npm - next-auth-heksso - Versions diffs - 1.1.11 → 2.0.0 - Mend

next-auth-heksso 1.1.11 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/.eslintrc.json +3 -3
package/README.md +12 -10
package/api/federatedLogout.d.ts +1 -2
package/api/federatedLogout.js +25 -63
package/api/index.js +2 -18
package/api/nextAuthConfig.js +43 -55
package/api/refreshAccessToken.js +32 -40
package/package.json +39 -35
package/react/KeycloakSessionContext.js +53 -93
package/react/index.js +1 -17
package/src/api/federatedLogout.ts +39 -40
package/src/api/index.ts +2 -2
package/src/api/nextAuthConfig.ts +67 -67
package/src/api/refreshAccessToken.ts +46 -46
package/src/react/KeycloakSessionContext.tsx +192 -192
package/tsconfig.json +104 -104

package/.eslintrc.json CHANGED Viewed

@@ -1,3 +1,3 @@
-{
-  "extends": "next/core-web-vitals"
-}
+{
+  "extends": "next/core-web-vitals"
+}

package/README.md CHANGED Viewed

@@ -1,11 +1,13 @@
-# Next-Auth config for use with HEKsso (Keycloak)
-The rollowing environment variables are required:
-    NEXTAUTH_SECRET
-    NEXTAUTH_URL
-    KEYCLOAK_ISSUER
-    KEYCLOAK_CLIENT_ID
-    KEYCLOAK_CLIENT_SECRET
+# Next-Auth config for use with HEKsso (Keycloak)
+> Version 2 of this package is no longer in CommonJS format, instead it is in ESM format.
+The following environment variables are required:
+    NEXTAUTH_SECRET
+    NEXTAUTH_URL
+    KEYCLOAK_ISSUER
+    KEYCLOAK_CLIENT_ID
+    KEYCLOAK_CLIENT_SECRET
 See `.env.example`

package/api/federatedLogout.d.ts CHANGED Viewed

@@ -1,8 +1,7 @@
 import { NextApiRequest, NextApiResponse } from "next";
 /**
  * Provides a next api route for performing a federated logout of the user (logs ouf of keycloak)
- * @param req NextApiRequest
- * @param res NextApiRequest
+ * @param logoutPath Post redirect URI
  * @returns
  */
 export declare function federatedLogout(logoutPath: string): (req: NextApiRequest, res: NextApiResponse) => Promise<NextApiResponse<any> | undefined>;

package/api/federatedLogout.js CHANGED Viewed

@@ -1,71 +1,33 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.federatedLogout = federatedLogout;
-const jwt = __importStar(require("next-auth/jwt"));
+import * as jwt from "next-auth/jwt";
 /**
  * Provides a next api route for performing a federated logout of the user (logs ouf of keycloak)
- * @param req NextApiRequest
- * @param res NextApiRequest
+ * @param logoutPath Post redirect URI
  * @returns
  */
-function federatedLogout(logoutPath) {
-    return function (req, res) {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                const token = yield jwt.getToken({ req, secret: process.env.NEXTAUTH_SECRET });
-                if (!token) {
-                    console.warn("No JWT token found when calling /federated-logout endpoint");
-                    return res.redirect(process.env.NEXTAUTH_URL || "");
-                }
-                const endsessionURL = `${process.env.KEYCLOAK_ISSUER}/protocol/openid-connect/logout`;
-                if (token.idToken) {
-                    console.warn("Without an id_token the user won't be redirected back from the IdP after logout.");
-                    const endsessionParams = new URLSearchParams({
-                        id_token_hint: token.idToken,
-                        post_logout_redirect_uri: process.env.NEXTAUTH_URL + logoutPath || ""
-                    });
-                    return res.redirect(`${endsessionURL}?${endsessionParams}`);
-                }
-                else {
-                    return res.redirect(`${endsessionURL}`);
-                }
+export function federatedLogout(logoutPath) {
+    return async function (req, res) {
+        try {
+            const token = await jwt.getToken({ req, secret: process.env.NEXTAUTH_SECRET });
+            if (!token) {
+                console.warn("No JWT token found when calling /federated-logout endpoint");
+                return res.redirect(process.env.NEXTAUTH_URL || "");
             }
-            catch (error) {
-                console.error(error);
-                res.redirect(process.env.NEXTAUTH_URL || "");
+            const endsessionURL = `${process.env.KEYCLOAK_ISSUER}/protocol/openid-connect/logout`;
+            if (token.idToken) {
+                console.warn("Without an id_token the user won't be redirected back from the IdP after logout.");
+                const endsessionParams = new URLSearchParams({
+                    id_token_hint: token.idToken,
+                    post_logout_redirect_uri: process.env.NEXTAUTH_URL + logoutPath || ""
+                });
+                return res.redirect(`${endsessionURL}?${endsessionParams}`);
             }
-        });
+            else {
+                return res.redirect(`${endsessionURL}`);
+            }
+        }
+        catch (error) {
+            console.error(error);
+            res.redirect(process.env.NEXTAUTH_URL || "");
+        }
     };
 }

package/api/index.js CHANGED Viewed

@@ -1,18 +1,2 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./federatedLogout"), exports);
-__exportStar(require("./nextAuthConfig"), exports);
+export * from "./federatedLogout";
+export * from "./nextAuthConfig";

package/api/nextAuthConfig.js CHANGED Viewed

@@ -1,69 +1,57 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.configureAuthOptions = configureAuthOptions;
-const keycloak_1 = __importDefault(require("next-auth/providers/keycloak"));
-const refreshAccessToken_1 = require("./refreshAccessToken");
+import KeycloakProvider from "next-auth/providers/keycloak";
+import { refreshAccessToken } from "./refreshAccessToken";
 /**
  * Provides authOptions for next-auth that configures it for use with the typical HEKsso setup
  */
-function configureAuthOptions(options) {
+export function configureAuthOptions(options) {
     let callbacks = undefined;
     if (options && "callbacks" in options) {
         callbacks = options.callbacks;
     }
-    return Object.assign(Object.assign({}, options), { secret: process.env.NEXTAUTH_SECRET, providers: [
-            (0, keycloak_1.default)({
+    return {
+        ...options,
+        secret: process.env.NEXTAUTH_SECRET,
+        providers: [
+            KeycloakProvider({
                 clientId: process.env.KEYCLOAK_CLIENT_ID || "",
                 clientSecret: process.env.KEYCLOAK_CLIENT_SECRET || "",
                 issuer: process.env.KEYCLOAK_ISSUER, // something like "http://localhost:8080/realms/master"
                 authorization: { params: { scope: "openid email profile roles" } }
             })
-        ], callbacks: Object.assign({ jwt(data) {
-                return __awaiter(this, void 0, void 0, function* () {
-                    var _a, _b;
-                    const hekGroups = (_a = data.profile) === null || _a === void 0 ? void 0 : _a.hekGroups;
-                    // Persist the OAuth access_token to the token right after signin
-                    if (data.account && data.user) {
-                        data.token.idToken = (_b = data.account) === null || _b === void 0 ? void 0 : _b.id_token;
-                        data.token.accessToken = data.account.access_token;
-                        data.token.hekGroups = hekGroups;
-                        data.token.username = data.profile.preferred_username;
-                        if (data.account.expires_at)
-                            data.token.accessTokenExpires = data.account.expires_at * 1000;
-                        data.token.refreshToken = data.account.refresh_token;
-                        return data.token;
-                    }
-                    // Return previous token if the access token has not expired yet
-                    if (Date.now() < data.token.accessTokenExpires) {
-                        return data.token;
-                    }
-                    // Access token has expired, try to update it
-                    return (0, refreshAccessToken_1.refreshAccessToken)(data.token);
-                });
+        ],
+        callbacks: {
+            async jwt(data) {
+                const hekGroups = data.profile?.hekGroups;
+                // Persist the OAuth access_token to the token right after signin
+                if (data.account && data.user) {
+                    data.token.idToken = data.account?.id_token;
+                    data.token.accessToken = data.account.access_token;
+                    data.token.hekGroups = hekGroups;
+                    data.token.username = data.profile.preferred_username;
+                    if (data.account.expires_at)
+                        data.token.accessTokenExpires = data.account.expires_at * 1000;
+                    data.token.refreshToken = data.account.refresh_token;
+                    return data.token;
+                }
+                // Return previous token if the access token has not expired yet
+                if (Date.now() < data.token.accessTokenExpires) {
+                    return data.token;
+                }
+                // Access token has expired, try to update it
+                return refreshAccessToken(data.token);
             },
-            session(_a) {
-                return __awaiter(this, arguments, void 0, function* ({ session, token }) {
-                    // Send properties to the client, like an access_token from a provider.
-                    const _session = session;
-                    _session.accessToken = token.accessToken;
-                    _session.accessTokenExpires = token.accessTokenExpires;
-                    _session.hekGroups = token.hekGroups || [];
-                    _session.username = token.username;
-                    if (token.error)
-                        _session.error = token.error;
-                    return _session;
-                });
-            } }, callbacks) });
+            async session({ session, token }) {
+                // Send properties to the client, like an access_token from a provider.
+                const _session = session;
+                _session.accessToken = token.accessToken;
+                _session.accessTokenExpires = token.accessTokenExpires;
+                _session.hekGroups = token.hekGroups || [];
+                _session.username = token.username;
+                if (token.error)
+                    _session.error = token.error;
+                return _session;
+            },
+            ...callbacks
+        }
+    };
 }

package/api/refreshAccessToken.js CHANGED Viewed

@@ -1,15 +1,3 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.refreshAccessToken = refreshAccessToken;
 /**
  * Takes a token, and returns a new token with updated
  * `accessToken` and `accessTokenExpires`. If an error occurs,
@@ -17,33 +5,37 @@ exports.refreshAccessToken = refreshAccessToken;
  *
  * This is a utility function and not an API route
  */
-function refreshAccessToken(token) {
-    return __awaiter(this, void 0, void 0, function* () {
-        var _a;
-        try {
-            const url = process.env.KEYCLOAK_ISSUER + "/protocol/openid-connect/token?";
-            const response = yield fetch(url, {
-                headers: {
-                    "Content-Type": "application/x-www-form-urlencoded"
-                },
-                method: "POST",
-                body: new URLSearchParams({
-                    client_id: process.env.KEYCLOAK_CLIENT_ID || "",
-                    client_secret: process.env.KEYCLOAK_CLIENT_SECRET || "",
-                    grant_type: "refresh_token",
-                    refresh_token: token.refreshToken
-                })
-            });
-            const refreshedTokens = yield response.json();
-            if (!response.ok) {
-                throw refreshedTokens;
-            }
-            return Object.assign(Object.assign({}, token), { accessToken: refreshedTokens.access_token, accessTokenExpires: Date.now() + refreshedTokens.expires_in * 1000, refreshToken: (_a = refreshedTokens.refresh_token) !== null && _a !== void 0 ? _a : token.refreshToken // Fall back to old refresh token
-             });
+export async function refreshAccessToken(token) {
+    try {
+        const url = process.env.KEYCLOAK_ISSUER + "/protocol/openid-connect/token?";
+        const response = await fetch(url, {
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded"
+            },
+            method: "POST",
+            body: new URLSearchParams({
+                client_id: process.env.KEYCLOAK_CLIENT_ID || "",
+                client_secret: process.env.KEYCLOAK_CLIENT_SECRET || "",
+                grant_type: "refresh_token",
+                refresh_token: token.refreshToken
+            })
+        });
+        const refreshedTokens = await response.json();
+        if (!response.ok) {
+            throw refreshedTokens;
         }
-        catch (error) {
-            console.log(error);
-            return Object.assign(Object.assign({}, token), { error: "RefreshAccessTokenError" });
-        }
-    });
+        return {
+            ...token,
+            accessToken: refreshedTokens.access_token,
+            accessTokenExpires: Date.now() + refreshedTokens.expires_in * 1000,
+            refreshToken: refreshedTokens.refresh_token ?? token.refreshToken // Fall back to old refresh token
+        };
+    }
+    catch (error) {
+        console.log(error);
+        return {
+            ...token,
+            error: "RefreshAccessTokenError"
+        };
+    }
 }

package/package.json CHANGED Viewed

@@ -1,35 +1,39 @@
-{
-  "name": "next-auth-heksso",
-  "author": {
-    "name": "Voakie",
-    "email": "contact@voakie.com"
-  },
-  "license": "MIT",
-  "version": "1.1.11",
-  "scripts": {
-    "prepublish": "run-script-os",
-    "prepublish:default": "rm api/ -r && rm react/ -r && tsc",
-    "prepublish:windows": "del /s /q api && del /s /q react",
-    "build": "tsc",
-    "clean": "run-script-os",
-    "clean:default": "rm api/ -r && rm react/ -r -r",
-    "clean:windows": "del /s /q api && del /s /q react"
-  },
-  "main": "api/index.js",
-  "types": "api/index.d.ts",
-  "dependencies": {
-    "@types/node": "^18.11.18",
-    "@types/react": "^18.3.3",
-    "@types/react-dom": "^18.3.0",
-    "eslint": "^8.0.0",
-    "eslint-config-next": "^14.2.5",
-    "next": "^14.2.5",
-    "next-auth": "^4.24.7",
-    "react": "^18.3.1",
-    "react-dom": "^18.3.1",
-    "typescript": "^5.5.4"
-  },
-  "devDependencies": {
-    "run-script-os": "^1.1.6"
-  }
-}
+{
+  "name": "next-auth-heksso",
+  "author": {
+    "name": "Voakie",
+    "email": "contact@voakie.com"
+  },
+  "license": "MIT",
+  "version": "2.0.0",
+  "type": "module",
+  "scripts": {
+    "prepublish": "run-script-os",
+    "prepublish:default": "rm -rf api/ && rm -rf react/ && tsc",
+    "prepublish:windows": "del /s /q api && del /s /q react",
+    "build": "tsc",
+    "clean": "run-script-os",
+    "clean:default": "rm api/ -r && rm react/ -r -r",
+    "clean:windows": "del /s /q api && del /s /q react"
+  },
+  "main": "api/index.js",
+  "types": "api/index.d.ts",
+  "dependencies": {
+  },
+  "devDependencies": {
+    "run-script-os": "^1.1.6",
+    "@types/node": "^24",
+    "@types/react": "^19",
+    "@types/react-dom": "^19",
+    "eslint": "^9.13.0",
+    "eslint-config-next": "^16",
+    "typescript": "^5.6.3"
+  },
+  "peerDependencies": {
+    "next": "^15 || ^16",
+    "next-auth": "^4",
+    "react": "^18 || ^19",
+    "react-dom": "^18 || ^19"
+  }
+}

package/react/KeycloakSessionContext.js CHANGED Viewed

@@ -1,71 +1,32 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.KeycloakSessionContext = void 0;
-exports.useKeycloakSession = useKeycloakSession;
-exports.KeycloakSessionProvider = KeycloakSessionProvider;
-const react_1 = __importStar(require("react"));
-exports.KeycloakSessionContext = (0, react_1.createContext)({
+import React, { Component, createContext, useContext } from "react";
+export const KeycloakSessionContext = createContext({
     accessTokenError: false,
-    getAccessToken: () => __awaiter(void 0, void 0, void 0, function* () {
+    getAccessToken: async () => {
         return "";
-    })
+    }
 });
-function useKeycloakSession() {
-    return (0, react_1.useContext)(exports.KeycloakSessionContext);
+export function useKeycloakSession() {
+    return useContext(KeycloakSessionContext);
 }
-function refreshAccessToken() {
-    return __awaiter(this, void 0, void 0, function* () {
-        try {
-            const response = yield fetch("/api/auth/session", {
-                method: "GET",
-                headers: {
-                    "Content-Type": "application/json"
-                }
-            });
-            const data = yield response.json();
-            if (data.error) {
-                console.error(data.error);
-                return undefined;
+async function refreshAccessToken() {
+    try {
+        const response = await fetch("/api/auth/session", {
+            method: "GET",
+            headers: {
+                "Content-Type": "application/json"
             }
-            return { accessToken: data.accessToken, accessTokenExpires: data.accessTokenExpires };
-        }
-        catch (e) {
-            console.error(e);
+        });
+        const data = await response.json();
+        if (data.error) {
+            console.error(data.error);
             return undefined;
         }
-    });
+        return { accessToken: data.accessToken, accessTokenExpires: data.accessTokenExpires };
+    }
+    catch (e) {
+        console.error(e);
+        return undefined;
+    }
 }
 /**
  * Provider for the useKeycloakSession react hook. Has to directly hook into next-auth and next/router
@@ -75,11 +36,12 @@ function refreshAccessToken() {
  * @param children
  * @constructor
  */
-function KeycloakSessionProvider({ session, signOut, children }) {
-    return (react_1.default.createElement(_KeycloakSessionProvider, { session: session, signOut: signOut }, children));
+export function KeycloakSessionProvider({ session, signOut, children }) {
+    return (React.createElement(_KeycloakSessionProvider, { session: session, signOut: signOut }, children));
 }
 // Proxy class component to prevent unnecessary re-renders
-class _KeycloakSessionProvider extends react_1.Component {
+class _KeycloakSessionProvider extends Component {
+    contextValue;
     constructor(props) {
         super(props);
         this.state = {
@@ -101,39 +63,37 @@ class _KeycloakSessionProvider extends react_1.Component {
         }
         return this.contextValue;
     }
-    getAccessToken() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.state.accessToken ||
-                (this.state.accessTokenExpires && Date.now() >= this.state.accessTokenExpires)) {
-                try {
-                    const refreshed = yield refreshAccessToken();
-                    if (refreshed) {
-                        this.setState({
-                            accessTokenError: false,
-                            accessToken: refreshed.accessToken,
-                            accessTokenExpires: refreshed.accessTokenExpires
-                        });
-                        return refreshed.accessToken;
-                    }
-                    else {
-                        // Refresh failed due to network error
-                        return undefined;
-                    }
-                }
-                catch (e) {
-                    // Refresh failed because keycloak denied the request
-                    console.error(e);
+    async getAccessToken() {
+        if (!this.state.accessToken ||
+            (this.state.accessTokenExpires && Date.now() >= this.state.accessTokenExpires)) {
+            try {
+                const refreshed = await refreshAccessToken();
+                if (refreshed) {
                     this.setState({
-                        accessTokenError: true,
-                        accessToken: undefined,
-                        accessTokenExpires: undefined
+                        accessTokenError: false,
+                        accessToken: refreshed.accessToken,
+                        accessTokenExpires: refreshed.accessTokenExpires
                     });
+                    return refreshed.accessToken;
+                }
+                else {
+                    // Refresh failed due to network error
                     return undefined;
                 }
             }
-            else
-                return this.state.accessToken;
-        });
+            catch (e) {
+                // Refresh failed because keycloak denied the request
+                console.error(e);
+                this.setState({
+                    accessTokenError: true,
+                    accessToken: undefined,
+                    accessTokenExpires: undefined
+                });
+                return undefined;
+            }
+        }
+        else
+            return this.state.accessToken;
     }
     componentDidUpdate() {
         if (sessionDataGuard(this.props.session.data)) {
@@ -157,7 +117,7 @@ class _KeycloakSessionProvider extends react_1.Component {
         }
     }
     render() {
-        return (react_1.default.createElement(exports.KeycloakSessionContext.Provider, { value: this.getContextValue() }, this.props.children));
+        return (React.createElement(KeycloakSessionContext.Provider, { value: this.getContextValue() }, this.props.children));
     }
 }
 function sessionDataGuard(sessionData) {

package/react/index.js CHANGED Viewed

@@ -1,17 +1 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./KeycloakSessionContext"), exports);
+export * from "./KeycloakSessionContext";