payload-zitadel-plugin 0.1.0 → 0.1.2

package/README.md

@@ -2,7 +2,8 @@
 
 [![NPM](https://nodei.co/npm/payload-zitadel-plugin.png)](https://npmjs.org/package/payload-zitadel-plugin)
 
-plugin for [Payload CMS](https://payloadcms.com), which enables authentication via Zitadel IdP. It uses [NextAuth.js](https://next-auth.js.org) under the hood.
+plugin for [Payload CMS](https://payloadcms.com), which enables authentication via Zitadel IdP. It
+uses [NextAuth.js](https://next-auth.js.org) under the hood.
 
 :boom: :boom: :boom:   works :100: with PayloadCMS version :three:   :boom: :boom: :boom:
 
@@ -23,24 +24,35 @@ import {buildConfig} from 'payload/config'
 import {ZitadelPluginProvider} from 'payload-zitadel-plugin'
 
 export const {zitadelPlugin, nextauthHandler} = ZitadelPluginProvider({
-    // interpolation text for the Login Button
-    externalProviderName: 'Test-IdP',
-    
-    // set to true if you want users to only be able to sign in via Zitadel
-    disableLocalStrategy: true,
-    
     // in Zitadel create a new App->Web->PKCE
     issuerUrl: process.env.ZITADEL_URL,
     clientId: process.env.ZITADEL_CLIENT_ID,
-    
+
+    // interpolation text for the Login Button - "sign in with ..."
+    // externalProviderName: 'ZITADEL',
+
+    // set to true if you want to use your own custom login button
+    // disableDefaultLoginButton: true
+
+    // set to true if you want users to only be able to sign in via Zitadel
+    // disableLocalStrategy: true,
+
+    // if you want to specify the users collection slug
+    // authSlug: 'users',
+
+    // if you want to specify the field name for the IdP Id in the users collection
+    // associatedIdFieldName: 'idp_id'
+
+    // change the internal name, only if you know what you are doing!!!
+    // internalProviderName = 'zitadel',
+
     // following properties are only needed if you want to authenticate clients for the API
     // if you are just using the CMS you can ignore all of them
-
     // in Zitadel create a new App->API->JWT
-    enableAPI: true,
-    apiClientId: process.env.ZITADEL_API_CLIENT_ID,
-    apiKeyId: process.env.ZITADEL_API_KEY_ID,
-    apiKey: process.env.ZITADEL_API_KEY
+    // enableAPI: true,
+    // apiClientId: process.env.ZITADEL_API_CLIENT_ID,
+    // apiKeyId: process.env.ZITADEL_API_KEY_ID,
+    // apiKey: process.env.ZITADEL_API_KEY
 })
 
 export default buildConfig({
@@ -53,19 +65,48 @@ export default buildConfig({
 ```
 
 Optionally you could use an `.env.local` file for parameters:
+
 #### .env.local
+
 ```dotenv
-ZITADEL_URL: 'https://idp.zitadel.url',
-ZITADEL_CLIENT_ID: '123456789012345678@project_name',
-ZITADEL_API_CLIENT_ID: '123456789123456789@project_name',
-ZITADEL_API_KEY_ID: '123456789012345678',
-ZITADEL_API_KEY: '-----BEGIN RSA PRIVATE KEY----- ... ----END RSA PRIVATE KEY-----'
+NEXTAUTH_URL=http://localhost
+NEXTAUTH_SECRET=pMvElMzVrLvGL4tHyqtDlVP/90wQdxGBy94ISifi62I=
+ZITADEL_URL=https://idp.zitadel.url
+ZITADEL_CLIENT_ID=123456789012345678@project_name
+ZITADEL_API_CLIENT_ID=123456789123456789@project_name
+ZITADEL_API_KEY_ID=123456789012345678
+ZITADEL_API_KEY='-----BEGIN RSA PRIVATE KEY----- ... ----END RSA PRIVATE KEY-----'
+```
+
+or use the Next.js Config file:
+
+#### next.config.mjs
+
+```typescript
+import {withPayload} from '@payloadcms/next/withPayload'
+
+/** @type {import('next').NextConfig} */
+const nextConfig = {
+    env: {
+        NEXTAUTH_URL: 'http://localhost',
+        NEXTAUTH_SECRET: 'mQ46qpFwfE1BHuqMC+qlm19qBAD9fVPgh28werwe3ASFlAfnKjM=',
+        ZITADEL_URL: 'https://idp.zitadel.url',
+        ZITADEL_CLIENT_ID: '123456789012345678@project_name',
+        ZITADEL_API_CLIENT_ID: '123456789123456789@project_name',
+        ZITADEL_API_KEY_ID: '123456789012345678',
+        ZITADEL_API_KEY: '-----BEGIN RSA PRIVATE KEY----- ... ----END RSA PRIVATE KEY-----'
+    }
+}
+
+export default withPayload(nextConfig)
 ```
 
 ### create route
+
 Unfortunately you need to manually create the following NextAuth.js route in your Next.js App (using App Router):
 
 ### (nextauth)/api/auth/[...nextauth]/route.ts
+
 ```typescript
 import {nextauthHandler} from '@payload-config'
 

package/dist/options.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"options.d.ts","sourceRoot":"","sources":["../src/options.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,sBAAsB,EAAC,MAAM,YAAY,CAAA;AAEjD,eAAO,MAAM,WAAW,EAAE,sBAuCxB,CAAA"}
+{"version":3,"file":"options.d.ts","sourceRoot":"","sources":["../src/options.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,sBAAsB,EAAC,MAAM,YAAY,CAAA;AAEjD,eAAO,MAAM,WAAW,EAAE,sBA4CxB,CAAA"}

package/dist/options.js

@@ -28,6 +28,11 @@ export const authOptions = ({ internalProviderName, issuerUrl, clientId })=>({
                         loginName: profile.preferred_username,
                         image: profile.picture
                     }),
+                userinfo: {
+                    async request (context) {
+                        return await context.client.userinfo(context.tokens.access_token);
+                    }
+                },
                 clientId
             }
         ],
@@ -35,8 +40,8 @@ export const authOptions = ({ internalProviderName, issuerUrl, clientId })=>({
             session: async ({ session, token })=>({
                     ...session,
                     user: {
-                        ...session.user,
-                        id: token.sub
+                        id: token.sub,
+                        ...session.user
                     }
                 })
         }

package/dist/options.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/options.ts"],"sourcesContent":["import {ZitadelAuthOptionsType} from './types.js'\n\nexport const authOptions: ZitadelAuthOptionsType = ({internalProviderName, issuerUrl, clientId}) => ({\n    providers: [\n        {\n            id: internalProviderName,\n            name: internalProviderName,\n            type: 'oauth',\n            version: '2',\n            wellKnown: issuerUrl,\n            authorization: {\n                params: {\n                    scope: 'openid email profile'\n                }\n            },\n            idToken: true,\n            checks: ['pkce', 'state'],\n            client: {\n                token_endpoint_auth_method: 'none'\n            },\n            profile: async (profile) => ({\n                id: profile.sub,\n                name: profile.name,\n                firstName: profile.given_name,\n                lastName: profile.family_name,\n                email: profile.email,\n                loginName: profile.preferred_username,\n                image: profile.picture\n            }),\n            clientId\n        }\n    ],\n    callbacks: {\n        session: async ({session, token}) => ({\n            ...session,\n            user: {\n                ...session.user,\n                id: token.sub\n            }\n        })\n    }\n})"],"names":["authOptions","internalProviderName","issuerUrl","clientId","providers","id","name","type","version","wellKnown","authorization","params","scope","idToken","checks","client","token_endpoint_auth_method","profile","sub","firstName","given_name","lastName","family_name","email","loginName","preferred_username","image","picture","callbacks","session","token","user"],"rangeMappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;","mappings":"AAEA,OAAO,MAAMA,cAAsC,CAAC,EAACC,oBAAoB,EAAEC,SAAS,EAAEC,QAAQ,EAAC,GAAM,CAAA;QACjGC,WAAW;YACP;gBACIC,IAAIJ;gBACJK,MAAML;gBACNM,MAAM;gBACNC,SAAS;gBACTC,WAAWP;gBACXQ,eAAe;oBACXC,QAAQ;wBACJC,OAAO;oBACX;gBACJ;gBACAC,SAAS;gBACTC,QAAQ;oBAAC;oBAAQ;iBAAQ;gBACzBC,QAAQ;oBACJC,4BAA4B;gBAChC;gBACAC,SAAS,OAAOA,UAAa,CAAA;wBACzBZ,IAAIY,QAAQC,GAAG;wBACfZ,MAAMW,QAAQX,IAAI;wBAClBa,WAAWF,QAAQG,UAAU;wBAC7BC,UAAUJ,QAAQK,WAAW;wBAC7BC,OAAON,QAAQM,KAAK;wBACpBC,WAAWP,QAAQQ,kBAAkB;wBACrCC,OAAOT,QAAQU,OAAO;oBAC1B,CAAA;gBACAxB;YACJ;SACH;QACDyB,WAAW;YACPC,SAAS,OAAO,EAACA,OAAO,EAAEC,KAAK,EAAC,GAAM,CAAA;oBAClC,GAAGD,OAAO;oBACVE,MAAM;wBACF,GAAGF,QAAQE,IAAI;wBACf1B,IAAIyB,MAAMZ,GAAG;oBACjB;gBACJ,CAAA;QACJ;IACJ,CAAA,EAAE"}
+{"version":3,"sources":["../src/options.ts"],"sourcesContent":["import {ZitadelAuthOptionsType} from './types.js'\n\nexport const authOptions: ZitadelAuthOptionsType = ({internalProviderName, issuerUrl, clientId}) => ({\n    providers: [\n        {\n            id: internalProviderName,\n            name: internalProviderName,\n            type: 'oauth',\n            version: '2',\n            wellKnown: issuerUrl,\n            authorization: {\n                params: {\n                    scope: 'openid email profile'\n                }\n            },\n            idToken: true,\n            checks: ['pkce', 'state'],\n            client: {\n                token_endpoint_auth_method: 'none'\n            },\n            profile: async (profile) => ({\n                id: profile.sub,\n                name: profile.name,\n                firstName: profile.given_name,\n                lastName: profile.family_name,\n                email: profile.email,\n                loginName: profile.preferred_username,\n                image: profile.picture\n            }),\n            userinfo: {\n                async request(context) {\n                    return await context.client.userinfo(context.tokens.access_token!)\n                }\n            },\n            clientId\n        }\n    ],\n    callbacks: {\n        session: async ({session, token}) => ({\n            ...session,\n            user: {\n                id: token.sub,\n                ...session.user\n            }\n        })\n    }\n})"],"names":["authOptions","internalProviderName","issuerUrl","clientId","providers","id","name","type","version","wellKnown","authorization","params","scope","idToken","checks","client","token_endpoint_auth_method","profile","sub","firstName","given_name","lastName","family_name","email","loginName","preferred_username","image","picture","userinfo","request","context","tokens","access_token","callbacks","session","token","user"],"rangeMappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;","mappings":"AAEA,OAAO,MAAMA,cAAsC,CAAC,EAACC,oBAAoB,EAAEC,SAAS,EAAEC,QAAQ,EAAC,GAAM,CAAA;QACjGC,WAAW;YACP;gBACIC,IAAIJ;gBACJK,MAAML;gBACNM,MAAM;gBACNC,SAAS;gBACTC,WAAWP;gBACXQ,eAAe;oBACXC,QAAQ;wBACJC,OAAO;oBACX;gBACJ;gBACAC,SAAS;gBACTC,QAAQ;oBAAC;oBAAQ;iBAAQ;gBACzBC,QAAQ;oBACJC,4BAA4B;gBAChC;gBACAC,SAAS,OAAOA,UAAa,CAAA;wBACzBZ,IAAIY,QAAQC,GAAG;wBACfZ,MAAMW,QAAQX,IAAI;wBAClBa,WAAWF,QAAQG,UAAU;wBAC7BC,UAAUJ,QAAQK,WAAW;wBAC7BC,OAAON,QAAQM,KAAK;wBACpBC,WAAWP,QAAQQ,kBAAkB;wBACrCC,OAAOT,QAAQU,OAAO;oBAC1B,CAAA;gBACAC,UAAU;oBACN,MAAMC,SAAQC,OAAO;wBACjB,OAAO,MAAMA,QAAQf,MAAM,CAACa,QAAQ,CAACE,QAAQC,MAAM,CAACC,YAAY;oBACpE;gBACJ;gBACA7B;YACJ;SACH;QACD8B,WAAW;YACPC,SAAS,OAAO,EAACA,OAAO,EAAEC,KAAK,EAAC,GAAM,CAAA;oBAClC,GAAGD,OAAO;oBACVE,MAAM;wBACF/B,IAAI8B,MAAMjB,GAAG;wBACb,GAAGgB,QAAQE,IAAI;oBACnB;gBACJ,CAAA;QACJ;IACJ,CAAA,EAAE"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payload-zitadel-plugin",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "plugin for Payload CMS, which enables authentication via Zitadel IdP",
   "type": "module",
   "license": "MIT",
@@ -42,18 +42,18 @@
     "next": "^15.0.0-rc.0",
     "next-auth": "^4.24.7",
     "payload": "3.0.0-beta.47",
-    "react": "^19.0.0-rc-dfd30974ab-20240613",
-    "react-dom": "^19.0.0-rc-dfd30974ab-20240613"
+    "react": "^19.0.0-rc-fb9a90fa48-20240614",
+    "react-dom": "^19.0.0-rc-fb9a90fa48-20240614"
   },
   "devDependencies": {
     "@swc/cli": "^0.3.12",
-    "@swc/core": "^1.5.29",
+    "@swc/core": "^1.6.1",
     "@types/jsonwebtoken": "^9.0.6",
     "@types/node": "^20.14.2",
     "@types/react": "^18.3.3",
     "@types/react-dom": "^18.3.0",
     "rimraf": "^5.0.7",
-    "typescript": "^5.6.0-dev.20240614"
+    "typescript": "^5.6.0-dev.20240616"
   },
   "engines": {
     "node": "^22.3.0"