autherr 2.0.37 → 2.0.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -36,26 +36,45 @@ export function AutherrProvider({ children, clientId, baseUrl, clientPrivateKey,
|
|
|
36
36
|
// const login = () => buildRedirect("login");
|
|
37
37
|
// const signup = () => buildRedirect("signup");
|
|
38
38
|
// NEW FINAL CODE:
|
|
39
|
+
// const buildRedirect = async (path: "login" | "signup") => {
|
|
40
|
+
// const state = crypto.randomUUID();
|
|
41
|
+
// const assertion = await createClientAssertion(
|
|
42
|
+
// clientId,
|
|
43
|
+
// clientPrivateKey
|
|
44
|
+
// );
|
|
45
|
+
// // ⏱️ 45 seconds TTL
|
|
46
|
+
// const ttlSeconds = 45;
|
|
47
|
+
// // IMPORTANT:
|
|
48
|
+
// // - SameSite=Lax → sent on top-level navigation
|
|
49
|
+
// // - Secure → HTTPS only (required in prod)
|
|
50
|
+
// // - Path=/ → available to auth routes
|
|
51
|
+
// document.cookie =
|
|
52
|
+
// `autherr_client_assertion=${encodeURIComponent(assertion)}; ` +
|
|
53
|
+
// `Max-Age=${ttlSeconds}; ` +
|
|
54
|
+
// `Path=/; ` +
|
|
55
|
+
// `SameSite=Lax; ` +
|
|
56
|
+
// `Secure`;
|
|
57
|
+
// const url = new URL(`${baseUrl}/auth/${path}`);
|
|
58
|
+
// url.searchParams.set("client_id", clientId);
|
|
59
|
+
// url.searchParams.set("redirect_uri", window.location.origin);
|
|
60
|
+
// url.searchParams.set("state", state);
|
|
61
|
+
// window.location.href = url.toString();
|
|
62
|
+
// };
|
|
39
63
|
const buildRedirect = async (path) => {
|
|
40
64
|
const state = crypto.randomUUID();
|
|
41
65
|
const assertion = await createClientAssertion(clientId, clientPrivateKey);
|
|
42
|
-
|
|
43
|
-
const
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
const url = new URL(`${baseUrl}/auth/${path}`);
|
|
55
|
-
url.searchParams.set("client_id", clientId);
|
|
56
|
-
url.searchParams.set("redirect_uri", window.location.origin);
|
|
57
|
-
url.searchParams.set("state", state);
|
|
58
|
-
window.location.href = url.toString();
|
|
66
|
+
const encodedAssertion = encodeURIComponent(assertion);
|
|
67
|
+
const form = document.createElement("form");
|
|
68
|
+
form.method = "POST";
|
|
69
|
+
form.action = `${baseUrl}/auth/${path}`;
|
|
70
|
+
form.innerHTML = `
|
|
71
|
+
<input type="hidden" name="client_id" value="${clientId}" />
|
|
72
|
+
<input type="hidden" name="redirect_uri" value="${window.location.origin}" />
|
|
73
|
+
<input type="hidden" name="state" value="${state}" />
|
|
74
|
+
<input type="hidden" name="client_assertion" value="${encodedAssertion}" />
|
|
75
|
+
`;
|
|
76
|
+
document.body.appendChild(form);
|
|
77
|
+
form.submit();
|
|
59
78
|
};
|
|
60
79
|
const login = async () => buildRedirect("login");
|
|
61
80
|
const signup = async () => buildRedirect("signup");
|
package/package.json
CHANGED
|
@@ -68,37 +68,62 @@ export function AutherrProvider({
|
|
|
68
68
|
// const signup = () => buildRedirect("signup");
|
|
69
69
|
|
|
70
70
|
// NEW FINAL CODE:
|
|
71
|
+
// const buildRedirect = async (path: "login" | "signup") => {
|
|
72
|
+
// const state = crypto.randomUUID();
|
|
73
|
+
|
|
74
|
+
// const assertion = await createClientAssertion(
|
|
75
|
+
// clientId,
|
|
76
|
+
// clientPrivateKey
|
|
77
|
+
// );
|
|
78
|
+
|
|
79
|
+
// // ⏱️ 45 seconds TTL
|
|
80
|
+
// const ttlSeconds = 45;
|
|
81
|
+
|
|
82
|
+
// // IMPORTANT:
|
|
83
|
+
// // - SameSite=Lax → sent on top-level navigation
|
|
84
|
+
// // - Secure → HTTPS only (required in prod)
|
|
85
|
+
// // - Path=/ → available to auth routes
|
|
86
|
+
// document.cookie =
|
|
87
|
+
// `autherr_client_assertion=${encodeURIComponent(assertion)}; ` +
|
|
88
|
+
// `Max-Age=${ttlSeconds}; ` +
|
|
89
|
+
// `Path=/; ` +
|
|
90
|
+
// `SameSite=Lax; ` +
|
|
91
|
+
// `Secure`;
|
|
92
|
+
|
|
93
|
+
// const url = new URL(`${baseUrl}/auth/${path}`);
|
|
94
|
+
// url.searchParams.set("client_id", clientId);
|
|
95
|
+
// url.searchParams.set("redirect_uri", window.location.origin);
|
|
96
|
+
// url.searchParams.set("state", state);
|
|
97
|
+
|
|
98
|
+
// window.location.href = url.toString();
|
|
99
|
+
// };
|
|
100
|
+
|
|
101
|
+
let redirecting = false;
|
|
71
102
|
const buildRedirect = async (path: "login" | "signup") => {
|
|
103
|
+
if(redirecting) return;
|
|
104
|
+
redirecting=true;
|
|
72
105
|
const state = crypto.randomUUID();
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
`Path=/; ` +
|
|
90
|
-
`SameSite=Lax; ` +
|
|
91
|
-
`Secure`;
|
|
92
|
-
|
|
93
|
-
const url = new URL(`${baseUrl}/auth/${path}`);
|
|
94
|
-
url.searchParams.set("client_id", clientId);
|
|
95
|
-
url.searchParams.set("redirect_uri", window.location.origin);
|
|
96
|
-
url.searchParams.set("state", state);
|
|
97
|
-
|
|
98
|
-
window.location.href = url.toString();
|
|
106
|
+
const assertion = await createClientAssertion(clientId, clientPrivateKey);
|
|
107
|
+
|
|
108
|
+
const form = document.createElement("form");
|
|
109
|
+
form.method = "POST";
|
|
110
|
+
form.action =
|
|
111
|
+
`${baseUrl}/auth/${path}` +
|
|
112
|
+
`?client_id=${encodeURIComponent(clientId)}` +
|
|
113
|
+
`&redirect_uri=${encodeURIComponent(window.location.origin)}` +
|
|
114
|
+
`&state=${encodeURIComponent(state)}`;
|
|
115
|
+
|
|
116
|
+
form.innerHTML = `
|
|
117
|
+
<input type="hidden" name="client_assertion" value="${encodeURIComponent(assertion)}" />
|
|
118
|
+
`;
|
|
119
|
+
|
|
120
|
+
document.body.appendChild(form);
|
|
121
|
+
form.submit();
|
|
99
122
|
};
|
|
100
123
|
|
|
101
124
|
|
|
125
|
+
|
|
126
|
+
|
|
102
127
|
const login = async () => buildRedirect("login");
|
|
103
128
|
const signup = async () => buildRedirect("signup");
|
|
104
129
|
|