autherr 2.0.37 → 2.0.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -36,26 +36,45 @@ export function AutherrProvider({ children, clientId, baseUrl, clientPrivateKey,
|
|
|
36
36
|
// const login = () => buildRedirect("login");
|
|
37
37
|
// const signup = () => buildRedirect("signup");
|
|
38
38
|
// NEW FINAL CODE:
|
|
39
|
+
// const buildRedirect = async (path: "login" | "signup") => {
|
|
40
|
+
// const state = crypto.randomUUID();
|
|
41
|
+
// const assertion = await createClientAssertion(
|
|
42
|
+
// clientId,
|
|
43
|
+
// clientPrivateKey
|
|
44
|
+
// );
|
|
45
|
+
// // ⏱️ 45 seconds TTL
|
|
46
|
+
// const ttlSeconds = 45;
|
|
47
|
+
// // IMPORTANT:
|
|
48
|
+
// // - SameSite=Lax → sent on top-level navigation
|
|
49
|
+
// // - Secure → HTTPS only (required in prod)
|
|
50
|
+
// // - Path=/ → available to auth routes
|
|
51
|
+
// document.cookie =
|
|
52
|
+
// `autherr_client_assertion=${encodeURIComponent(assertion)}; ` +
|
|
53
|
+
// `Max-Age=${ttlSeconds}; ` +
|
|
54
|
+
// `Path=/; ` +
|
|
55
|
+
// `SameSite=Lax; ` +
|
|
56
|
+
// `Secure`;
|
|
57
|
+
// const url = new URL(`${baseUrl}/auth/${path}`);
|
|
58
|
+
// url.searchParams.set("client_id", clientId);
|
|
59
|
+
// url.searchParams.set("redirect_uri", window.location.origin);
|
|
60
|
+
// url.searchParams.set("state", state);
|
|
61
|
+
// window.location.href = url.toString();
|
|
62
|
+
// };
|
|
39
63
|
const buildRedirect = async (path) => {
|
|
40
64
|
const state = crypto.randomUUID();
|
|
41
65
|
const assertion = await createClientAssertion(clientId, clientPrivateKey);
|
|
42
|
-
|
|
43
|
-
const
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
const url = new URL(`${baseUrl}/auth/${path}`);
|
|
55
|
-
url.searchParams.set("client_id", clientId);
|
|
56
|
-
url.searchParams.set("redirect_uri", window.location.origin);
|
|
57
|
-
url.searchParams.set("state", state);
|
|
58
|
-
window.location.href = url.toString();
|
|
66
|
+
const encodedAssertion = encodeURIComponent(assertion);
|
|
67
|
+
const form = document.createElement("form");
|
|
68
|
+
form.method = "POST";
|
|
69
|
+
form.action = `${baseUrl}/auth/${path}`;
|
|
70
|
+
form.innerHTML = `
|
|
71
|
+
<input type="hidden" name="client_id" value="${clientId}" />
|
|
72
|
+
<input type="hidden" name="redirect_uri" value="${window.location.origin}" />
|
|
73
|
+
<input type="hidden" name="state" value="${state}" />
|
|
74
|
+
<input type="hidden" name="client_assertion" value="${encodedAssertion}" />
|
|
75
|
+
`;
|
|
76
|
+
document.body.appendChild(form);
|
|
77
|
+
form.submit();
|
|
59
78
|
};
|
|
60
79
|
const login = async () => buildRedirect("login");
|
|
61
80
|
const signup = async () => buildRedirect("signup");
|
package/package.json
CHANGED
|
@@ -68,37 +68,58 @@ export function AutherrProvider({
|
|
|
68
68
|
// const signup = () => buildRedirect("signup");
|
|
69
69
|
|
|
70
70
|
// NEW FINAL CODE:
|
|
71
|
+
// const buildRedirect = async (path: "login" | "signup") => {
|
|
72
|
+
// const state = crypto.randomUUID();
|
|
73
|
+
|
|
74
|
+
// const assertion = await createClientAssertion(
|
|
75
|
+
// clientId,
|
|
76
|
+
// clientPrivateKey
|
|
77
|
+
// );
|
|
78
|
+
|
|
79
|
+
// // ⏱️ 45 seconds TTL
|
|
80
|
+
// const ttlSeconds = 45;
|
|
81
|
+
|
|
82
|
+
// // IMPORTANT:
|
|
83
|
+
// // - SameSite=Lax → sent on top-level navigation
|
|
84
|
+
// // - Secure → HTTPS only (required in prod)
|
|
85
|
+
// // - Path=/ → available to auth routes
|
|
86
|
+
// document.cookie =
|
|
87
|
+
// `autherr_client_assertion=${encodeURIComponent(assertion)}; ` +
|
|
88
|
+
// `Max-Age=${ttlSeconds}; ` +
|
|
89
|
+
// `Path=/; ` +
|
|
90
|
+
// `SameSite=Lax; ` +
|
|
91
|
+
// `Secure`;
|
|
92
|
+
|
|
93
|
+
// const url = new URL(`${baseUrl}/auth/${path}`);
|
|
94
|
+
// url.searchParams.set("client_id", clientId);
|
|
95
|
+
// url.searchParams.set("redirect_uri", window.location.origin);
|
|
96
|
+
// url.searchParams.set("state", state);
|
|
97
|
+
|
|
98
|
+
// window.location.href = url.toString();
|
|
99
|
+
// };
|
|
100
|
+
|
|
71
101
|
const buildRedirect = async (path: "login" | "signup") => {
|
|
72
102
|
const state = crypto.randomUUID();
|
|
73
|
-
|
|
74
|
-
const
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
`Path=/; ` +
|
|
90
|
-
`SameSite=Lax; ` +
|
|
91
|
-
`Secure`;
|
|
92
|
-
|
|
93
|
-
const url = new URL(`${baseUrl}/auth/${path}`);
|
|
94
|
-
url.searchParams.set("client_id", clientId);
|
|
95
|
-
url.searchParams.set("redirect_uri", window.location.origin);
|
|
96
|
-
url.searchParams.set("state", state);
|
|
97
|
-
|
|
98
|
-
window.location.href = url.toString();
|
|
103
|
+
const assertion = await createClientAssertion(clientId, clientPrivateKey);
|
|
104
|
+
const encodedAssertion = encodeURIComponent(assertion);
|
|
105
|
+
|
|
106
|
+
const form = document.createElement("form");
|
|
107
|
+
form.method = "POST";
|
|
108
|
+
form.action = `${baseUrl}/auth/${path}`;
|
|
109
|
+
|
|
110
|
+
form.innerHTML = `
|
|
111
|
+
<input type="hidden" name="client_id" value="${clientId}" />
|
|
112
|
+
<input type="hidden" name="redirect_uri" value="${window.location.origin}" />
|
|
113
|
+
<input type="hidden" name="state" value="${state}" />
|
|
114
|
+
<input type="hidden" name="client_assertion" value="${encodedAssertion}" />
|
|
115
|
+
`;
|
|
116
|
+
|
|
117
|
+
document.body.appendChild(form);
|
|
118
|
+
form.submit();
|
|
99
119
|
};
|
|
100
120
|
|
|
101
121
|
|
|
122
|
+
|
|
102
123
|
const login = async () => buildRedirect("login");
|
|
103
124
|
const signup = async () => buildRedirect("signup");
|
|
104
125
|
|