autherr 2.0.2 → 2.0.31

package/dist/crypto/createClientAssertion.js

@@ -6,12 +6,13 @@ export async function createClientAssertion(clientId, privateKeyPem) {
         name: "RSASSA-PKCS1-v1_5",
         hash: "SHA-256",
     }, false, ["sign"]);
-    const now = Math.floor(Date.now() / 1000);
-    return await new SignJWT({ clientId })
+    return await new SignJWT({})
         .setProtectedHeader({ alg: "RS256", typ: "JWT" })
-        .setIssuedAt(now)
-        .setExpirationTime(now + 120) // ⏱ 2 minutes
-        .setAudience("autherr")
-        .setIssuer(clientId)
+        .setIssuer(clientId) // iss
+        .setSubject(clientId) // sub
+        .setAudience("autherr") // aud
+        .setIssuedAt() // iat = now
+        .setExpirationTime("2m") // exp = iat + 2 min
+        .setJti(crypto.randomUUID()) // anti-replay
         .sign(key);
 }

package/dist/hooks/useAutherr.d.ts

@@ -1,8 +1,8 @@
 export declare function useAutherr(): {
     accessToken: string | null;
     isAuthenticated: boolean;
-    login: () => void;
-    signup: () => void;
+    login: () => Promise<void>;
+    signup: () => Promise<void>;
     logout: () => Promise<void>;
     refreshSession: () => Promise<void>;
     getAccessToken: () => string | null;

package/dist/provider/AutherrProvider.d.ts

@@ -2,8 +2,8 @@ import React from "react";
 interface AutherrContextValue {
     accessToken: string | null;
     isAuthenticated: boolean;
-    login: () => void;
-    signup: () => void;
+    login: () => Promise<void>;
+    signup: () => Promise<void>;
     logout: () => Promise<void>;
     getAccessToken: () => string | null;
     refreshSession: () => Promise<void>;

package/dist/provider/AutherrProvider.js

@@ -3,13 +3,6 @@ import { createContext, useContext, useEffect, useMemo, useState, } from "react"
 import { fetchSession } from "../api/session";
 import { logoutSession } from "../api/logout";
 import { createClientAssertion } from "../crypto/createClientAssertion";
-function setClientAssertionCookie(token) {
-    document.cookie =
-        `autherr_client_assertion=${token};` +
-            `Path=/;` +
-            `Secure;` +
-            `SameSite=None`;
-}
 const AutherrContext = createContext(null);
 export function AutherrProvider({ children, clientId, baseUrl, clientPrivateKey, }) {
     const [accessToken, setAccessToken] = useState(null);
@@ -28,35 +21,31 @@ export function AutherrProvider({ children, clientId, baseUrl, clientPrivateKey,
     useEffect(() => {
         refreshSession();
     }, [baseUrl, clientId]);
-    const login = async () => {
-        const state = crypto.randomUUID();
-        const assertion = await createClientAssertion(clientId, clientPrivateKey);
-        setClientAssertionCookie(assertion);
-        window.location.href =
-            `${baseUrl}/auth/login` +
-                `?client_id=${clientId}` +
-                `&redirect_uri=${encodeURIComponent(window.location.origin)}` +
-                `&state=${state}`;
-    };
-    const signup = async () => {
+    const buildRedirect = async (path) => {
         const state = crypto.randomUUID();
         const assertion = await createClientAssertion(clientId, clientPrivateKey);
-        setClientAssertionCookie(assertion);
-        window.location.href =
-            `${baseUrl}/auth/signup` +
-                `?client_id=${clientId}` +
-                `&redirect_uri=${encodeURIComponent(window.location.origin)}` +
-                `&state=${state}`;
+        const url = new URL(`${baseUrl}/auth/${path}`);
+        url.searchParams.set("client_id", clientId);
+        url.searchParams.set("redirect_uri", window.location.origin);
+        url.searchParams.set("state", state);
+        // Attach assertion as header via fetch redirect
+        await fetch(url.toString(), {
+            method: "GET",
+            headers: {
+                "X-Client-Assertion": assertion,
+            },
+            credentials: "include",
+        }).then((res) => {
+            window.location.href = res.url;
+        });
     };
+    const login = () => buildRedirect("login");
+    const signup = () => buildRedirect("signup");
     const logout = async () => {
-        try {
-            await logoutSession(baseUrl, clientId);
-        }
-        finally {
-            setAccessToken(null);
-            setIsAuthenticated(false);
-            window.location.href = window.location.origin;
-        }
+        await logoutSession(baseUrl, clientId);
+        setAccessToken(null);
+        setIsAuthenticated(false);
+        window.location.href = window.location.origin;
     };
     const value = useMemo(() => ({
         accessToken,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "autherr",
-  "version": "2.0.2",
+  "version": "2.0.31",
   "dest": "dist",
   "main": "dist/index.js",
   "scripts": {

package/src/crypto/createClientAssertion.ts

@@ -17,13 +17,13 @@ export async function createClientAssertion(
     ["sign"]
   );
 
-  const now = Math.floor(Date.now() / 1000);
-
-  return await new SignJWT({ clientId })
+  return await new SignJWT({})
     .setProtectedHeader({ alg: "RS256", typ: "JWT" })
-    .setIssuedAt(now)
-    .setExpirationTime(now + 120) // ⏱ 2 minutes
-    .setAudience("autherr")
-    .setIssuer(clientId)
+    .setIssuer(clientId)              // iss
+    .setSubject(clientId)             // sub
+    .setAudience("autherr")           // aud
+    .setIssuedAt()                    // iat = now
+    .setExpirationTime("2m")          // exp = iat + 2 min
+    .setJti(crypto.randomUUID())      // anti-replay
     .sign(key);
 }

package/src/provider/AutherrProvider.tsx

@@ -7,35 +7,24 @@ import React, {
 } from "react";
 import { fetchSession } from "../api/session";
 import { logoutSession } from "../api/logout";
-import { AutherrUser } from "../types/auth";
 import { createClientAssertion } from "../crypto/createClientAssertion";
 
 interface AutherrContextValue {
   accessToken: string | null;
   isAuthenticated: boolean;
-  login: () => void;
-  signup: () => void;
+  login: () => Promise<void>;
+  signup: () => Promise<void>;
   logout: () => Promise<void>;
   getAccessToken: () => string | null;
   refreshSession: () => Promise<void>;
 }
 
-function setClientAssertionCookie(token: string) {
-  document.cookie =
-    `autherr_client_assertion=${token};` +
-    `Path=/;` +
-    `Secure;` +
-    `SameSite=None`;
-}
-
-
-
 const AutherrContext = createContext<AutherrContextValue | null>(null);
 
 interface AutherrProviderProps {
   children: React.ReactNode;
   clientId: string;
-  baseUrl: string; // e.g. https://autherr.com
+  baseUrl: string;
   clientPrivateKey: string;
 }
 
@@ -45,13 +34,11 @@ export function AutherrProvider({
   baseUrl,
   clientPrivateKey,
 }: AutherrProviderProps) {
-  
   const [accessToken, setAccessToken] = useState<string | null>(null);
   const [isAuthenticated, setIsAuthenticated] = useState(false);
 
   const refreshSession = async () => {
     const session = await fetchSession(baseUrl, clientId);
-
     if (session.authenticated && session.accessToken) {
       setAccessToken(session.accessToken);
       setIsAuthenticated(true);
@@ -61,12 +48,11 @@ export function AutherrProvider({
     }
   };
 
-
   useEffect(() => {
     refreshSession();
   }, [baseUrl, clientId]);
 
-  const login = async () => {
+  const buildRedirect = async (path: "login" | "signup") => {
     const state = crypto.randomUUID();
 
     const assertion = await createClientAssertion(
@@ -74,41 +60,34 @@ export function AutherrProvider({
       clientPrivateKey
     );
 
-    setClientAssertionCookie(assertion);
-
-    window.location.href =
-      `${baseUrl}/auth/login` +
-      `?client_id=${clientId}` +
-      `&redirect_uri=${encodeURIComponent(window.location.origin)}` +
-      `&state=${state}`;
-  };
-
-  const signup = async () => {
-    const state = crypto.randomUUID();
-
-    const assertion = await createClientAssertion(
-      clientId,
-      clientPrivateKey
+    const url = new URL(`${baseUrl}/auth/${path}`);
+    url.searchParams.set("client_id", clientId);
+    url.searchParams.set(
+      "redirect_uri",
+      window.location.origin
     );
-
-    setClientAssertionCookie(assertion);
-
-    window.location.href =
-      `${baseUrl}/auth/signup` +
-      `?client_id=${clientId}` +
-      `&redirect_uri=${encodeURIComponent(window.location.origin)}` +
-      `&state=${state}`;
+    url.searchParams.set("state", state);
+
+    // Attach assertion as header via fetch redirect
+    await fetch(url.toString(), {
+      method: "GET",
+      headers: {
+        "X-Client-Assertion": assertion,
+      },
+      credentials: "include",
+    }).then((res) => {
+      window.location.href = res.url;
+    });
   };
 
+  const login = () => buildRedirect("login");
+  const signup = () => buildRedirect("signup");
 
   const logout = async () => {
-    try {
-      await logoutSession(baseUrl, clientId);
-    } finally {
-      setAccessToken(null);
-      setIsAuthenticated(false);
-      window.location.href = window.location.origin;
-    }
+    await logoutSession(baseUrl, clientId);
+    setAccessToken(null);
+    setIsAuthenticated(false);
+    window.location.href = window.location.origin;
   };
 
   const value = useMemo(
@@ -124,7 +103,6 @@ export function AutherrProvider({
     [accessToken, isAuthenticated]
   );
 
-
   return (
     <AutherrContext.Provider value={value}>
       {children}