autherr 2.0.36 → 2.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/provider/AutherrProvider.js +12 -2
  2. package/package.json +1 -1
  3. package/src/provider/AutherrProvider.tsx +14 -2
package/dist/provider/AutherrProvider.js CHANGED
@@ -39,8 +39,18 @@ export function AutherrProvider({ children, clientId, baseUrl, clientPrivateKey,
39
39
  const buildRedirect = async (path) => {
40
40
  const state = crypto.randomUUID();
41
41
  const assertion = await createClientAssertion(clientId, clientPrivateKey);
42
- // Persist assertion temporarily (cookie / storage / backend exchange)
43
- sessionStorage.setItem("client_assertion", assertion);
42
+ // ⏱️ 45 seconds TTL
43
+ const ttlSeconds = 45;
44
+ // IMPORTANT:
45
+ // - SameSite=Lax → sent on top-level navigation
46
+ // - Secure → HTTPS only (required in prod)
47
+ // - Path=/ → available to auth routes
48
+ document.cookie =
49
+ `autherr_client_assertion=${encodeURIComponent(assertion)}; ` +
50
+ `Max-Age=${ttlSeconds}; ` +
51
+ `Path=/; ` +
52
+ `SameSite=Lax; ` +
53
+ `Secure`;
44
54
  const url = new URL(`${baseUrl}/auth/${path}`);
45
55
  url.searchParams.set("client_id", clientId);
46
56
  url.searchParams.set("redirect_uri", window.location.origin);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "autherr",
3
- "version": "2.0.36",
3
+ "version": "2.0.37",
4
4
  "dest": "dist",
5
5
  "main": "dist/index.js",
6
6
  "scripts": {
package/src/provider/AutherrProvider.tsx CHANGED
@@ -76,8 +76,19 @@ export function AutherrProvider({
76
76
  clientPrivateKey
77
77
  );
78
78
 
79
- // Persist assertion temporarily (cookie / storage / backend exchange)
80
- sessionStorage.setItem("client_assertion", assertion);
79
+ // ⏱️ 45 seconds TTL
80
+ const ttlSeconds = 45;
81
+
82
+ // IMPORTANT:
83
+ // - SameSite=Lax → sent on top-level navigation
84
+ // - Secure → HTTPS only (required in prod)
85
+ // - Path=/ → available to auth routes
86
+ document.cookie =
87
+ `autherr_client_assertion=${encodeURIComponent(assertion)}; ` +
88
+ `Max-Age=${ttlSeconds}; ` +
89
+ `Path=/; ` +
90
+ `SameSite=Lax; ` +
91
+ `Secure`;
81
92
 
82
93
  const url = new URL(`${baseUrl}/auth/${path}`);
83
94
  url.searchParams.set("client_id", clientId);
@@ -87,6 +98,7 @@ export function AutherrProvider({
87
98
  window.location.href = url.toString();
88
99
  };
89
100
 
101
+
90
102
  const login = async () => buildRedirect("login");
91
103
  const signup = async () => buildRedirect("signup");
92
104