autherr 2.0.36 → 2.0.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/provider/AutherrProvider.js +36 -7
  2. package/package.json +1 -1
  3. package/src/provider/AutherrProvider.tsx +46 -13
package/dist/provider/AutherrProvider.js CHANGED
@@ -36,16 +36,45 @@ export function AutherrProvider({ children, clientId, baseUrl, clientPrivateKey,
36
36
  // const login = () => buildRedirect("login");
37
37
  // const signup = () => buildRedirect("signup");
38
38
  // NEW FINAL CODE:
39
+ // const buildRedirect = async (path: "login" | "signup") => {
40
+ // const state = crypto.randomUUID();
41
+ // const assertion = await createClientAssertion(
42
+ // clientId,
43
+ // clientPrivateKey
44
+ // );
45
+ // // ⏱️ 45 seconds TTL
46
+ // const ttlSeconds = 45;
47
+ // // IMPORTANT:
48
+ // // - SameSite=Lax → sent on top-level navigation
49
+ // // - Secure → HTTPS only (required in prod)
50
+ // // - Path=/ → available to auth routes
51
+ // document.cookie =
52
+ // `autherr_client_assertion=${encodeURIComponent(assertion)}; ` +
53
+ // `Max-Age=${ttlSeconds}; ` +
54
+ // `Path=/; ` +
55
+ // `SameSite=Lax; ` +
56
+ // `Secure`;
57
+ // const url = new URL(`${baseUrl}/auth/${path}`);
58
+ // url.searchParams.set("client_id", clientId);
59
+ // url.searchParams.set("redirect_uri", window.location.origin);
60
+ // url.searchParams.set("state", state);
61
+ // window.location.href = url.toString();
62
+ // };
39
63
  const buildRedirect = async (path) => {
40
64
  const state = crypto.randomUUID();
41
65
  const assertion = await createClientAssertion(clientId, clientPrivateKey);
42
- // Persist assertion temporarily (cookie / storage / backend exchange)
43
- sessionStorage.setItem("client_assertion", assertion);
44
- const url = new URL(`${baseUrl}/auth/${path}`);
45
- url.searchParams.set("client_id", clientId);
46
- url.searchParams.set("redirect_uri", window.location.origin);
47
- url.searchParams.set("state", state);
48
- window.location.href = url.toString();
66
+ const encodedAssertion = encodeURIComponent(assertion);
67
+ const form = document.createElement("form");
68
+ form.method = "POST";
69
+ form.action = `${baseUrl}/auth/${path}`;
70
+ form.innerHTML = `
71
+ <input type="hidden" name="client_id" value="${clientId}" />
72
+ <input type="hidden" name="redirect_uri" value="${window.location.origin}" />
73
+ <input type="hidden" name="state" value="${state}" />
74
+ <input type="hidden" name="client_assertion" value="${encodedAssertion}" />
75
+ `;
76
+ document.body.appendChild(form);
77
+ form.submit();
49
78
  };
50
79
  const login = async () => buildRedirect("login");
51
80
  const signup = async () => buildRedirect("signup");
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "autherr",
3
- "version": "2.0.36",
3
+ "version": "2.0.38",
4
4
  "dest": "dist",
5
5
  "main": "dist/index.js",
6
6
  "scripts": {
package/src/provider/AutherrProvider.tsx CHANGED
@@ -68,25 +68,58 @@ export function AutherrProvider({
68
68
  // const signup = () => buildRedirect("signup");
69
69
 
70
70
  // NEW FINAL CODE:
71
- const buildRedirect = async (path: "login" | "signup") => {
72
- const state = crypto.randomUUID();
71
+ // const buildRedirect = async (path: "login" | "signup") => {
72
+ // const state = crypto.randomUUID();
73
73
 
74
- const assertion = await createClientAssertion(
75
- clientId,
76
- clientPrivateKey
77
- );
74
+ // const assertion = await createClientAssertion(
75
+ // clientId,
76
+ // clientPrivateKey
77
+ // );
78
+
79
+ // // ⏱️ 45 seconds TTL
80
+ // const ttlSeconds = 45;
81
+
82
+ // // IMPORTANT:
83
+ // // - SameSite=Lax → sent on top-level navigation
84
+ // // - Secure → HTTPS only (required in prod)
85
+ // // - Path=/ → available to auth routes
86
+ // document.cookie =
87
+ // `autherr_client_assertion=${encodeURIComponent(assertion)}; ` +
88
+ // `Max-Age=${ttlSeconds}; ` +
89
+ // `Path=/; ` +
90
+ // `SameSite=Lax; ` +
91
+ // `Secure`;
78
92
 
79
- // Persist assertion temporarily (cookie / storage / backend exchange)
80
- sessionStorage.setItem("client_assertion", assertion);
93
+ // const url = new URL(`${baseUrl}/auth/${path}`);
94
+ // url.searchParams.set("client_id", clientId);
95
+ // url.searchParams.set("redirect_uri", window.location.origin);
96
+ // url.searchParams.set("state", state);
81
97
 
82
- const url = new URL(`${baseUrl}/auth/${path}`);
83
- url.searchParams.set("client_id", clientId);
84
- url.searchParams.set("redirect_uri", window.location.origin);
85
- url.searchParams.set("state", state);
98
+ // window.location.href = url.toString();
99
+ // };
86
100
 
87
- window.location.href = url.toString();
101
+ const buildRedirect = async (path: "login" | "signup") => {
102
+ const state = crypto.randomUUID();
103
+ const assertion = await createClientAssertion(clientId, clientPrivateKey);
104
+ const encodedAssertion = encodeURIComponent(assertion);
105
+
106
+ const form = document.createElement("form");
107
+ form.method = "POST";
108
+ form.action = `${baseUrl}/auth/${path}`;
109
+
110
+ form.innerHTML = `
111
+ <input type="hidden" name="client_id" value="${clientId}" />
112
+ <input type="hidden" name="redirect_uri" value="${window.location.origin}" />
113
+ <input type="hidden" name="state" value="${state}" />
114
+ <input type="hidden" name="client_assertion" value="${encodedAssertion}" />
115
+ `;
116
+
117
+ document.body.appendChild(form);
118
+ form.submit();
88
119
  };
89
120
 
121
+
122
+
90
123
  const login = async () => buildRedirect("login");
91
124
  const signup = async () => buildRedirect("signup");
92
125