist/esm/index.js +5 -2
  29. package/dist/esm/index.js.map +1 -1
  30. package/dist/esm/interfaces.js +7 -1
  31. package/dist/esm/interfaces.js.map +1 -1
  32. package/dist/esm/middleware-helpers.js +102 -0
  33. package/dist/esm/middleware-helpers.js.map +1 -0
  34. package/dist/esm/middleware.js +3 -1
  35. package/dist/esm/middleware.js.map +1 -1
  36. package/dist/esm/pkce.js +38 -0
  37. package/dist/esm/pkce.js.map +1 -0
  38. package/dist/esm/session.js +73 -35
  39. package/dist/esm/session.js.map +1 -1
  40. package/dist/esm/test-helpers.js +1 -1
  41. package/dist/esm/test-helpers.js.map +1 -1
  42. package/dist/esm/types/actions.d.ts +34 -5
  43. package/dist/esm/types/auth.d.ts +7 -15
  44. package/dist/esm/types/components/authkit-provider.d.ts +6 -2
  45. package/dist/esm/types/components/impersonation.d.ts +2 -1
  46. package/dist/esm/types/cookie.d.ts +8 -0
  47. package/dist/esm/types/env-variables.d.ts +2 -1
  48. package/dist/esm/types/errors.d.ts +15 -0
  49. package/dist/esm/types/get-authorization-url.d.ts +2 -2
  50. package/dist/esm/types/index.d.ts +5 -2
  51. package/dist/esm/types/interfaces.d.ts +12 -0
  52. package/dist/esm/types/jwt.d.ts +9 -9
  53. package/dist/esm/types/middleware-helpers.d.ts +27 -0
  54. package/dist/esm/types/middleware.d.ts +3 -1
  55. package/dist/esm/types/pkce.d.ts +12 -0
  56. package/dist/esm/types/session.d.ts +1 -1
  57. package/dist/esm/types/utils.d.ts +5 -0
  58. package/dist/esm/types/validate-api-key.d.ts +1 -0
  59. package/dist/esm/types/workos.d.ts +1 -1
  60. package/dist/esm/utils.js +10 -2
  61. package/dist/esm/utils.js.map +1 -1
  62. package/dist/esm/validate-api-key.js +16 -0
  63. package/dist/esm/validate-api-key.js.map +1 -0
  64. package/dist/esm/workos.js +1 -1
  65. package/package.json +32 -34
  66. package/src/actions.spec.ts +94 -17
  67. package/src/actions.ts +44 -5
  68. package/src/auth.spec.ts +60 -29
  69. package/src/auth.ts +55 -41
  70. package/src/authkit-callback-route.spec.ts +310 -58
  71. package/src/authkit-callback-route.ts +106 -103
  72. package/src/components/authkit-provider.spec.tsx +264 -70
  73. package/src/components/authkit-provider.tsx +40 -15
  74. package/src/components/button.spec.tsx +4 -6
  75. package/src/components/impersonation.spec.tsx +152 -35
  76. package/src/components/impersonation.tsx +37 -30
  77. package/src/components/min-max-button.spec.tsx +2 -1
  78. package/src/components/tokenStore.spec.ts +59 -44
  79. package/src/components/tokenStore.ts +11 -3
  80. package/src/components/useAccessToken.spec.tsx +82 -83
  81. package/src/components/useTokenClaims.spec.tsx +23 -22
  82. package/src/cookie.spec.ts +14 -9
  83. package/src/cookie.ts +29 -0
  84. package/src/env-variables.ts +2 -0
  85. package/src/errors.spec.ts +108 -0
  86. package/src/errors.ts +46 -0
  87. package/src/get-authorization-url.spec.ts +170 -15
  88. package/src/get-authorization-url.ts +69 -23
  89. package/src/index.ts +20 -2
  90. package/src/interfaces.ts +15 -0
  91. package/src/jwt.ts +9 -9
  92. package/src/middleware-helpers.spec.ts +238 -0
  93. package/src/middleware-helpers.ts +134 -0
  94. package/src/middleware.spec.ts +25 -0
  95. package/src/middleware.ts +4 -1
  96. package/src/pkce.spec.ts +125 -0
  97. package/src/pkce.ts +42 -0
  98. package/src/session.spec.ts +87 -89
  99. package/src/session.ts +91 -27
  100. package/src/test-helpers.ts +1 -1
  101. package/src/utils.spec.ts +14 -31
  102. package/src/utils.ts +9 -0
  103. package/src/validate-api-key.spec.ts +111 -0
  104. package/src/validate-api-key.ts +19 -0
  105. package/src/workos.spec.ts +2 -2
  106. package/src/workos.ts +1 -1
package/src/auth.ts CHANGED
@@ -7,39 +7,45 @@ import { redirect } from 'next/navigation';
7
7
  import { WORKOS_COOKIE_NAME } from './env-variables.js';
8
8
  import { getCookieOptions } from './cookie.js';
9
9
  import { getAuthorizationUrl } from './get-authorization-url.js';
10
- import type { AccessToken, SwitchToOrganizationOptions, UserInfo } from './interfaces.js';
10
+ import type { AccessToken, GetAuthURLOptions, SwitchToOrganizationOptions, UserInfo } from './interfaces.js';
11
+ import { setPKCECookie } from './pkce.js';
11
12
  import { getSessionFromCookie, refreshSession, withAuth } from './session.js';
12
13
  import { getWorkOS } from './workos.js';
13
- export async function getSignInUrl({
14
- organizationId,
15
- loginHint,
16
- redirectUri,
17
- prompt,
18
- state,
19
- }: {
20
- organizationId?: string;
21
- loginHint?: string;
22
- redirectUri?: string;
23
- prompt?: 'consent';
24
- state?: string;
25
- } = {}) {
26
- return getAuthorizationUrl({ organizationId, screenHint: 'sign-in', loginHint, redirectUri, prompt, state });
14
+
15
+ /**
16
+ * A wrapper around revalidateTag to provide compatibility with previous versions.
17
+ * @param tag The tag to revalidate.
18
+ */
19
+ function revalidateTagCompat(tag: string): void {
20
+ const fn = revalidateTag as (tag: string, profile: string) => void;
21
+ return fn(tag, 'max');
27
22
  }
28
23
 
29
- export async function getSignUpUrl({
30
- organizationId,
31
- loginHint,
32
- redirectUri,
33
- prompt,
34
- state,
35
- }: {
36
- organizationId?: string;
37
- loginHint?: string;
38
- redirectUri?: string;
39
- prompt?: 'consent';
40
- state?: string;
41
- } = {}) {
42
- return getAuthorizationUrl({ organizationId, screenHint: 'sign-up', loginHint, redirectUri, prompt, state });
24
+ async function getAuthURLAndSetPKCECookie(options: GetAuthURLOptions): Promise<string> {
25
+ const { url, sealedState } = await getAuthorizationUrl(options);
26
+ await setPKCECookie(sealedState);
27
+
28
+ return url;
29
+ }
30
+
31
+ type GetSignUrlOptions = Omit<GetAuthURLOptions, 'screenHint' | 'returnPathname'> & {
32
+ returnTo?: string;
33
+ };
34
+
35
+ export async function getSignInUrl(authUrlOptions: GetSignUrlOptions = {}) {
36
+ return getAuthURLAndSetPKCECookie({
37
+ ...authUrlOptions,
38
+ returnPathname: authUrlOptions.returnTo,
39
+ screenHint: 'sign-in',
40
+ });
41
+ }
42
+
43
+ export async function getSignUpUrl(authUrlOptions: GetSignUrlOptions = {}) {
44
+ return getAuthURLAndSetPKCECookie({
45
+ ...authUrlOptions,
46
+ returnPathname: authUrlOptions.returnTo,
47
+ screenHint: 'sign-up',
48
+ });
43
49
  }
44
50
 
45
51
  /**
@@ -67,7 +73,12 @@ export async function signOut({ returnTo }: { returnTo?: string } = {}) {
67
73
  const nextCookies = await cookies();
68
74
  const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
69
75
  const { domain, path, sameSite, secure } = getCookieOptions();
70
- nextCookies.delete({ name: cookieName, domain, path, sameSite, secure });
76
+ try {
77
+ nextCookies.delete({ name: cookieName, domain, path, sameSite, secure });
78
+ } catch {
79
+ // Some environments (e.g., vinext) only accept a string cookie name
80
+ nextCookies.delete(cookieName);
81
+ }
71
82
 
72
83
  if (sessionId) {
73
84
  redirect(getWorkOS().userManagement.getLogoutUrl({ sessionId, returnTo }));
@@ -98,22 +109,25 @@ export async function switchToOrganization(
98
109
  redirect(cause.rawData.authkit_redirect_url);
99
110
  } else {
100
111
  if (cause?.error === 'sso_required' || cause?.error === 'mfa_enrollment') {
101
- const url = await getAuthorizationUrl({ organizationId });
102
- return redirect(url);
112
+ return redirect(await getAuthURLAndSetPKCECookie({ organizationId }));
103
113
  }
104
114
  throw error;
105
115
  }
106
116
  }
107
117
 
108
- switch (revalidationStrategy) {
109
- case 'path':
110
- revalidatePath(pathname);
111
- break;
112
- case 'tag':
113
- for (const tag of revalidationTags) {
114
- revalidateTag(tag);
115
- }
116
- break;
118
+ try {
119
+ switch (revalidationStrategy) {
120
+ case 'path':
121
+ revalidatePath(pathname);
122
+ break;
123
+ case 'tag':
124
+ for (const tag of revalidationTags) {
125
+ revalidateTagCompat(tag);
126
+ }
127
+ break;
128
+ }
129
+ } catch {
130
+ // revalidatePath/revalidateTag may not be available in non-Next.js environments (e.g., vinext)
117
131
  }
118
132
  if (revalidationStrategy !== 'none') {
119
133
  redirect(pathname);