npm - next-auth-heksso - Versions diffs - 1.1.13 → 2.0.1 - Mend

next-auth-heksso 1.1.13 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/README.md +3 -1
package/api/federatedLogout.d.ts +2 -3
package/api/federatedLogout.js +26 -63
package/api/index.d.ts +2 -2
package/api/index.js +2 -18
package/api/nextAuthConfig.js +44 -55
package/api/refreshAccessToken.js +31 -40
package/package.json +16 -12
package/react/KeycloakSessionContext.js +53 -93
package/react/index.d.ts +1 -1
package/react/index.js +1 -17
package/.eslintrc.json +0 -3
package/src/api/federatedLogout.ts +0 -40
package/src/api/index.ts +0 -2
package/src/api/nextAuthConfig.ts +0 -67
package/src/api/refreshAccessToken.ts +0 -47
package/src/react/KeycloakSessionContext.tsx +0 -192
package/src/react/index.ts +0 -1
package/tsconfig.json +0 -104

package/README.md CHANGED Viewed

@@ -1,6 +1,8 @@
 # Next-Auth config for use with HEKsso (Keycloak)
-The rollowing environment variables are required:
+> Version 2 of this package is no longer in CommonJS format, instead it is in ESM format.
+The following environment variables are required:
     NEXTAUTH_SECRET
     NEXTAUTH_URL

package/api/federatedLogout.d.ts CHANGED Viewed

@@ -1,8 +1,7 @@
 import { NextApiRequest, NextApiResponse } from "next";
 /**
  * Provides a next api route for performing a federated logout of the user (logs ouf of keycloak)
- * @param req NextApiRequest
- * @param res NextApiRequest
+ * @param logoutPath Post redirect URI
  * @returns
  */
-export declare function federatedLogout(logoutPath: string): (req: NextApiRequest, res: NextApiResponse) => Promise<NextApiResponse<any> | undefined>;
+export declare function federatedLogout(logoutPath: string): (req: NextApiRequest, res: NextApiResponse) => Promise<void>;

package/api/federatedLogout.js CHANGED Viewed

@@ -1,71 +1,34 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.federatedLogout = federatedLogout;
-const jwt = __importStar(require("next-auth/jwt"));
+import * as jwt from "next-auth/jwt";
 /**
  * Provides a next api route for performing a federated logout of the user (logs ouf of keycloak)
- * @param req NextApiRequest
- * @param res NextApiRequest
+ * @param logoutPath Post redirect URI
  * @returns
  */
-function federatedLogout(logoutPath) {
-    return function (req, res) {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                const token = yield jwt.getToken({ req, secret: process.env.NEXTAUTH_SECRET });
-                if (!token) {
-                    console.warn("No JWT token found when calling /federated-logout endpoint");
-                    return res.redirect(process.env.NEXTAUTH_URL || "");
-                }
-                const endsessionURL = `${process.env.KEYCLOAK_ISSUER}/protocol/openid-connect/logout`;
-                if (token.idToken) {
-                    console.warn("Without an id_token the user won't be redirected back from the IdP after logout.");
-                    const endsessionParams = new URLSearchParams({
-                        id_token_hint: token.idToken,
-                        post_logout_redirect_uri: process.env.NEXTAUTH_URL + logoutPath || ""
-                    });
-                    return res.redirect(`${endsessionURL}?${endsessionParams}`);
-                }
-                else {
-                    return res.redirect(`${endsessionURL}`);
-                }
-            }
-            catch (error) {
-                console.error(error);
+export function federatedLogout(logoutPath) {
+    return async function (req, res) {
+        try {
+            const token = await jwt.getToken({ req, secret: process.env.NEXTAUTH_SECRET });
+            if (!token) {
+                console.warn("No JWT token found when calling /federated-logout endpoint");
                 res.redirect(process.env.NEXTAUTH_URL || "");
+                return;
+            }
+            const endsessionURL = `${process.env.KEYCLOAK_ISSUER}/protocol/openid-connect/logout`;
+            if (token.idToken) {
+                const endsessionParams = new URLSearchParams({
+                    id_token_hint: token.idToken,
+                    post_logout_redirect_uri: process.env.NEXTAUTH_URL + logoutPath || ""
+                });
+                res.redirect(`${endsessionURL}?${endsessionParams}`);
+            }
+            else {
+                console.warn("Without an id_token the user won't be redirected back from the IdP after logout.");
+                res.redirect(`${endsessionURL}`);
             }
-        });
+        }
+        catch (error) {
+            console.error(error);
+            res.redirect(process.env.NEXTAUTH_URL || "");
+        }
     };
 }

package/api/index.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export * from "./federatedLogout";
-export * from "./nextAuthConfig";
+export * from "./federatedLogout.js";
+export * from "./nextAuthConfig.js";

package/api/index.js CHANGED Viewed

@@ -1,18 +1,2 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./federatedLogout"), exports);
-__exportStar(require("./nextAuthConfig"), exports);
+export * from "./federatedLogout.js";
+export * from "./nextAuthConfig.js";

package/api/nextAuthConfig.js CHANGED Viewed

@@ -1,69 +1,58 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.configureAuthOptions = configureAuthOptions;
-const keycloak_1 = __importDefault(require("next-auth/providers/keycloak"));
-const refreshAccessToken_1 = require("./refreshAccessToken");
+import KeycloakProviderImport from "next-auth/providers/keycloak";
+import { refreshAccessToken } from "./refreshAccessToken.js";
+const KeycloakProvider = typeof KeycloakProviderImport === "object" ? KeycloakProviderImport.default : KeycloakProviderImport;
 /**
  * Provides authOptions for next-auth that configures it for use with the typical HEKsso setup
  */
-function configureAuthOptions(options) {
+export function configureAuthOptions(options) {
     let callbacks = undefined;
     if (options && "callbacks" in options) {
         callbacks = options.callbacks;
     }
-    return Object.assign(Object.assign({}, options), { secret: process.env.NEXTAUTH_SECRET, providers: [
-            (0, keycloak_1.default)({
+    return {
+        secret: process.env.NEXTAUTH_SECRET,
+        providers: [
+            KeycloakProvider({
                 clientId: process.env.KEYCLOAK_CLIENT_ID || "",
                 clientSecret: process.env.KEYCLOAK_CLIENT_SECRET || "",
                 issuer: process.env.KEYCLOAK_ISSUER, // something like "http://localhost:8080/realms/master"
                 authorization: { params: { scope: "openid email profile roles" } }
             })
-        ], callbacks: Object.assign({ jwt(data) {
-                return __awaiter(this, void 0, void 0, function* () {
-                    var _a, _b;
-                    const hekGroups = (_a = data.profile) === null || _a === void 0 ? void 0 : _a.hekGroups;
-                    // Persist the OAuth access_token to the token right after signin
-                    if (data.account && data.user) {
-                        data.token.idToken = (_b = data.account) === null || _b === void 0 ? void 0 : _b.id_token;
-                        data.token.accessToken = data.account.access_token;
-                        data.token.hekGroups = hekGroups;
-                        data.token.username = data.profile.preferred_username;
-                        if (data.account.expires_at)
-                            data.token.accessTokenExpires = data.account.expires_at * 1000;
-                        data.token.refreshToken = data.account.refresh_token;
-                        return data.token;
-                    }
-                    // Return previous token if the access token has not expired yet
-                    if (Date.now() < data.token.accessTokenExpires) {
-                        return data.token;
-                    }
-                    // Access token has expired, try to update it
-                    return (0, refreshAccessToken_1.refreshAccessToken)(data.token);
-                });
+        ],
+        callbacks: {
+            async jwt(data) {
+                const hekGroups = data.profile?.hekGroups;
+                // Persist the OAuth access_token to the token right after signin
+                if (data.account && data.user) {
+                    data.token.idToken = data.account?.id_token;
+                    data.token.accessToken = data.account.access_token;
+                    data.token.hekGroups = hekGroups;
+                    data.token.username = data.profile.preferred_username;
+                    if (data.account.expires_at)
+                        data.token.accessTokenExpires = data.account.expires_at * 1000;
+                    data.token.refreshToken = data.account.refresh_token;
+                    return data.token;
+                }
+                // Return previous token if the access token has not expired yet
+                if (Date.now() < data.token.accessTokenExpires) {
+                    return data.token;
+                }
+                // Access token has expired, try to update it
+                return refreshAccessToken(data.token);
             },
-            session(_a) {
-                return __awaiter(this, arguments, void 0, function* ({ session, token }) {
-                    // Send properties to the client, like an access_token from a provider.
-                    const _session = session;
-                    _session.accessToken = token.accessToken;
-                    _session.accessTokenExpires = token.accessTokenExpires;
-                    _session.hekGroups = token.hekGroups || [];
-                    _session.username = token.username;
-                    if (token.error)
-                        _session.error = token.error;
-                    return _session;
-                });
-            } }, callbacks) });
+            async session({ session, token }) {
+                // Send properties to the client, like an access_token from a provider.
+                const _session = session;
+                _session.accessToken = token.accessToken;
+                _session.accessTokenExpires = token.accessTokenExpires;
+                _session.hekGroups = token.hekGroups || [];
+                _session.username = token.username;
+                if (token.error)
+                    _session.error = token.error;
+                return _session;
+            },
+            ...callbacks
+        },
+        ...options
+    };
 }

package/api/refreshAccessToken.js CHANGED Viewed

@@ -1,15 +1,3 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.refreshAccessToken = refreshAccessToken;
 /**
  * Takes a token, and returns a new token with updated
  * `accessToken` and `accessTokenExpires`. If an error occurs,
@@ -17,33 +5,36 @@ exports.refreshAccessToken = refreshAccessToken;
  *
  * This is a utility function and not an API route
  */
-function refreshAccessToken(token) {
-    return __awaiter(this, void 0, void 0, function* () {
-        var _a;
-        try {
-            const url = process.env.KEYCLOAK_ISSUER + "/protocol/openid-connect/token?";
-            const response = yield fetch(url, {
-                headers: {
-                    "Content-Type": "application/x-www-form-urlencoded"
-                },
-                method: "POST",
-                body: new URLSearchParams({
-                    client_id: process.env.KEYCLOAK_CLIENT_ID || "",
-                    client_secret: process.env.KEYCLOAK_CLIENT_SECRET || "",
-                    grant_type: "refresh_token",
-                    refresh_token: token.refreshToken
-                })
-            });
-            const refreshedTokens = yield response.json();
-            if (!response.ok) {
-                throw refreshedTokens;
-            }
-            return Object.assign(Object.assign({}, token), { accessToken: refreshedTokens.access_token, accessTokenExpires: Date.now() + refreshedTokens.expires_in * 1000, refreshToken: (_a = refreshedTokens.refresh_token) !== null && _a !== void 0 ? _a : token.refreshToken // Fall back to old refresh token
-             });
+export async function refreshAccessToken(token) {
+    try {
+        const url = process.env.KEYCLOAK_ISSUER + "/protocol/openid-connect/token?";
+        const response = await fetch(url, {
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded"
+            },
+            method: "POST",
+            body: new URLSearchParams({
+                client_id: process.env.KEYCLOAK_CLIENT_ID || "",
+                client_secret: process.env.KEYCLOAK_CLIENT_SECRET || "",
+                grant_type: "refresh_token",
+                refresh_token: token.refreshToken
+            })
+        });
+        const refreshedTokens = await response.json();
+        if (!response.ok) {
+            throw refreshedTokens;
         }
-        catch (error) {
-            console.log(error);
-            return Object.assign(Object.assign({}, token), { error: "RefreshAccessTokenError" });
-        }
-    });
+        return {
+            ...token,
+            accessToken: refreshedTokens.access_token,
+            accessTokenExpires: Date.now() + refreshedTokens.expires_in * 1000,
+            refreshToken: refreshedTokens.refresh_token ?? token.refreshToken // Fall back to old refresh token
+        };
+    }
+    catch (error) {
+        return {
+            ...token,
+            error: "RefreshAccessTokenError"
+        };
+    }
 }

package/package.json CHANGED Viewed

@@ -5,10 +5,11 @@
     "email": "contact@voakie.com"
   },
   "license": "MIT",
-  "version": "1.1.13",
+  "version": "2.0.1",
+  "type": "module",
   "scripts": {
     "prepublish": "run-script-os",
-    "prepublish:default": "rm api/ -rf && rm react/ -rf && tsc",
+    "prepublish:default": "rm -rf api/ && rm -rf react/ && tsc",
     "prepublish:windows": "del /s /q api && del /s /q react",
     "build": "tsc",
     "clean": "run-script-os",
@@ -18,18 +19,21 @@
   "main": "api/index.js",
   "types": "api/index.d.ts",
   "dependencies": {
-    "@types/node": "^22.8.1",
-    "@types/react": "^18.3.12",
-    "@types/react-dom": "^18.3.1",
+  },
+  "devDependencies": {
+    "run-script-os": "^1.1.6",
+    "@types/node": "^24",
+    "@types/react": "^19",
+    "@types/react-dom": "^19",
     "eslint": "^9.13.0",
-    "eslint-config-next": "^15.0.1",
-    "next": "^15.0.1",
-    "next-auth": "^4.24.10",
-    "react": "^18.3.1",
-    "react-dom": "^18.3.1",
+    "eslint-config-next": "^16",
     "typescript": "^5.6.3"
   },
-  "devDependencies": {
-    "run-script-os": "^1.1.6"
+  "peerDependencies": {
+    "next": "^15 || ^16",
+    "next-auth": "^4",
+    "react": "^18 || ^19",
+    "react-dom": "^18 || ^19"
   }
 }

package/react/KeycloakSessionContext.js CHANGED Viewed

@@ -1,71 +1,32 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.KeycloakSessionContext = void 0;
-exports.useKeycloakSession = useKeycloakSession;
-exports.KeycloakSessionProvider = KeycloakSessionProvider;
-const react_1 = __importStar(require("react"));
-exports.KeycloakSessionContext = (0, react_1.createContext)({
+import React, { Component, createContext, useContext } from "react";
+export const KeycloakSessionContext = createContext({
     accessTokenError: false,
-    getAccessToken: () => __awaiter(void 0, void 0, void 0, function* () {
+    getAccessToken: async () => {
         return "";
-    })
+    }
 });
-function useKeycloakSession() {
-    return (0, react_1.useContext)(exports.KeycloakSessionContext);
+export function useKeycloakSession() {
+    return useContext(KeycloakSessionContext);
 }
-function refreshAccessToken() {
-    return __awaiter(this, void 0, void 0, function* () {
-        try {
-            const response = yield fetch("/api/auth/session", {
-                method: "GET",
-                headers: {
-                    "Content-Type": "application/json"
-                }
-            });
-            const data = yield response.json();
-            if (data.error) {
-                console.error(data.error);
-                return undefined;
+async function refreshAccessToken() {
+    try {
+        const response = await fetch("/api/auth/session", {
+            method: "GET",
+            headers: {
+                "Content-Type": "application/json"
             }
-            return { accessToken: data.accessToken, accessTokenExpires: data.accessTokenExpires };
-        }
-        catch (e) {
-            console.error(e);
+        });
+        const data = await response.json();
+        if (data.error) {
+            console.error(data.error);
             return undefined;
         }
-    });
+        return { accessToken: data.accessToken, accessTokenExpires: data.accessTokenExpires };
+    }
+    catch (e) {
+        console.error(e);
+        return undefined;
+    }
 }
 /**
  * Provider for the useKeycloakSession react hook. Has to directly hook into next-auth and next/router
@@ -75,11 +36,12 @@ function refreshAccessToken() {
  * @param children
  * @constructor
  */
-function KeycloakSessionProvider({ session, signOut, children }) {
-    return (react_1.default.createElement(_KeycloakSessionProvider, { session: session, signOut: signOut }, children));
+export function KeycloakSessionProvider({ session, signOut, children }) {
+    return (React.createElement(_KeycloakSessionProvider, { session: session, signOut: signOut }, children));
 }
 // Proxy class component to prevent unnecessary re-renders
-class _KeycloakSessionProvider extends react_1.Component {
+class _KeycloakSessionProvider extends Component {
+    contextValue;
     constructor(props) {
         super(props);
         this.state = {
@@ -101,39 +63,37 @@ class _KeycloakSessionProvider extends react_1.Component {
         }
         return this.contextValue;
     }
-    getAccessToken() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.state.accessToken ||
-                (this.state.accessTokenExpires && Date.now() >= this.state.accessTokenExpires)) {
-                try {
-                    const refreshed = yield refreshAccessToken();
-                    if (refreshed) {
-                        this.setState({
-                            accessTokenError: false,
-                            accessToken: refreshed.accessToken,
-                            accessTokenExpires: refreshed.accessTokenExpires
-                        });
-                        return refreshed.accessToken;
-                    }
-                    else {
-                        // Refresh failed due to network error
-                        return undefined;
-                    }
-                }
-                catch (e) {
-                    // Refresh failed because keycloak denied the request
-                    console.error(e);
+    async getAccessToken() {
+        if (!this.state.accessToken ||
+            (this.state.accessTokenExpires && Date.now() >= this.state.accessTokenExpires)) {
+            try {
+                const refreshed = await refreshAccessToken();
+                if (refreshed) {
                     this.setState({
-                        accessTokenError: true,
-                        accessToken: undefined,
-                        accessTokenExpires: undefined
+                        accessTokenError: false,
+                        accessToken: refreshed.accessToken,
+                        accessTokenExpires: refreshed.accessTokenExpires
                     });
+                    return refreshed.accessToken;
+                }
+                else {
+                    // Refresh failed due to network error
                     return undefined;
                 }
             }
-            else
-                return this.state.accessToken;
-        });
+            catch (e) {
+                // Refresh failed because keycloak denied the request
+                console.error(e);
+                this.setState({
+                    accessTokenError: true,
+                    accessToken: undefined,
+                    accessTokenExpires: undefined
+                });
+                return undefined;
+            }
+        }
+        else
+            return this.state.accessToken;
     }
     componentDidUpdate() {
         if (sessionDataGuard(this.props.session.data)) {
@@ -157,7 +117,7 @@ class _KeycloakSessionProvider extends react_1.Component {
         }
     }
     render() {
-        return (react_1.default.createElement(exports.KeycloakSessionContext.Provider, { value: this.getContextValue() }, this.props.children));
+        return (React.createElement(KeycloakSessionContext.Provider, { value: this.getContextValue() }, this.props.children));
     }
 }
 function sessionDataGuard(sessionData) {

package/react/index.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export * from "./KeycloakSessionContext";
1	+ export * from "./KeycloakSessionContext.js";

package/react/index.js CHANGED Viewed

@@ -1,17 +1 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./KeycloakSessionContext"), exports);
+export * from "./KeycloakSessionContext.js";

package/.eslintrc.json DELETED Viewed

@@ -1,3 +0,0 @@
-{
-  "extends": "next/core-web-vitals"
-}

package/src/api/federatedLogout.ts DELETED Viewed

@@ -1,40 +0,0 @@
-// /api/auth/federated-logout
-import { NextApiRequest, NextApiResponse } from "next"
-import * as jwt from "next-auth/jwt"
-/**
- * Provides a next api route for performing a federated logout of the user (logs ouf of keycloak)
- * @param req NextApiRequest
- * @param res NextApiRequest
- * @returns
- */
-export function federatedLogout(logoutPath: string) {
-    return async function (req: NextApiRequest, res: NextApiResponse) {
-        try {
-            const token = await jwt.getToken({ req, secret: process.env.NEXTAUTH_SECRET })
-            if (!token) {
-                console.warn("No JWT token found when calling /federated-logout endpoint")
-                return res.redirect(process.env.NEXTAUTH_URL || "")
-            }
-            const endsessionURL = `${process.env.KEYCLOAK_ISSUER}/protocol/openid-connect/logout`
-            if (token.idToken) {
-                console.warn(
-                    "Without an id_token the user won't be redirected back from the IdP after logout."
-                )
-                const endsessionParams = new URLSearchParams({
-                    id_token_hint: token.idToken as string,
-                    post_logout_redirect_uri: process.env.NEXTAUTH_URL + logoutPath || ""
-                })
-                return res.redirect(`${endsessionURL}?${endsessionParams}`)
-            } else {
-                return res.redirect(`${endsessionURL}`)
-            }
-        } catch (error) {
-            console.error(error)
-            res.redirect(process.env.NEXTAUTH_URL || "")
-        }
-    }
-}

package/src/api/index.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export * from "./federatedLogout"
2	- export * from "./nextAuthConfig"

package/src/api/nextAuthConfig.ts DELETED Viewed

@@ -1,67 +0,0 @@
-import { NextAuthOptions } from "next-auth"
-import KeycloakProvider from "next-auth/providers/keycloak"
-import { refreshAccessToken } from "./refreshAccessToken"
-/**
- * Provides authOptions for next-auth that configures it for use with the typical HEKsso setup
- */
-export function configureAuthOptions(options?: Partial<NextAuthOptions>): NextAuthOptions {
-    let callbacks: NextAuthOptions["callbacks"] | undefined = undefined
-    if (options && "callbacks" in options) {
-        callbacks = options.callbacks
-    }
-    return {
-        ...options,
-        secret: process.env.NEXTAUTH_SECRET,
-        providers: [
-            KeycloakProvider({
-                clientId: process.env.KEYCLOAK_CLIENT_ID || "",
-                clientSecret: process.env.KEYCLOAK_CLIENT_SECRET || "",
-                issuer: process.env.KEYCLOAK_ISSUER, // something like "http://localhost:8080/realms/master"
-                authorization: { params: { scope: "openid email profile roles" } }
-            })
-        ],
-        callbacks: {
-            async jwt(data) {
-                const hekGroups = (data.profile as any)?.hekGroups
-                // Persist the OAuth access_token to the token right after signin
-                if (data.account && data.user) {
-                    data.token.idToken = data.account?.id_token
-                    data.token.accessToken = data.account.access_token
-                    data.token.hekGroups = hekGroups
-                    data.token.username = (
-                        data.profile as { [key: string]: string }
-                    ).preferred_username
-                    if (data.account.expires_at)
-                        data.token.accessTokenExpires = data.account.expires_at * 1000
-                    data.token.refreshToken = data.account.refresh_token
-                    return data.token
-                }
-                // Return previous token if the access token has not expired yet
-                if (Date.now() < (data.token.accessTokenExpires as number)) {
-                    return data.token
-                }
-                // Access token has expired, try to update it
-                return refreshAccessToken(data.token)
-            },
-            async session({ session, token }) {
-                // Send properties to the client, like an access_token from a provider.
-                const _session = session as any
-                _session.accessToken = token.accessToken
-                _session.accessTokenExpires = token.accessTokenExpires
-                _session.hekGroups = token.hekGroups || []
-                _session.username = token.username
-                if (token.error) _session.error = token.error
-                return _session
-            },
-            ...callbacks
-        }
-    }
-}

package/src/api/refreshAccessToken.ts DELETED Viewed

@@ -1,47 +0,0 @@
-import { JWT } from "next-auth/jwt"
-/**
- * Takes a token, and returns a new token with updated
- * `accessToken` and `accessTokenExpires`. If an error occurs,
- * returns the old token and an error property
- *
- * This is a utility function and not an API route
- */
-export async function refreshAccessToken(token: JWT) {
-    try {
-        const url = process.env.KEYCLOAK_ISSUER + "/protocol/openid-connect/token?"
-        const response = await fetch(url, {
-            headers: {
-                "Content-Type": "application/x-www-form-urlencoded"
-            },
-            method: "POST",
-            body: new URLSearchParams({
-                client_id: process.env.KEYCLOAK_CLIENT_ID || "",
-                client_secret: process.env.KEYCLOAK_CLIENT_SECRET || "",
-                grant_type: "refresh_token",
-                refresh_token: token.refreshToken as string
-            })
-        })
-        const refreshedTokens = await response.json()
-        if (!response.ok) {
-            throw refreshedTokens
-        }
-        return {
-            ...token,
-            accessToken: refreshedTokens.access_token,
-            accessTokenExpires: Date.now() + refreshedTokens.expires_in * 1000,
-            refreshToken: refreshedTokens.refresh_token ?? token.refreshToken // Fall back to old refresh token
-        }
-    } catch (error) {
-        console.log(error)
-        return {
-            ...token,
-            error: "RefreshAccessTokenError"
-        }
-    }
-}

package/src/react/KeycloakSessionContext.tsx DELETED Viewed

@@ -1,192 +0,0 @@
-import type { signOut as nextAuthSignOut, useSession } from "next-auth/react"
-import React, { Component, createContext, PropsWithChildren, useContext } from "react"
-type NextAuthSession = ReturnType<typeof useSession>
-export interface KeycloakSession {
-    accessTokenError: boolean
-    getAccessToken: () => Promise<string>
-}
-export const KeycloakSessionContext = createContext<KeycloakSession>({
-    accessTokenError: false,
-    getAccessToken: async () => {
-        return ""
-    }
-})
-export function useKeycloakSession(): KeycloakSession {
-    return useContext(KeycloakSessionContext)
-}
-async function refreshAccessToken() {
-    try {
-        const response = await fetch("/api/auth/session", {
-            method: "GET",
-            headers: {
-                "Content-Type": "application/json"
-            }
-        })
-        const data = await response.json()
-        if (data.error) {
-            console.error(data.error)
-            return undefined
-        }
-        return { accessToken: data.accessToken, accessTokenExpires: data.accessTokenExpires }
-    } catch (e: unknown) {
-        console.error(e)
-        return undefined
-    }
-}
-interface KeycloakSessionProviderProps {
-    session: ReturnType<typeof useSession>
-    signOut: typeof nextAuthSignOut
-}
-interface KeycloakSessionProviderState {
-    accessToken?: string
-    accessTokenError: boolean
-    accessTokenExpires?: number
-}
-/**
- * Provider for the useKeycloakSession react hook. Has to directly hook into next-auth and next/router
- * @param router Next.js router (retrieve with `useRouter()`)
- * @param session Next Auth Session (retrieve with `useSession()`)
- * @param signOut Next Auth Sign Out function (exported by "next-auth/react")
- * @param children
- * @constructor
- */
-export function KeycloakSessionProvider({
-    session,
-    signOut,
-    children
-}: PropsWithChildren<{
-    session: NextAuthSession
-    signOut: typeof nextAuthSignOut
-}>) {
-    return (
-        <_KeycloakSessionProvider session={session} signOut={signOut}>
-            {children}
-        </_KeycloakSessionProvider>
-    )
-}
-// Proxy class component to prevent unnecessary re-renders
-class _KeycloakSessionProvider extends Component<
-    PropsWithChildren<KeycloakSessionProviderProps>,
-    KeycloakSessionProviderState
-> {
-    private contextValue
-    constructor(props: KeycloakSessionProviderProps) {
-        super(props)
-        this.state = {
-            accessTokenError: false
-        }
-        this.getAccessToken = this.getAccessToken.bind(this)
-        this.getContextValue = this.getContextValue.bind(this)
-        this.contextValue = {
-            getAccessToken: this.getAccessToken,
-            accessTokenError: false
-        }
-    }
-    private getContextValue() {
-        if (this.state.accessTokenError !== this.contextValue.accessTokenError) {
-            this.contextValue = {
-                getAccessToken: this.getAccessToken,
-                accessTokenError: this.state.accessTokenError
-            }
-        }
-        return this.contextValue
-    }
-    async getAccessToken() {
-        if (
-            !this.state.accessToken ||
-            (this.state.accessTokenExpires && Date.now() >= this.state.accessTokenExpires)
-        ) {
-            try {
-                const refreshed = await refreshAccessToken()
-                if (refreshed) {
-                    this.setState({
-                        accessTokenError: false,
-                        accessToken: refreshed.accessToken,
-                        accessTokenExpires: refreshed.accessTokenExpires
-                    })
-                    return refreshed.accessToken
-                } else {
-                    // Refresh failed due to network error
-                    return undefined
-                }
-            } catch (e) {
-                // Refresh failed because keycloak denied the request
-                console.error(e)
-                this.setState({
-                    accessTokenError: true,
-                    accessToken: undefined,
-                    accessTokenExpires: undefined
-                })
-                return undefined
-            }
-        } else return this.state.accessToken
-    }
-    componentDidUpdate() {
-        if (sessionDataGuard(this.props.session.data)) {
-            const { error, accessToken, accessTokenExpires } = this.props.session.data
-            if (error === "RefreshAccessTokenError") {
-                // Force sign in to get a new refresh token
-                this.props.signOut({ redirect: true, callbackUrl: "/" }).then()
-            } else if (accessToken && accessToken != this.state.accessToken) {
-                this.setState({
-                    accessToken,
-                    accessTokenExpires
-                })
-            } else if (!accessToken) {
-                this.setState({
-                    accessToken: undefined,
-                    accessTokenExpires: undefined
-                })
-            }
-        }
-    }
-    render() {
-        return (
-            <KeycloakSessionContext.Provider value={this.getContextValue()}>
-                {this.props.children}
-            </KeycloakSessionContext.Provider>
-        )
-    }
-}
-function sessionDataGuard(
-    sessionData: unknown
-): sessionData is { error?: string; accessToken?: string; accessTokenExpires?: number } {
-    if (sessionData && typeof sessionData === "object") {
-        if (!("error" in sessionData) || typeof sessionData.error === "string") {
-            if (!("accessToken" in sessionData) || typeof sessionData.accessToken === "string") {
-                if (
-                    !("accessTokenExpires" in sessionData) ||
-                    typeof sessionData.accessTokenExpires === "number"
-                ) {
-                    return true
-                }
-            }
-        }
-    }
-    return false
-}

package/src/react/index.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export * from "./KeycloakSessionContext"

package/tsconfig.json DELETED Viewed

@@ -1,104 +0,0 @@
-{
-  "compilerOptions": {
-    /* Visit https://aka.ms/tsconfig to read more about this file */
-    /* Projects */
-    // "incremental": true,                              /* Save .tsbuildinfo files to allow for incremental compilation of projects. */
-    // "composite": true,                                /* Enable constraints that allow a TypeScript project to be used with project references. */
-    // "tsBuildInfoFile": "./.tsbuildinfo",              /* Specify the path to .tsbuildinfo incremental compilation file. */
-    // "disableSourceOfProjectReferenceRedirect": true,  /* Disable preferring source files instead of declaration files when referencing composite projects. */
-    // "disableSolutionSearching": true,                 /* Opt a project out of multi-project reference checking when editing. */
-    // "disableReferencedProjectLoad": true,             /* Reduce the number of projects loaded automatically by TypeScript. */
-    /* Language and Environment */
-    "target": "es2016",                                  /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */
-    // "lib": [],                                        /* Specify a set of bundled library declaration files that describe the target runtime environment. */
-    "jsx": "react",                                /* Specify what JSX code is generated. */
-    // "experimentalDecorators": true,                   /* Enable experimental support for TC39 stage 2 draft decorators. */
-    // "emitDecoratorMetadata": true,                    /* Emit design-type metadata for decorated declarations in source files. */
-    // "jsxFactory": "",                                 /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h'. */
-    // "jsxFragmentFactory": "",                         /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */
-    // "jsxImportSource": "",                            /* Specify module specifier used to import the JSX factory functions when using 'jsx: react-jsx*'. */
-    // "reactNamespace": "",                             /* Specify the object invoked for 'createElement'. This only applies when targeting 'react' JSX emit. */
-    // "noLib": true,                                    /* Disable including any library files, including the default lib.d.ts. */
-    // "useDefineForClassFields": true,                  /* Emit ECMAScript-standard-compliant class fields. */
-    // "moduleDetection": "auto",                        /* Control what method is used to detect module-format JS files. */
-    /* Modules */
-    "module": "commonjs",                                /* Specify what module code is generated. */
-    "rootDir": "./src",                                  /* Specify the root folder within your source files. */
-    // "moduleResolution": "node",                       /* Specify how TypeScript looks up a file from a given module specifier. */
-    // "baseUrl": "./",                                  /* Specify the base directory to resolve non-relative module names. */
-    // "paths": {},                                      /* Specify a set of entries that re-map imports to additional lookup locations. */
-    // "rootDirs": [],                                   /* Allow multiple folders to be treated as one when resolving modules. */
-    // "typeRoots": [],                                  /* Specify multiple folders that act like './node_modules/@types'. */
-    // "types": [],                                      /* Specify type package names to be included without being referenced in a source file. */
-    // "allowUmdGlobalAccess": true,                     /* Allow accessing UMD globals from modules. */
-    // "moduleSuffixes": [],                             /* List of file name suffixes to search when resolving a module. */
-    // "resolveJsonModule": true,                        /* Enable importing .json files. */
-    // "noResolve": true,                                /* Disallow 'import's, 'require's or '<reference>'s from expanding the number of files TypeScript should add to a project. */
-    /* JavaScript Support */
-    // "allowJs": true,                                  /* Allow JavaScript files to be a part of your program. Use the 'checkJS' option to get errors from these files. */
-    // "checkJs": true,                                  /* Enable error reporting in type-checked JavaScript files. */
-    // "maxNodeModuleJsDepth": 1,                        /* Specify the maximum folder depth used for checking JavaScript files from 'node_modules'. Only applicable with 'allowJs'. */
-    /* Emit */
-    "declaration": true,                                 /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
-    // "declarationMap": true,                           /* Create sourcemaps for d.ts files. */
-    // "emitDeclarationOnly": true,                      /* Only output d.ts files and not JavaScript files. */
-    // "sourceMap": true,                                /* Create source map files for emitted JavaScript files. */
-    // "outFile": "./lib/index.js",                      /* Specify a file that bundles all outputs into one JavaScript file. If 'declaration' is true, also designates a file that bundles all .d.ts output. */
-    "outDir": ".",                                   /* Specify an output folder for all emitted files. */
-    // "removeComments": true,                           /* Disable emitting comments. */
-    // "noEmit": true,                                   /* Disable emitting files from a compilation. */
-    // "importHelpers": true,                            /* Allow importing helper functions from tslib once per project, instead of including them per-file. */
-    // "importsNotUsedAsValues": "remove",               /* Specify emit/checking behavior for imports that are only used for types. */
-    // "downlevelIteration": true,                       /* Emit more compliant, but verbose and less performant JavaScript for iteration. */
-    // "sourceRoot": "",                                 /* Specify the root path for debuggers to find the reference source code. */
-    // "mapRoot": "",                                    /* Specify the location where debugger should locate map files instead of generated locations. */
-    // "inlineSourceMap": true,                          /* Include sourcemap files inside the emitted JavaScript. */
-    // "inlineSources": true,                            /* Include source code in the sourcemaps inside the emitted JavaScript. */
-    // "emitBOM": true,                                  /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */
-    // "newLine": "crlf",                                /* Set the newline character for emitting files. */
-    // "stripInternal": true,                            /* Disable emitting declarations that have '@internal' in their JSDoc comments. */
-    // "noEmitHelpers": true,                            /* Disable generating custom helper functions like '__extends' in compiled output. */
-    // "noEmitOnError": true,                            /* Disable emitting files if any type checking errors are reported. */
-    // "preserveConstEnums": true,                       /* Disable erasing 'const enum' declarations in generated code. */
-    // "declarationDir": "./",                           /* Specify the output directory for generated declaration files. */
-    // "preserveValueImports": true,                     /* Preserve unused imported values in the JavaScript output that would otherwise be removed. */
-    /* Interop Constraints */
-    // "isolatedModules": true,                          /* Ensure that each file can be safely transpiled without relying on other imports. */
-    // "allowSyntheticDefaultImports": true,             /* Allow 'import x from y' when a module doesn't have a default export. */
-    "esModuleInterop": true,                             /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */
-    // "preserveSymlinks": true,                         /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
-    "forceConsistentCasingInFileNames": true,            /* Ensure that casing is correct in imports. */
-    /* Type Checking */
-    "strict": true,                                      /* Enable all strict type-checking options. */
-    // "noImplicitAny": true,                            /* Enable error reporting for expressions and declarations with an implied 'any' type. */
-    // "strictNullChecks": true,                         /* When type checking, take into account 'null' and 'undefined'. */
-    // "strictFunctionTypes": true,                      /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */
-    // "strictBindCallApply": true,                      /* Check that the arguments for 'bind', 'call', and 'apply' methods match the original function. */
-    // "strictPropertyInitialization": true,             /* Check for class properties that are declared but not set in the constructor. */
-    // "noImplicitThis": true,                           /* Enable error reporting when 'this' is given the type 'any'. */
-    // "useUnknownInCatchVariables": true,               /* Default catch clause variables as 'unknown' instead of 'any'. */
-    // "alwaysStrict": true,                             /* Ensure 'use strict' is always emitted. */
-    // "noUnusedLocals": true,                           /* Enable error reporting when local variables aren't read. */
-    // "noUnusedParameters": true,                       /* Raise an error when a function parameter isn't read. */
-    // "exactOptionalPropertyTypes": true,               /* Interpret optional property types as written, rather than adding 'undefined'. */
-    // "noImplicitReturns": true,                        /* Enable error reporting for codepaths that do not explicitly return in a function. */
-    // "noFallthroughCasesInSwitch": true,               /* Enable error reporting for fallthrough cases in switch statements. */
-    // "noUncheckedIndexedAccess": true,                 /* Add 'undefined' to a type when accessed using an index. */
-    // "noImplicitOverride": true,                       /* Ensure overriding members in derived classes are marked with an override modifier. */
-    // "noPropertyAccessFromIndexSignature": true,       /* Enforces using indexed accessors for keys declared using an indexed type. */
-    // "allowUnusedLabels": true,                        /* Disable error reporting for unused labels. */
-    // "allowUnreachableCode": true,                     /* Disable error reporting for unreachable code. */
-    /* Completeness */
-    // "skipDefaultLibCheck": true,                      /* Skip type checking .d.ts files that are included with TypeScript. */
-    "skipLibCheck": true                                 /* Skip type checking all .d.ts files. */
-  },
-  "exclude": ["api", "react", "node_modules"]
-}