payload-zitadel-plugin 0.2.28 → 0.2.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/README.md +14 -23
  2. package/dist/constants.d.ts +56 -1
  3. package/dist/constants.d.ts.map +1 -1
  4. package/dist/constants.js +56 -1
  5. package/dist/constants.js.map +1 -1
  6. package/dist/handlers/callback.d.ts.map +1 -1
  7. package/dist/handlers/callback.js +1 -0
  8. package/dist/handlers/callback.js.map +1 -1
  9. package/dist/index.d.ts.map +1 -1
  10. package/dist/index.js +25 -8
  11. package/dist/index.js.map +1 -1
  12. package/dist/strategy.d.ts.map +1 -1
  13. package/dist/strategy.js +9 -6
  14. package/dist/strategy.js.map +1 -1
  15. package/dist/types.d.ts +25 -3
  16. package/dist/types.d.ts.map +1 -1
  17. package/dist/types.js.map +1 -1
  18. package/package.json +14 -14
package/README.md CHANGED
@@ -12,7 +12,7 @@ Thus the user collection in PayloadCMS becomes just a shadow of the information
12
12
  ## Install
13
13
 
14
14
  ```shell
15
- pnpm add payload-zitadel-plugin@0.2.28
15
+ pnpm add payload-zitadel-plugin@0.2.30
16
16
  ```
17
17
 
18
18
  ## Configuration
@@ -39,6 +39,16 @@ export default buildConfig({
39
39
  // interpolation text for the Login Button - "sign in with ..."
40
40
  label: 'Zitadel',
41
41
 
42
+ // change field names, field labels and alse hide them if wanted
43
+ /*
44
+ fieldConfig: {
45
+ image: {
46
+ name: 'idp_image',
47
+ label: 'some custom label'
48
+ }
49
+ }
50
+ */
51
+
42
52
  // set the name of the CustomStrategy in PayloadCMS - usually not necessary
43
53
  // strategyName: 'zitadel'
44
54
 
@@ -48,9 +58,6 @@ export default buildConfig({
48
58
  // set to true if you want to use your own custom login button
49
59
  // disableDefaultLoginButton: true
50
60
 
51
- // if you want to specify the field name for the Zitadel User Id in the users collection
52
- // associatedIdFieldName: 'idp_id'
53
-
54
61
  // if you want to manually control what happen after a successful login
55
62
  // state contains all URLSearchParams that were send to /authorize
56
63
  // onSuccess: (state) => NextResponse.redirect([serverURL, state.get('redirect')].join(''))
@@ -73,8 +80,6 @@ Optionally you could use an `.env.local` file for parameters:
73
80
  #### .env.local
74
81
 
75
82
  ```dotenv
76
- NEXTAUTH_URL=http://localhost
77
- NEXTAUTH_SECRET=pMvElMzVrLvGL4tHyqtDlVP/90wQdxGBy94ISifi62I=
78
83
  ZITADEL_URL=https://idp.zitadel.url
79
84
  ZITADEL_CLIENT_ID=123456789012345678@project_name
80
85
  ZITADEL_API_CLIENT_ID=123456789123456789@project_name
@@ -92,8 +97,6 @@ import {withPayload} from '@payloadcms/next/withPayload'
92
97
  /** @type {import('next').NextConfig} */
93
98
  const nextConfig = {
94
99
  env: {
95
- NEXTAUTH_URL: 'http://localhost',
96
- NEXTAUTH_SECRET: 'mQ46qpFwfE1BHuqMC+qlm19qBAD9fVPgh28werwe3ASFlAfnKjM=',
97
100
  ZITADEL_URL: 'https://idp.zitadel.url',
98
101
  ZITADEL_CLIENT_ID: '123456789012345678@project_name',
99
102
  ZITADEL_API_CLIENT_ID: '123456789123456789@project_name',
@@ -132,25 +135,13 @@ const nextConfig = {
132
135
  }
133
136
  ]
134
137
  },
135
-
138
+
136
139
  // optional: enable auto-redirect to Zitadel login page if not logged in
137
140
  async redirects() {
138
141
  return [
139
142
  {
140
- source: '/admin/:path',
141
- destination: `/api/users/authorize?${new URLSearchParams({redirect: '/admin/:path'})}`,
142
- missing: [
143
- {
144
- type: 'cookie',
145
- key: 'zitadel_id_token'
146
- }
147
- ],
148
- permanent: false
149
- },
150
- // also works with any route outside of PayloadCMS
151
- {
152
- source: '/profile/:path',
153
- destination: `/api/users/authorize?${new URLSearchParams({redirect: '/profile/:path'})}`,
143
+ source: '/:path((?:admin|profile).*)',
144
+ destination: '/api/users/authorize?redirect=/:path*',
154
145
  missing: [
155
146
  {
156
147
  type: 'cookie',
package/dist/constants.d.ts CHANGED
@@ -4,7 +4,62 @@ export declare const COOKIES: {
4
4
  state: string;
5
5
  };
6
6
  export declare const DEFAULT_CONFIG: {
7
- associatedIdFieldName: string;
7
+ fields: {
8
+ id: {
9
+ name: string;
10
+ label: {
11
+ de: string;
12
+ en: string;
13
+ };
14
+ };
15
+ name: {
16
+ name: string;
17
+ label: {
18
+ de: string;
19
+ en: string;
20
+ };
21
+ };
22
+ email: {
23
+ name: string;
24
+ label: {
25
+ de: string;
26
+ en: string;
27
+ };
28
+ };
29
+ image: {
30
+ name: string;
31
+ label: {
32
+ de: string;
33
+ en: string;
34
+ };
35
+ };
36
+ roles: {
37
+ name: string;
38
+ label: {
39
+ de: string;
40
+ en: string;
41
+ };
42
+ labels: {
43
+ singular: {
44
+ de: string;
45
+ en: string;
46
+ };
47
+ plural: {
48
+ de: string;
49
+ en: string;
50
+ };
51
+ };
52
+ };
53
+ roleFields: {
54
+ name: {
55
+ name: string;
56
+ label: {
57
+ de: string;
58
+ en: string;
59
+ };
60
+ };
61
+ };
62
+ };
8
63
  strategyName: string;
9
64
  label: string;
10
65
  };
package/dist/constants.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,OAAO;;;;CAInB,CAAA;AAED,eAAO,MAAM,cAAc;;;;CAI1B,CAAA;AAED,eAAO,MAAM,cAAc;;;;;;CAM1B,CAAA;AACD,eAAO,MAAM,MAAM;;;;CAIlB,CAAA"}
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO;;;;CAInB,CAAA;AAED,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsC1B,CAAA;AAED,eAAO,MAAM,cAAc;;;;;;CAM1B,CAAA;AACD,eAAO,MAAM,MAAM;;;;CAIlB,CAAA"}
package/dist/constants.js CHANGED
@@ -4,7 +4,62 @@ export const COOKIES = {
4
4
  state: 'zitadel_state'
5
5
  };
6
6
  export const DEFAULT_CONFIG = {
7
- associatedIdFieldName: 'idp_id',
7
+ fields: {
8
+ id: {
9
+ name: 'idp_id',
10
+ label: {
11
+ de: 'Identifikation im System des Identitätsanbieters',
12
+ en: 'Identifier in the system of the Identity Provider'
13
+ }
14
+ },
15
+ name: {
16
+ name: 'name',
17
+ label: {
18
+ de: 'Name',
19
+ en: 'Name'
20
+ }
21
+ },
22
+ email: {
23
+ name: 'email',
24
+ label: {
25
+ de: 'E-Mail',
26
+ en: 'Email'
27
+ }
28
+ },
29
+ image: {
30
+ name: 'image',
31
+ label: {
32
+ de: 'Profilbild-URL',
33
+ en: 'Profile picture URL'
34
+ }
35
+ },
36
+ roles: {
37
+ name: 'roles',
38
+ label: {
39
+ de: 'Rollen',
40
+ en: 'Roles'
41
+ },
42
+ labels: {
43
+ singular: {
44
+ de: 'Rolle',
45
+ en: 'Role'
46
+ },
47
+ plural: {
48
+ de: 'Rollen',
49
+ en: 'Roles'
50
+ }
51
+ }
52
+ },
53
+ roleFields: {
54
+ name: {
55
+ name: 'name',
56
+ label: {
57
+ de: 'Name',
58
+ en: 'Name'
59
+ }
60
+ }
61
+ }
62
+ },
8
63
  strategyName: 'zitadel',
9
64
  label: 'Zitadel'
10
65
  };
package/dist/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/constants.ts"],"sourcesContent":["export const COOKIES = {\n pkce: 'zitadel_pkce_code_verifier',\n idToken: 'zitadel_id_token',\n state: 'zitadel_state'\n}\n\nexport const DEFAULT_CONFIG = {\n associatedIdFieldName: 'idp_id',\n strategyName: 'zitadel',\n label: 'Zitadel'\n}\n\nexport const ERROR_MESSAGES = {\n issuerURL: 'ZITADEL-PLUGIN: ISSUER-URL IS EMPTY',\n clientId: 'ZITADEL-PLUGIN: CLIENT-ID IS EMPTY',\n apiClientId: 'ZITADEL-PLUGIN: API ENABLED, BUT API-CLIENT-ID IS EMPTY',\n apiKeyId: 'ZITADEL-PLUGIN: API ENABLED, BUT API-KEY-ID IS EMPTY',\n apiKey: 'ZITADEL-PLUGIN: API ENABLED, BUT API-KEY IS EMPTY'\n}\nexport const ROUTES = {\n authorize: '/authorize',\n callback: '/callback',\n redirect: '/redirect'\n}\n\n"],"names":["COOKIES","pkce","idToken","state","DEFAULT_CONFIG","associatedIdFieldName","strategyName","label","ERROR_MESSAGES","issuerURL","clientId","apiClientId","apiKeyId","apiKey","ROUTES","authorize","callback","redirect"],"mappings":"AAAA,OAAO,MAAMA,UAAU;IACnBC,MAAM;IACNC,SAAS;IACTC,OAAO;AACX,EAAC;AAED,OAAO,MAAMC,iBAAiB;IAC1BC,uBAAuB;IACvBC,cAAc;IACdC,OAAO;AACX,EAAC;AAED,OAAO,MAAMC,iBAAiB;IAC1BC,WAAW;IACXC,UAAU;IACVC,aAAa;IACbC,UAAU;IACVC,QAAQ;AACZ,EAAC;AACD,OAAO,MAAMC,SAAS;IAClBC,WAAW;IACXC,UAAU;IACVC,UAAU;AACd,EAAC"}
1
+ {"version":3,"sources":["../src/constants.ts"],"sourcesContent":["import {ZitadelFieldsConfig} from './types.js'\n\nexport const COOKIES = {\n pkce: 'zitadel_pkce_code_verifier',\n idToken: 'zitadel_id_token',\n state: 'zitadel_state'\n}\n\nexport const DEFAULT_CONFIG = {\n fields: {\n id: {\n name: 'idp_id',\n label: {\n de: 'Identifikation im System des Identitätsanbieters',\n en: 'Identifier in the system of the Identity Provider'\n }\n },\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n },\n email: {\n name: 'email',\n label: {de: 'E-Mail', en: 'Email'}\n },\n image: {\n name: 'image',\n label: {de: 'Profilbild-URL', en: 'Profile picture URL'}\n },\n roles: {\n name: 'roles',\n label: {de: 'Rollen', en: 'Roles'},\n labels: {\n singular: {de: 'Rolle', en: 'Role'},\n plural: {de: 'Rollen', en: 'Roles'}\n }\n },\n roleFields: {\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n }\n }\n } satisfies ZitadelFieldsConfig,\n strategyName: 'zitadel',\n label: 'Zitadel'\n}\n\nexport const ERROR_MESSAGES = {\n issuerURL: 'ZITADEL-PLUGIN: ISSUER-URL IS EMPTY',\n clientId: 'ZITADEL-PLUGIN: CLIENT-ID IS EMPTY',\n apiClientId: 'ZITADEL-PLUGIN: API ENABLED, BUT API-CLIENT-ID IS EMPTY',\n apiKeyId: 'ZITADEL-PLUGIN: API ENABLED, BUT API-KEY-ID IS EMPTY',\n apiKey: 'ZITADEL-PLUGIN: API ENABLED, BUT API-KEY IS EMPTY'\n}\nexport const ROUTES = {\n authorize: '/authorize',\n callback: '/callback',\n redirect: '/redirect'\n}\n\n"],"names":["COOKIES","pkce","idToken","state","DEFAULT_CONFIG","fields","id","name","label","de","en","email","image","roles","labels","singular","plural","roleFields","strategyName","ERROR_MESSAGES","issuerURL","clientId","apiClientId","apiKeyId","apiKey","ROUTES","authorize","callback","redirect"],"mappings":"AAEA,OAAO,MAAMA,UAAU;IACnBC,MAAM;IACNC,SAAS;IACTC,OAAO;AACX,EAAC;AAED,OAAO,MAAMC,iBAAiB;IAC1BC,QAAQ;QACJC,IAAI;YACAC,MAAM;YACNC,OAAO;gBACHC,IAAI;gBACJC,IAAI;YACR;QACJ;QACAH,MAAM;YACFA,MAAM;YACNC,OAAO;gBAACC,IAAI;gBAAQC,IAAI;YAAM;QAClC;QACAC,OAAO;YACHJ,MAAM;YACNC,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;QACrC;QACAE,OAAO;YACHL,MAAM;YACNC,OAAO;gBAACC,IAAI;gBAAkBC,IAAI;YAAqB;QAC3D;QACAG,OAAO;YACHN,MAAM;YACNC,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;YACjCI,QAAQ;gBACJC,UAAU;oBAACN,IAAI;oBAASC,IAAI;gBAAM;gBAClCM,QAAQ;oBAACP,IAAI;oBAAUC,IAAI;gBAAO;YACtC;QACJ;QACAO,YAAY;YACRV,MAAM;gBACFA,MAAM;gBACNC,OAAO;oBAACC,IAAI;oBAAQC,IAAI;gBAAM;YAClC;QACJ;IACJ;IACAQ,cAAc;IACdV,OAAO;AACX,EAAC;AAED,OAAO,MAAMW,iBAAiB;IAC1BC,WAAW;IACXC,UAAU;IACVC,aAAa;IACbC,UAAU;IACVC,QAAQ;AACZ,EAAC;AACD,OAAO,MAAMC,SAAS;IAClBC,WAAW;IACXC,UAAU;IACVC,UAAU;AACd,EAAC"}
package/dist/handlers/callback.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAItC,OAAO,EAA2C,gBAAgB,EAAC,MAAM,aAAa,CAAA;AAGtF,eAAO,MAAM,QAAQ,cAAe,gBAAgB,KAAG,cAiEtD,CAAA"}
1
+ {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAItC,OAAO,EAA2C,gBAAgB,EAAC,MAAM,aAAa,CAAA;AAGtF,eAAO,MAAM,QAAQ,cAAe,gBAAgB,KAAG,cAmEtD,CAAA"}
package/dist/handlers/callback.js CHANGED
@@ -20,6 +20,7 @@ export const callback = (onSuccess)=>async ({ payload: { config, secret }, query
20
20
  if (response.ok) {
21
21
  const { id_token } = await response.json();
22
22
  if (id_token) {
23
+ console.log(JSON.stringify(jwt.decode(id_token)));
23
24
  cookieStore.delete(COOKIES.pkce);
24
25
  cookieStore.set({
25
26
  name: COOKIES.idToken,
package/dist/handlers/callback.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {cookies} from 'next/headers.js'\nimport process from 'node:process'\nimport jwt from 'jsonwebtoken'\nimport {PayloadConfigWithZitadel, ZitadelIdToken, ZitadelOnSuccess} from '../types.js'\nimport {COOKIES} from '../constants.js'\n\nexport const callback = (onSuccess: ZitadelOnSuccess): PayloadHandler => async ({\n payload: {config, secret},\n query: {code, state}\n }) => {\n\n const {admin: {custom: {zitadel: {issuerURL, clientId, callbackURL}}}} = config as PayloadConfigWithZitadel\n\n const cookieStore = cookies()\n\n const code_verifier = cookieStore.get(COOKIES.pkce)?.value\n\n if (code_verifier) {\n\n const response = await fetch(new URL(`${issuerURL}/oauth/v2/token`), {\n method: 'POST',\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code: code as string,\n redirect_uri: callbackURL,\n client_id: clientId,\n code_verifier\n })\n })\n\n if (response.ok) {\n\n const {id_token} = await response.json()\n\n if (id_token) {\n\n cookieStore.delete(COOKIES.pkce)\n\n cookieStore.set({\n name: COOKIES.idToken,\n value: jwt.sign(jwt.decode(id_token) as ZitadelIdToken, secret),\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n maxAge: 900,\n secure: process.env.NODE_ENV == 'production'\n })\n\n return onSuccess(new URLSearchParams(atob(state as string ?? '')))\n\n }\n\n return Response.json({\n status: 'error',\n message: 'token could not be retrieved from the response'\n })\n\n }\n\n return Response.json({\n status: 'error',\n message: 'error while communicating with token endpoint'\n })\n\n }\n\n return Response.json({\n status: 'error',\n message: 'code verifier not found (associated http-only cookie is empty)'\n })\n\n}"],"names":["cookies","process","jwt","COOKIES","callback","onSuccess","payload","config","secret","query","code","state","admin","custom","zitadel","issuerURL","clientId","callbackURL","cookieStore","code_verifier","get","pkce","value","response","fetch","URL","method","body","URLSearchParams","grant_type","redirect_uri","client_id","ok","id_token","json","delete","set","name","idToken","sign","decode","httpOnly","path","sameSite","maxAge","secure","env","NODE_ENV","atob","Response","status","message"],"mappings":"AACA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,OAAOC,aAAa,eAAc;AAClC,OAAOC,SAAS,eAAc;AAE9B,SAAQC,OAAO,QAAO,kBAAiB;AAEvC,OAAO,MAAMC,WAAW,CAACC,YAAgD,OAAO,EACIC,SAAS,EAACC,MAAM,EAAEC,MAAM,EAAC,EACzBC,OAAO,EAACC,IAAI,EAAEC,KAAK,EAAC,EACvB;QAE7E,MAAM,EAACC,OAAO,EAACC,QAAQ,EAACC,SAAS,EAACC,SAAS,EAAEC,QAAQ,EAAEC,WAAW,EAAC,EAAC,EAAC,EAAC,GAAGV;QAEzE,MAAMW,cAAclB;QAEpB,MAAMmB,gBAAgBD,YAAYE,GAAG,CAACjB,QAAQkB,IAAI,GAAGC;QAErD,IAAIH,eAAe;YAEf,MAAMI,WAAW,MAAMC,MAAM,IAAIC,IAAI,CAAC,EAAEV,UAAU,eAAe,CAAC,GAAG;gBACjEW,QAAQ;gBACRC,MAAM,IAAIC,gBAAgB;oBACtBC,YAAY;oBACZnB,MAAMA;oBACNoB,cAAcb;oBACdc,WAAWf;oBACXG;gBACJ;YACJ;YAEA,IAAII,SAASS,EAAE,EAAE;gBAEb,MAAM,EAACC,QAAQ,EAAC,GAAG,MAAMV,SAASW,IAAI;gBAEtC,IAAID,UAAU;oBAEVf,YAAYiB,MAAM,CAAChC,QAAQkB,IAAI;oBAE/BH,YAAYkB,GAAG,CAAC;wBACZC,MAAMlC,QAAQmC,OAAO;wBACrBhB,OAAOpB,IAAIqC,IAAI,CAACrC,IAAIsC,MAAM,CAACP,WAA6BzB;wBACxDiC,UAAU;wBACVC,MAAM;wBACNC,UAAU;wBACVC,QAAQ;wBACRC,QAAQ5C,QAAQ6C,GAAG,CAACC,QAAQ,IAAI;oBACpC;oBAEA,OAAO1C,UAAU,IAAIuB,gBAAgBoB,KAAKrC,SAAmB;gBAEjE;gBAEA,OAAOsC,SAASf,IAAI,CAAC;oBACjBgB,QAAQ;oBACRC,SAAS;gBACb;YAEJ;YAEA,OAAOF,SAASf,IAAI,CAAC;gBACjBgB,QAAQ;gBACRC,SAAS;YACb;QAEJ;QAEA,OAAOF,SAASf,IAAI,CAAC;YACjBgB,QAAQ;YACRC,SAAS;QACb;IAEJ,EAAC"}
1
+ {"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {cookies} from 'next/headers.js'\nimport process from 'node:process'\nimport jwt from 'jsonwebtoken'\nimport {PayloadConfigWithZitadel, ZitadelIdToken, ZitadelOnSuccess} from '../types.js'\nimport {COOKIES} from '../constants.js'\n\nexport const callback = (onSuccess: ZitadelOnSuccess): PayloadHandler => async ({\n payload: {config, secret},\n query: {code, state}\n }) => {\n\n const {admin: {custom: {zitadel: {issuerURL, clientId, callbackURL}}}} = config as PayloadConfigWithZitadel\n\n const cookieStore = cookies()\n\n const code_verifier = cookieStore.get(COOKIES.pkce)?.value\n\n if (code_verifier) {\n\n const response = await fetch(new URL(`${issuerURL}/oauth/v2/token`), {\n method: 'POST',\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code: code as string,\n redirect_uri: callbackURL,\n client_id: clientId,\n code_verifier\n })\n })\n\n if (response.ok) {\n\n const {id_token} = await response.json()\n\n if (id_token) {\n\n console.log(JSON.stringify(jwt.decode(id_token)))\n\n cookieStore.delete(COOKIES.pkce)\n\n cookieStore.set({\n name: COOKIES.idToken,\n value: jwt.sign(jwt.decode(id_token) as ZitadelIdToken, secret),\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n maxAge: 900,\n secure: process.env.NODE_ENV == 'production'\n })\n\n return onSuccess(new URLSearchParams(atob(state as string ?? '')))\n\n }\n\n return Response.json({\n status: 'error',\n message: 'token could not be retrieved from the response'\n })\n\n }\n\n return Response.json({\n status: 'error',\n message: 'error while communicating with token endpoint'\n })\n\n }\n\n return Response.json({\n status: 'error',\n message: 'code verifier not found (associated http-only cookie is empty)'\n })\n\n}"],"names":["cookies","process","jwt","COOKIES","callback","onSuccess","payload","config","secret","query","code","state","admin","custom","zitadel","issuerURL","clientId","callbackURL","cookieStore","code_verifier","get","pkce","value","response","fetch","URL","method","body","URLSearchParams","grant_type","redirect_uri","client_id","ok","id_token","json","console","log","JSON","stringify","decode","delete","set","name","idToken","sign","httpOnly","path","sameSite","maxAge","secure","env","NODE_ENV","atob","Response","status","message"],"mappings":"AACA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,OAAOC,aAAa,eAAc;AAClC,OAAOC,SAAS,eAAc;AAE9B,SAAQC,OAAO,QAAO,kBAAiB;AAEvC,OAAO,MAAMC,WAAW,CAACC,YAAgD,OAAO,EACIC,SAAS,EAACC,MAAM,EAAEC,MAAM,EAAC,EACzBC,OAAO,EAACC,IAAI,EAAEC,KAAK,EAAC,EACvB;QAE7E,MAAM,EAACC,OAAO,EAACC,QAAQ,EAACC,SAAS,EAACC,SAAS,EAAEC,QAAQ,EAAEC,WAAW,EAAC,EAAC,EAAC,EAAC,GAAGV;QAEzE,MAAMW,cAAclB;QAEpB,MAAMmB,gBAAgBD,YAAYE,GAAG,CAACjB,QAAQkB,IAAI,GAAGC;QAErD,IAAIH,eAAe;YAEf,MAAMI,WAAW,MAAMC,MAAM,IAAIC,IAAI,CAAC,EAAEV,UAAU,eAAe,CAAC,GAAG;gBACjEW,QAAQ;gBACRC,MAAM,IAAIC,gBAAgB;oBACtBC,YAAY;oBACZnB,MAAMA;oBACNoB,cAAcb;oBACdc,WAAWf;oBACXG;gBACJ;YACJ;YAEA,IAAII,SAASS,EAAE,EAAE;gBAEb,MAAM,EAACC,QAAQ,EAAC,GAAG,MAAMV,SAASW,IAAI;gBAEtC,IAAID,UAAU;oBAEVE,QAAQC,GAAG,CAACC,KAAKC,SAAS,CAACpC,IAAIqC,MAAM,CAACN;oBAEtCf,YAAYsB,MAAM,CAACrC,QAAQkB,IAAI;oBAE/BH,YAAYuB,GAAG,CAAC;wBACZC,MAAMvC,QAAQwC,OAAO;wBACrBrB,OAAOpB,IAAI0C,IAAI,CAAC1C,IAAIqC,MAAM,CAACN,WAA6BzB;wBACxDqC,UAAU;wBACVC,MAAM;wBACNC,UAAU;wBACVC,QAAQ;wBACRC,QAAQhD,QAAQiD,GAAG,CAACC,QAAQ,IAAI;oBACpC;oBAEA,OAAO9C,UAAU,IAAIuB,gBAAgBwB,KAAKzC,SAAmB;gBAEjE;gBAEA,OAAO0C,SAASnB,IAAI,CAAC;oBACjBoB,QAAQ;oBACRC,SAAS;gBACb;YAEJ;YAEA,OAAOF,SAASnB,IAAI,CAAC;gBACjBoB,QAAQ;gBACRC,SAAS;YACb;QAEJ;QAEA,OAAOF,SAASnB,IAAI,CAAC;YACjBoB,QAAQ;YACRC,SAAS;QACb;IAEJ,EAAC"}
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAA6C,iBAAiB,EAAC,MAAM,YAAY,CAAA;AAIxF,eAAO,MAAM,aAAa,EAAE,iBA4K3B,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAA6C,iBAAiB,EAAC,MAAM,YAAY,CAAA;AAIxF,eAAO,MAAM,aAAa,EAAE,iBA2L3B,CAAA"}
package/dist/index.js CHANGED
@@ -4,7 +4,7 @@ import { authorize, callback } from './handlers/index.js';
4
4
  import { zitadelStrategy } from './strategy.js';
5
5
  import { translations } from './translations.js';
6
6
  import { NextResponse } from 'next/server.js';
7
- export const ZitadelPlugin = ({ associatedIdFieldName = DEFAULT_CONFIG.associatedIdFieldName, disableAvatar, disableDefaultLoginButton, strategyName = DEFAULT_CONFIG.strategyName, label = DEFAULT_CONFIG.label, issuerURL, clientId, enableAPI, apiClientId, apiKeyId, apiKey, onSuccess })=>{
7
+ export const ZitadelPlugin = ({ fieldsConfig: _fieldsConfig, disableAvatar, disableDefaultLoginButton, strategyName = DEFAULT_CONFIG.strategyName, label = DEFAULT_CONFIG.label, issuerURL, clientId, enableAPI, apiClientId, apiKeyId, apiKey, onSuccess })=>{
8
8
  if (!issuerURL) throw new Error(ERROR_MESSAGES.issuerURL);
9
9
  if (!clientId) throw new Error(ERROR_MESSAGES.clientId);
10
10
  if (enableAPI) {
@@ -12,6 +12,10 @@ export const ZitadelPlugin = ({ associatedIdFieldName = DEFAULT_CONFIG.associate
12
12
  if (!apiKeyId) throw new Error(ERROR_MESSAGES.apiKey);
13
13
  if (!apiKey) throw new Error(ERROR_MESSAGES.apiKey);
14
14
  }
15
+ const fieldsConfig = {
16
+ ...DEFAULT_CONFIG.fields,
17
+ ..._fieldsConfig
18
+ };
15
19
  return (incomingConfig)=>{
16
20
  const serverURL = incomingConfig.serverURL ?? 'http://localhost';
17
21
  const authSlug = incomingConfig.admin?.user ?? 'users';
@@ -64,7 +68,7 @@ export const ZitadelPlugin = ({ associatedIdFieldName = DEFAULT_CONFIG.associate
64
68
  ...authConfig?.strategies ?? [],
65
69
  zitadelStrategy({
66
70
  authSlug,
67
- associatedIdFieldName,
71
+ fieldsConfig,
68
72
  strategyName: strategyName,
69
73
  issuerURL: issuerURL,
70
74
  clientId: clientId,
@@ -99,7 +103,7 @@ export const ZitadelPlugin = ({ associatedIdFieldName = DEFAULT_CONFIG.associate
99
103
  fields: [
100
104
  ...collection.fields,
101
105
  {
102
- name: associatedIdFieldName,
106
+ ...fieldsConfig.id,
103
107
  type: 'text',
104
108
  admin: {
105
109
  readOnly: true
@@ -109,25 +113,38 @@ export const ZitadelPlugin = ({ associatedIdFieldName = DEFAULT_CONFIG.associate
109
113
  required: true
110
114
  },
111
115
  {
112
- name: 'email',
113
- type: 'email',
116
+ ...fieldsConfig.name,
117
+ type: 'text',
114
118
  admin: {
115
119
  readOnly: true
116
120
  }
117
121
  },
118
122
  {
119
- name: 'name',
120
- type: 'text',
123
+ ...fieldsConfig.email,
124
+ type: 'email',
121
125
  admin: {
122
126
  readOnly: true
123
127
  }
124
128
  },
125
129
  {
126
- name: 'image',
130
+ ...fieldsConfig.image,
127
131
  type: 'text',
128
132
  admin: {
129
133
  readOnly: true
130
134
  }
135
+ },
136
+ {
137
+ ...fieldsConfig.roles,
138
+ type: 'array',
139
+ admin: {
140
+ readOnly: true
141
+ },
142
+ fields: [
143
+ {
144
+ ...fieldsConfig.roleFields.name,
145
+ type: 'text'
146
+ }
147
+ ]
131
148
  }
132
149
  ]
133
150
  } : {}
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {COOKIES, DEFAULT_CONFIG, ERROR_MESSAGES, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {PayloadConfigWithZitadel, ZitadelOnSuccess, ZitadelPluginType} from './types.js'\nimport {translations} from './translations.js'\nimport {NextResponse} from 'next/server.js'\n\nexport const ZitadelPlugin: ZitadelPluginType = ({\n associatedIdFieldName = DEFAULT_CONFIG.associatedIdFieldName,\n disableAvatar,\n disableDefaultLoginButton,\n strategyName = DEFAULT_CONFIG.strategyName,\n label = DEFAULT_CONFIG.label,\n issuerURL,\n clientId,\n enableAPI,\n apiClientId,\n apiKeyId,\n apiKey,\n onSuccess\n }) => {\n\n if (!issuerURL)\n throw new Error(ERROR_MESSAGES.issuerURL)\n if (!clientId)\n throw new Error(ERROR_MESSAGES.clientId)\n if (enableAPI) {\n if (!apiClientId)\n throw new Error(ERROR_MESSAGES.apiClientId)\n if (!apiKeyId)\n throw new Error(ERROR_MESSAGES.apiKey)\n if (!apiKey)\n throw new Error(ERROR_MESSAGES.apiKey)\n }\n\n return (incomingConfig) => {\n\n const serverURL = incomingConfig.serverURL ?? 'http://localhost'\n\n const authSlug = incomingConfig.admin?.user ?? 'users'\n\n const authBaseURL = `${serverURL}/api/${authSlug}`\n const authorizeURL = authBaseURL + ROUTES.authorize\n const callbackURL = authBaseURL + ROUTES.callback\n\n const defaultOnSuccess: ZitadelOnSuccess = (state) =>\n NextResponse.redirect(serverURL + (state.get('redirect') ?? ''))\n\n\n return {\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...disableAvatar ? {} : {\n avatar: {\n Component: 'payload-zitadel-plugin/components#Avatar'\n }\n },\n ...disableDefaultLoginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n path: 'payload-zitadel-plugin/components#LoginButton',\n serverProps: {\n authorizeURL,\n label\n }\n }\n ]\n }\n },\n custom: {\n ...incomingConfig.admin?.custom,\n zitadel: {\n issuerURL,\n clientId,\n callbackURL\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == authSlug ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n authSlug,\n associatedIdFieldName,\n strategyName: strategyName,\n issuerURL: issuerURL as string,\n clientId: clientId as string,\n ...(enableAPI ? {\n enableAPI: true,\n apiClientId: apiClientId!,\n apiKeyId: apiClientId!,\n apiKey: apiKey!\n } : {enableAPI: undefined})\n })\n ]\n },\n hooks: {\n afterLogout: [() => cookies().delete(COOKIES.idToken)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback(onSuccess ?? defaultOnSuccess)\n }\n ],\n fields: [\n ...collection.fields,\n {\n name: associatedIdFieldName,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n name: 'email',\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n name: 'name',\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n name: 'image',\n type: 'text',\n admin: {\n readOnly: true\n }\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n } satisfies PayloadConfigWithZitadel\n\n }\n\n}"],"names":["cookies","COOKIES","DEFAULT_CONFIG","ERROR_MESSAGES","ROUTES","authorize","callback","zitadelStrategy","translations","NextResponse","ZitadelPlugin","associatedIdFieldName","disableAvatar","disableDefaultLoginButton","strategyName","label","issuerURL","clientId","enableAPI","apiClientId","apiKeyId","apiKey","onSuccess","Error","incomingConfig","serverURL","authSlug","admin","user","authBaseURL","authorizeURL","callbackURL","defaultOnSuccess","state","redirect","get","avatar","Component","components","afterLogin","path","serverProps","custom","zitadel","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","undefined","hooks","afterLogout","delete","idToken","endpoints","method","handler","fields","name","type","readOnly","index","unique","required","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,EAAEC,cAAc,EAAEC,cAAc,EAAEC,MAAM,QAAO,iBAAgB;AAC9E,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAE7C,SAAQC,YAAY,QAAO,oBAAmB;AAC9C,SAAQC,YAAY,QAAO,iBAAgB;AAE3C,OAAO,MAAMC,gBAAmC,CAAC,EACIC,wBAAwBT,eAAeS,qBAAqB,EAC5DC,aAAa,EACbC,yBAAyB,EACzBC,eAAeZ,eAAeY,YAAY,EAC1CC,QAAQb,eAAea,KAAK,EAC5BC,SAAS,EACTC,QAAQ,EACRC,SAAS,EACTC,WAAW,EACXC,QAAQ,EACRC,MAAM,EACNC,SAAS,EACZ;IAE9C,IAAI,CAACN,WACD,MAAM,IAAIO,MAAMpB,eAAea,SAAS;IAC5C,IAAI,CAACC,UACD,MAAM,IAAIM,MAAMpB,eAAec,QAAQ;IAC3C,IAAIC,WAAW;QACX,IAAI,CAACC,aACD,MAAM,IAAII,MAAMpB,eAAegB,WAAW;QAC9C,IAAI,CAACC,UACD,MAAM,IAAIG,MAAMpB,eAAekB,MAAM;QACzC,IAAI,CAACA,QACD,MAAM,IAAIE,MAAMpB,eAAekB,MAAM;IAC7C;IAEA,OAAO,CAACG;QAEJ,MAAMC,YAAYD,eAAeC,SAAS,IAAI;QAE9C,MAAMC,WAAWF,eAAeG,KAAK,EAAEC,QAAQ;QAE/C,MAAMC,cAAc,CAAC,EAAEJ,UAAU,KAAK,EAAEC,SAAS,CAAC;QAClD,MAAMI,eAAeD,cAAczB,OAAOC,SAAS;QACnD,MAAM0B,cAAcF,cAAczB,OAAOE,QAAQ;QAEjD,MAAM0B,mBAAqC,CAACC,QACxCxB,aAAayB,QAAQ,CAACT,YAAaQ,CAAAA,MAAME,GAAG,CAAC,eAAe,EAAC;QAGjE,OAAO;YACH,GAAGX,cAAc;YACjBG,OAAO;gBACH,GAAGH,eAAeG,KAAK;gBACvB,GAAGf,gBAAgB,CAAC,IAAI;oBACpBwB,QAAQ;wBACJC,WAAW;oBACf;gBACJ,CAAC;gBACD,GAAGxB,4BAA4B,CAAC,IAAI;oBAChCyB,YAAY;wBACR,GAAGd,eAAeG,KAAK,EAAEW,UAAU;wBACnCC,YAAY;+BACLf,eAAeG,KAAK,EAAEW,YAAYC,cAAc,EAAE;4BACrD;gCACIC,MAAM;gCACNC,aAAa;oCACTX;oCACAf;gCACJ;4BACJ;yBACH;oBACL;gBACJ,CAAC;gBACD2B,QAAQ;oBACJ,GAAGlB,eAAeG,KAAK,EAAEe,MAAM;oBAC/BC,SAAS;wBACL3B;wBACAC;wBACAc;oBACJ;gBACJ;YACJ;YACAa,aAAa,AAACpB,CAAAA,eAAeoB,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAIvB,WAAW;wBAC7BsB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/B5C,gBAAgB;oCACZmB;oCACAf;oCACAG,cAAcA;oCACdE,WAAWA;oCACXC,UAAUA;oCACV,GAAIC,YAAY;wCACZA,WAAW;wCACXC,aAAaA;wCACbC,UAAUD;wCACVE,QAAQA;oCACZ,IAAI;wCAACH,WAAWkC;oCAAS,CAAC;gCAC9B;6BACH;wBACL;wBACAC,OAAO;4BACHC,aAAa;gCAAC,IAAMtD,UAAUuD,MAAM,CAACtD,QAAQuD,OAAO;6BAAE;wBAC1D;wBACAC,WAAW;4BACP;gCACIjB,MAAMpC,OAAOC,SAAS;gCACtBqD,QAAQ;gCACRC,SAAStD;4BACb;4BACA;gCACImC,MAAMpC,OAAOE,QAAQ;gCACrBoD,QAAQ;gCACRC,SAASrD,SAASgB,aAAaU;4BACnC;yBACH;wBACD4B,QAAQ;+BACDd,WAAWc,MAAM;4BACpB;gCACIC,MAAMlD;gCACNmD,MAAM;gCACNnC,OAAO;oCACHoC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACIL,MAAM;gCACNC,MAAM;gCACNnC,OAAO;oCACHoC,UAAU;gCACd;4BACJ;4BACA;gCACIF,MAAM;gCACNC,MAAM;gCACNnC,OAAO;oCACHoC,UAAU;gCACd;4BACJ;4BACA;gCACIF,MAAM;gCACNC,MAAM;gCACNnC,OAAO;oCACHoC,UAAU;gCACd;4BACJ;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAI,MAAM;gBACF,GAAG3C,eAAe2C,IAAI;gBACtB3D,cAAc;oBACV,GAAGgB,eAAe2C,IAAI,EAAE3D,YAAY;oBACpC4D,IAAI;wBACA,GAAG5C,eAAe2C,IAAI,EAAE3D,cAAc4D,EAAE;wBACxC,GAAG5D,aAAa4D,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAG7C,eAAe2C,IAAI,EAAE3D,cAAc6D,EAAE;wBACxC,GAAG7D,aAAa6D,EAAE;oBACtB;gBACJ;YACJ;QACJ;IAEJ;AAEJ,EAAC"}
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {COOKIES, DEFAULT_CONFIG, ERROR_MESSAGES, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {PayloadConfigWithZitadel, ZitadelOnSuccess, ZitadelPluginType} from './types.js'\nimport {translations} from './translations.js'\nimport {NextResponse} from 'next/server.js'\n\nexport const ZitadelPlugin: ZitadelPluginType = ({\n fieldsConfig: _fieldsConfig,\n disableAvatar,\n disableDefaultLoginButton,\n strategyName = DEFAULT_CONFIG.strategyName,\n label = DEFAULT_CONFIG.label,\n issuerURL,\n clientId,\n enableAPI,\n apiClientId,\n apiKeyId,\n apiKey,\n onSuccess\n }) => {\n\n if (!issuerURL)\n throw new Error(ERROR_MESSAGES.issuerURL)\n if (!clientId)\n throw new Error(ERROR_MESSAGES.clientId)\n if (enableAPI) {\n if (!apiClientId)\n throw new Error(ERROR_MESSAGES.apiClientId)\n if (!apiKeyId)\n throw new Error(ERROR_MESSAGES.apiKey)\n if (!apiKey)\n throw new Error(ERROR_MESSAGES.apiKey)\n }\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ..._fieldsConfig}\n\n return (incomingConfig) => {\n\n const serverURL = incomingConfig.serverURL ?? 'http://localhost'\n\n const authSlug = incomingConfig.admin?.user ?? 'users'\n\n const authBaseURL = `${serverURL}/api/${authSlug}`\n const authorizeURL = authBaseURL + ROUTES.authorize\n const callbackURL = authBaseURL + ROUTES.callback\n\n const defaultOnSuccess: ZitadelOnSuccess = (state) =>\n NextResponse.redirect(serverURL + (state.get('redirect') ?? ''))\n\n\n return {\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...disableAvatar ? {} : {\n avatar: {\n Component: 'payload-zitadel-plugin/components#Avatar'\n }\n },\n ...disableDefaultLoginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n path: 'payload-zitadel-plugin/components#LoginButton',\n serverProps: {\n authorizeURL,\n label\n }\n }\n ]\n }\n },\n custom: {\n ...incomingConfig.admin?.custom,\n zitadel: {\n issuerURL,\n clientId,\n callbackURL\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == authSlug ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n authSlug,\n fieldsConfig,\n strategyName: strategyName,\n issuerURL: issuerURL as string,\n clientId: clientId as string,\n ...(enableAPI ? {\n enableAPI: true,\n apiClientId: apiClientId!,\n apiKeyId: apiClientId!,\n apiKey: apiKey!\n } : {enableAPI: undefined})\n })\n ]\n },\n hooks: {\n afterLogout: [() => cookies().delete(COOKIES.idToken)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback(onSuccess ?? defaultOnSuccess)\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n } satisfies PayloadConfigWithZitadel\n\n }\n\n}"],"names":["cookies","COOKIES","DEFAULT_CONFIG","ERROR_MESSAGES","ROUTES","authorize","callback","zitadelStrategy","translations","NextResponse","ZitadelPlugin","fieldsConfig","_fieldsConfig","disableAvatar","disableDefaultLoginButton","strategyName","label","issuerURL","clientId","enableAPI","apiClientId","apiKeyId","apiKey","onSuccess","Error","fields","incomingConfig","serverURL","authSlug","admin","user","authBaseURL","authorizeURL","callbackURL","defaultOnSuccess","state","redirect","get","avatar","Component","components","afterLogin","path","serverProps","custom","zitadel","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","undefined","hooks","afterLogout","delete","idToken","endpoints","method","handler","id","type","readOnly","index","unique","required","name","email","image","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,EAAEC,cAAc,EAAEC,cAAc,EAAEC,MAAM,QAAO,iBAAgB;AAC9E,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAE7C,SAAQC,YAAY,QAAO,oBAAmB;AAC9C,SAAQC,YAAY,QAAO,iBAAgB;AAE3C,OAAO,MAAMC,gBAAmC,CAAC,EACIC,cAAcC,aAAa,EAC3BC,aAAa,EACbC,yBAAyB,EACzBC,eAAeb,eAAea,YAAY,EAC1CC,QAAQd,eAAec,KAAK,EAC5BC,SAAS,EACTC,QAAQ,EACRC,SAAS,EACTC,WAAW,EACXC,QAAQ,EACRC,MAAM,EACNC,SAAS,EACZ;IAE9C,IAAI,CAACN,WACD,MAAM,IAAIO,MAAMrB,eAAec,SAAS;IAC5C,IAAI,CAACC,UACD,MAAM,IAAIM,MAAMrB,eAAee,QAAQ;IAC3C,IAAIC,WAAW;QACX,IAAI,CAACC,aACD,MAAM,IAAII,MAAMrB,eAAeiB,WAAW;QAC9C,IAAI,CAACC,UACD,MAAM,IAAIG,MAAMrB,eAAemB,MAAM;QACzC,IAAI,CAACA,QACD,MAAM,IAAIE,MAAMrB,eAAemB,MAAM;IAC7C;IAEA,MAAMX,eAAe;QAAC,GAAGT,eAAeuB,MAAM;QAAE,GAAGb,aAAa;IAAA;IAEhE,OAAO,CAACc;QAEJ,MAAMC,YAAYD,eAAeC,SAAS,IAAI;QAE9C,MAAMC,WAAWF,eAAeG,KAAK,EAAEC,QAAQ;QAE/C,MAAMC,cAAc,CAAC,EAAEJ,UAAU,KAAK,EAAEC,SAAS,CAAC;QAClD,MAAMI,eAAeD,cAAc3B,OAAOC,SAAS;QACnD,MAAM4B,cAAcF,cAAc3B,OAAOE,QAAQ;QAEjD,MAAM4B,mBAAqC,CAACC,QACxC1B,aAAa2B,QAAQ,CAACT,YAAaQ,CAAAA,MAAME,GAAG,CAAC,eAAe,EAAC;QAGjE,OAAO;YACH,GAAGX,cAAc;YACjBG,OAAO;gBACH,GAAGH,eAAeG,KAAK;gBACvB,GAAGhB,gBAAgB,CAAC,IAAI;oBACpByB,QAAQ;wBACJC,WAAW;oBACf;gBACJ,CAAC;gBACD,GAAGzB,4BAA4B,CAAC,IAAI;oBAChC0B,YAAY;wBACR,GAAGd,eAAeG,KAAK,EAAEW,UAAU;wBACnCC,YAAY;+BACLf,eAAeG,KAAK,EAAEW,YAAYC,cAAc,EAAE;4BACrD;gCACIC,MAAM;gCACNC,aAAa;oCACTX;oCACAhB;gCACJ;4BACJ;yBACH;oBACL;gBACJ,CAAC;gBACD4B,QAAQ;oBACJ,GAAGlB,eAAeG,KAAK,EAAEe,MAAM;oBAC/BC,SAAS;wBACL5B;wBACAC;wBACAe;oBACJ;gBACJ;YACJ;YACAa,aAAa,AAACpB,CAAAA,eAAeoB,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAIvB,WAAW;wBAC7BsB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/B9C,gBAAgB;oCACZqB;oCACAjB;oCACAI,cAAcA;oCACdE,WAAWA;oCACXC,UAAUA;oCACV,GAAIC,YAAY;wCACZA,WAAW;wCACXC,aAAaA;wCACbC,UAAUD;wCACVE,QAAQA;oCACZ,IAAI;wCAACH,WAAWmC;oCAAS,CAAC;gCAC9B;6BACH;wBACL;wBACAC,OAAO;4BACHC,aAAa;gCAAC,IAAMxD,UAAUyD,MAAM,CAACxD,QAAQyD,OAAO;6BAAE;wBAC1D;wBACAC,WAAW;4BACP;gCACIjB,MAAMtC,OAAOC,SAAS;gCACtBuD,QAAQ;gCACRC,SAASxD;4BACb;4BACA;gCACIqC,MAAMtC,OAAOE,QAAQ;gCACrBsD,QAAQ;gCACRC,SAASvD,SAASiB,aAAaW;4BACnC;yBACH;wBACDT,QAAQ;+BACDuB,WAAWvB,MAAM;4BACpB;gCACI,GAAGd,aAAamD,EAAE;gCAClBC,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGxD,aAAayD,IAAI;gCACpBL,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGrD,aAAa0D,KAAK;gCACrBN,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGrD,aAAa2D,KAAK;gCACrBP,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGrD,aAAa4D,KAAK;gCACrBR,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;gCACAvC,QAAQ;oCACJ;wCACI,GAAGd,aAAa6D,UAAU,CAACJ,IAAI;wCAC/BL,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAU,MAAM;gBACF,GAAG/C,eAAe+C,IAAI;gBACtBjE,cAAc;oBACV,GAAGkB,eAAe+C,IAAI,EAAEjE,YAAY;oBACpCkE,IAAI;wBACA,GAAGhD,eAAe+C,IAAI,EAAEjE,cAAckE,EAAE;wBACxC,GAAGlE,aAAakE,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAGjD,eAAe+C,IAAI,EAAEjE,cAAcmE,EAAE;wBACxC,GAAGnE,aAAamE,EAAE;oBACtB;gBACJ;YACJ;QACJ;IAEJ;AAEJ,EAAC"}
package/dist/strategy.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"strategy.d.ts","sourceRoot":"","sources":["../src/strategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,mBAAmB,EAAC,MAAM,YAAY,CAAA;AAK9D,eAAO,MAAM,eAAe,EAAE,mBA6F5B,CAAA"}
1
+ {"version":3,"file":"strategy.d.ts","sourceRoot":"","sources":["../src/strategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,mBAAmB,EAAC,MAAM,YAAY,CAAA;AAK9D,eAAO,MAAM,eAAe,EAAE,mBA+F5B,CAAA"}
package/dist/strategy.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import jwt from 'jsonwebtoken';
2
2
  import { cookies } from 'next/headers.js';
3
3
  import { COOKIES } from './constants.js';
4
- export const zitadelStrategy = ({ authSlug, associatedIdFieldName, strategyName, issuerURL, enableAPI, apiClientId, apiKeyId, apiKey })=>({
4
+ export const zitadelStrategy = ({ authSlug, fieldsConfig, strategyName, issuerURL, enableAPI, apiClientId, apiKeyId, apiKey })=>({
5
5
  name: strategyName,
6
6
  authenticate: async ({ headers, payload })=>{
7
7
  let id, idp_id, id_token;
@@ -46,7 +46,7 @@ export const zitadelStrategy = ({ authSlug, associatedIdFieldName, strategyName,
46
46
  const { docs, totalDocs } = await payload.find({
47
47
  collection: authSlug,
48
48
  where: {
49
- [associatedIdFieldName]: {
49
+ [fieldsConfig.id.name]: {
50
50
  equals: idp_id
51
51
  }
52
52
  }
@@ -54,7 +54,7 @@ export const zitadelStrategy = ({ authSlug, associatedIdFieldName, strategyName,
54
54
  id = totalDocs ? docs[0].id : (await payload.create({
55
55
  collection: authSlug,
56
56
  data: {
57
- [associatedIdFieldName]: idp_id
57
+ [fieldsConfig.id.name]: idp_id
58
58
  }
59
59
  })).id;
60
60
  }
@@ -64,9 +64,12 @@ export const zitadelStrategy = ({ authSlug, associatedIdFieldName, strategyName,
64
64
  collection: authSlug,
65
65
  id,
66
66
  data: {
67
- email: id_token.email,
68
- name: id_token.name,
69
- image: id_token.picture
67
+ [fieldsConfig.name.name]: id_token.name,
68
+ [fieldsConfig.email.name]: id_token.email,
69
+ [fieldsConfig.image.name]: id_token.picture,
70
+ [fieldsConfig.roles.name]: Object.keys(id_token['urn:zitadel:iam:org:project:roles'] ?? {}).map((key)=>({
71
+ [fieldsConfig.roleFields.name.name]: key
72
+ }))
70
73
  }
71
74
  });
72
75
  }
package/dist/strategy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/strategy.ts"],"sourcesContent":["import {ZitadelIdToken, ZitadelStrategyType} from './types.js'\nimport jwt from 'jsonwebtoken'\nimport {cookies} from 'next/headers.js'\nimport {COOKIES} from './constants.js'\n\nexport const zitadelStrategy: ZitadelStrategyType = ({\n authSlug,\n associatedIdFieldName,\n strategyName,\n issuerURL,\n enableAPI,\n apiClientId,\n apiKeyId,\n apiKey\n }) => ({\n name: strategyName,\n authenticate: async ({headers, payload}) => {\n\n let id, idp_id, id_token\n\n const cookieStore = cookies()\n\n if (enableAPI) {\n // in case of incoming API call from the app\n const authHeader = headers.get('Authorization')\n if (authHeader?.includes('Bearer')) {\n const introspect = await fetch(`${issuerURL}/oauth/v2/introspect`, {\n method: 'post',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded'\n },\n body: new URLSearchParams({\n 'client_assertion_type': 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',\n 'client_assertion': jwt.sign({}, apiKey, {\n algorithm: 'RS256',\n audience: issuerURL,\n expiresIn: '1h',\n issuer: apiClientId,\n keyid: apiKeyId,\n subject: apiClientId\n }),\n 'token': authHeader.split(' ')[1]\n })\n })\n if (introspect.ok) {\n const data = await introspect.json()\n if (data?.active) {\n idp_id = data.sub\n }\n }\n }\n }\n\n // in case of normal browsing\n if (!idp_id && cookieStore.has(COOKIES.idToken)) {\n id_token = jwt.verify(cookieStore.get(COOKIES.idToken)?.value ?? '', payload.secret) as ZitadelIdToken\n idp_id = id_token.sub\n }\n\n // search for associated user; if not found, create one\n if (idp_id) {\n const {docs, totalDocs} = await payload.find({\n collection: authSlug,\n where: {\n [associatedIdFieldName]: {\n equals: idp_id\n }\n }\n })\n id = totalDocs ? docs[0].id : (await payload.create({\n collection: authSlug,\n data: {\n [associatedIdFieldName]: idp_id\n }\n })).id\n }\n\n // update user information if possible\n if (id && id_token) {\n await payload.update({\n collection: authSlug,\n id,\n data: {\n email: id_token.email,\n name: id_token.name,\n image: id_token.picture\n }\n })\n }\n\n return {\n user: id ? {\n collection: authSlug,\n id\n } : null\n }\n\n }\n})"],"names":["jwt","cookies","COOKIES","zitadelStrategy","authSlug","associatedIdFieldName","strategyName","issuerURL","enableAPI","apiClientId","apiKeyId","apiKey","name","authenticate","headers","payload","id","idp_id","id_token","cookieStore","authHeader","get","includes","introspect","fetch","method","body","URLSearchParams","sign","algorithm","audience","expiresIn","issuer","keyid","subject","split","ok","data","json","active","sub","has","idToken","verify","value","secret","docs","totalDocs","find","collection","where","equals","create","update","email","image","picture","user"],"mappings":"AACA,OAAOA,SAAS,eAAc;AAC9B,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,QAAO,iBAAgB;AAEtC,OAAO,MAAMC,kBAAuC,CAAC,EACIC,QAAQ,EACRC,qBAAqB,EACrBC,YAAY,EACZC,SAAS,EACTC,SAAS,EACTC,WAAW,EACXC,QAAQ,EACRC,MAAM,EACT,GAAM,CAAA;QACxDC,MAAMN;QACNO,cAAc,OAAO,EAACC,OAAO,EAAEC,OAAO,EAAC;YAEnC,IAAIC,IAAIC,QAAQC;YAEhB,MAAMC,cAAclB;YAEpB,IAAIO,WAAW;gBACX,4CAA4C;gBAC5C,MAAMY,aAAaN,QAAQO,GAAG,CAAC;gBAC/B,IAAID,YAAYE,SAAS,WAAW;oBAChC,MAAMC,aAAa,MAAMC,MAAM,CAAC,EAAEjB,UAAU,oBAAoB,CAAC,EAAE;wBAC/DkB,QAAQ;wBACRX,SAAS;4BACL,gBAAgB;wBACpB;wBACAY,MAAM,IAAIC,gBAAgB;4BACtB,yBAAyB;4BACzB,oBAAoB3B,IAAI4B,IAAI,CAAC,CAAC,GAAGjB,QAAQ;gCACrCkB,WAAW;gCACXC,UAAUvB;gCACVwB,WAAW;gCACXC,QAAQvB;gCACRwB,OAAOvB;gCACPwB,SAASzB;4BACb;4BACA,SAASW,WAAWe,KAAK,CAAC,IAAI,CAAC,EAAE;wBACrC;oBACJ;oBACA,IAAIZ,WAAWa,EAAE,EAAE;wBACf,MAAMC,OAAO,MAAMd,WAAWe,IAAI;wBAClC,IAAID,MAAME,QAAQ;4BACdtB,SAASoB,KAAKG,GAAG;wBACrB;oBACJ;gBACJ;YACJ;YAEA,6BAA6B;YAC7B,IAAI,CAACvB,UAAUE,YAAYsB,GAAG,CAACvC,QAAQwC,OAAO,GAAG;gBAC7CxB,WAAWlB,IAAI2C,MAAM,CAACxB,YAAYE,GAAG,CAACnB,QAAQwC,OAAO,GAAGE,SAAS,IAAI7B,QAAQ8B,MAAM;gBACnF5B,SAASC,SAASsB,GAAG;YACzB;YAEA,uDAAuD;YACvD,IAAIvB,QAAQ;gBACR,MAAM,EAAC6B,IAAI,EAAEC,SAAS,EAAC,GAAG,MAAMhC,QAAQiC,IAAI,CAAC;oBACzCC,YAAY7C;oBACZ8C,OAAO;wBACH,CAAC7C,sBAAsB,EAAE;4BACrB8C,QAAQlC;wBACZ;oBACJ;gBACJ;gBACAD,KAAK+B,YAAYD,IAAI,CAAC,EAAE,CAAC9B,EAAE,GAAG,AAAC,CAAA,MAAMD,QAAQqC,MAAM,CAAC;oBAChDH,YAAY7C;oBACZiC,MAAM;wBACF,CAAChC,sBAAsB,EAAEY;oBAC7B;gBACJ,EAAC,EAAGD,EAAE;YACV;YAEA,sCAAsC;YACtC,IAAIA,MAAME,UAAU;gBAChB,MAAMH,QAAQsC,MAAM,CAAC;oBACjBJ,YAAY7C;oBACZY;oBACAqB,MAAM;wBACFiB,OAAOpC,SAASoC,KAAK;wBACrB1C,MAAMM,SAASN,IAAI;wBACnB2C,OAAOrC,SAASsC,OAAO;oBAC3B;gBACJ;YACJ;YAEA,OAAO;gBACHC,MAAMzC,KAAK;oBACPiC,YAAY7C;oBACZY;gBACJ,IAAI;YACR;QAEJ;IACJ,CAAA,EAAE"}
1
+ {"version":3,"sources":["../src/strategy.ts"],"sourcesContent":["import {ZitadelIdToken, ZitadelStrategyType} from './types.js'\nimport jwt from 'jsonwebtoken'\nimport {cookies} from 'next/headers.js'\nimport {COOKIES} from './constants.js'\n\nexport const zitadelStrategy: ZitadelStrategyType = ({\n authSlug,\n fieldsConfig,\n strategyName,\n issuerURL,\n enableAPI,\n apiClientId,\n apiKeyId,\n apiKey\n }) => ({\n name: strategyName,\n authenticate: async ({headers, payload}) => {\n\n let id, idp_id, id_token\n\n const cookieStore = cookies()\n\n if (enableAPI) {\n // in case of incoming API call from the app\n const authHeader = headers.get('Authorization')\n if (authHeader?.includes('Bearer')) {\n const introspect = await fetch(`${issuerURL}/oauth/v2/introspect`, {\n method: 'post',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded'\n },\n body: new URLSearchParams({\n 'client_assertion_type': 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',\n 'client_assertion': jwt.sign({}, apiKey, {\n algorithm: 'RS256',\n audience: issuerURL,\n expiresIn: '1h',\n issuer: apiClientId,\n keyid: apiKeyId,\n subject: apiClientId\n }),\n 'token': authHeader.split(' ')[1]\n })\n })\n if (introspect.ok) {\n const data = await introspect.json()\n if (data?.active) {\n idp_id = data.sub\n }\n }\n }\n }\n\n // in case of normal browsing\n if (!idp_id && cookieStore.has(COOKIES.idToken)) {\n id_token = jwt.verify(cookieStore.get(COOKIES.idToken)?.value ?? '', payload.secret) as ZitadelIdToken\n idp_id = id_token.sub\n }\n\n // search for associated user; if not found, create one\n if (idp_id) {\n const {docs, totalDocs} = await payload.find({\n collection: authSlug,\n where: {\n [fieldsConfig.id.name]: {\n equals: idp_id\n }\n }\n })\n id = totalDocs ? docs[0].id : (await payload.create({\n collection: authSlug,\n data: {\n [fieldsConfig.id.name]: idp_id\n }\n })).id\n }\n\n // update user information if possible\n if (id && id_token) {\n await payload.update({\n collection: authSlug,\n id,\n data: {\n [fieldsConfig.name.name]: id_token.name,\n [fieldsConfig.email.name]: id_token.email,\n [fieldsConfig.image.name]: id_token.picture,\n [fieldsConfig.roles.name]: Object.keys(id_token['urn:zitadel:iam:org:project:roles'] ?? {})\n .map(key => ({[fieldsConfig.roleFields.name.name]: key}))\n }\n })\n }\n\n return {\n user: id ? {\n collection: authSlug,\n id\n } : null\n }\n\n }\n})"],"names":["jwt","cookies","COOKIES","zitadelStrategy","authSlug","fieldsConfig","strategyName","issuerURL","enableAPI","apiClientId","apiKeyId","apiKey","name","authenticate","headers","payload","id","idp_id","id_token","cookieStore","authHeader","get","includes","introspect","fetch","method","body","URLSearchParams","sign","algorithm","audience","expiresIn","issuer","keyid","subject","split","ok","data","json","active","sub","has","idToken","verify","value","secret","docs","totalDocs","find","collection","where","equals","create","update","email","image","picture","roles","Object","keys","map","key","roleFields","user"],"mappings":"AACA,OAAOA,SAAS,eAAc;AAC9B,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,QAAO,iBAAgB;AAEtC,OAAO,MAAMC,kBAAuC,CAAC,EACIC,QAAQ,EACRC,YAAY,EACZC,YAAY,EACZC,SAAS,EACTC,SAAS,EACTC,WAAW,EACXC,QAAQ,EACRC,MAAM,EACT,GAAM,CAAA;QACxDC,MAAMN;QACNO,cAAc,OAAO,EAACC,OAAO,EAAEC,OAAO,EAAC;YAEnC,IAAIC,IAAIC,QAAQC;YAEhB,MAAMC,cAAclB;YAEpB,IAAIO,WAAW;gBACX,4CAA4C;gBAC5C,MAAMY,aAAaN,QAAQO,GAAG,CAAC;gBAC/B,IAAID,YAAYE,SAAS,WAAW;oBAChC,MAAMC,aAAa,MAAMC,MAAM,CAAC,EAAEjB,UAAU,oBAAoB,CAAC,EAAE;wBAC/DkB,QAAQ;wBACRX,SAAS;4BACL,gBAAgB;wBACpB;wBACAY,MAAM,IAAIC,gBAAgB;4BACtB,yBAAyB;4BACzB,oBAAoB3B,IAAI4B,IAAI,CAAC,CAAC,GAAGjB,QAAQ;gCACrCkB,WAAW;gCACXC,UAAUvB;gCACVwB,WAAW;gCACXC,QAAQvB;gCACRwB,OAAOvB;gCACPwB,SAASzB;4BACb;4BACA,SAASW,WAAWe,KAAK,CAAC,IAAI,CAAC,EAAE;wBACrC;oBACJ;oBACA,IAAIZ,WAAWa,EAAE,EAAE;wBACf,MAAMC,OAAO,MAAMd,WAAWe,IAAI;wBAClC,IAAID,MAAME,QAAQ;4BACdtB,SAASoB,KAAKG,GAAG;wBACrB;oBACJ;gBACJ;YACJ;YAEA,6BAA6B;YAC7B,IAAI,CAACvB,UAAUE,YAAYsB,GAAG,CAACvC,QAAQwC,OAAO,GAAG;gBAC7CxB,WAAWlB,IAAI2C,MAAM,CAACxB,YAAYE,GAAG,CAACnB,QAAQwC,OAAO,GAAGE,SAAS,IAAI7B,QAAQ8B,MAAM;gBACnF5B,SAASC,SAASsB,GAAG;YACzB;YAEA,uDAAuD;YACvD,IAAIvB,QAAQ;gBACR,MAAM,EAAC6B,IAAI,EAAEC,SAAS,EAAC,GAAG,MAAMhC,QAAQiC,IAAI,CAAC;oBACzCC,YAAY7C;oBACZ8C,OAAO;wBACH,CAAC7C,aAAaW,EAAE,CAACJ,IAAI,CAAC,EAAE;4BACpBuC,QAAQlC;wBACZ;oBACJ;gBACJ;gBACAD,KAAK+B,YAAYD,IAAI,CAAC,EAAE,CAAC9B,EAAE,GAAG,AAAC,CAAA,MAAMD,QAAQqC,MAAM,CAAC;oBAChDH,YAAY7C;oBACZiC,MAAM;wBACF,CAAChC,aAAaW,EAAE,CAACJ,IAAI,CAAC,EAAEK;oBAC5B;gBACJ,EAAC,EAAGD,EAAE;YACV;YAEA,sCAAsC;YACtC,IAAIA,MAAME,UAAU;gBAChB,MAAMH,QAAQsC,MAAM,CAAC;oBACjBJ,YAAY7C;oBACZY;oBACAqB,MAAM;wBACF,CAAChC,aAAaO,IAAI,CAACA,IAAI,CAAC,EAAEM,SAASN,IAAI;wBACvC,CAACP,aAAaiD,KAAK,CAAC1C,IAAI,CAAC,EAAEM,SAASoC,KAAK;wBACzC,CAACjD,aAAakD,KAAK,CAAC3C,IAAI,CAAC,EAAEM,SAASsC,OAAO;wBAC3C,CAACnD,aAAaoD,KAAK,CAAC7C,IAAI,CAAC,EAAE8C,OAAOC,IAAI,CAACzC,QAAQ,CAAC,oCAAoC,IAAI,CAAC,GACpF0C,GAAG,CAACC,CAAAA,MAAQ,CAAA;gCAAC,CAACxD,aAAayD,UAAU,CAAClD,IAAI,CAACA,IAAI,CAAC,EAAEiD;4BAAG,CAAA;oBAC9D;gBACJ;YACJ;YAEA,OAAO;gBACHE,MAAM/C,KAAK;oBACPiC,YAAY7C;oBACZY;gBACJ,IAAI;YACR;QAEJ;IACJ,CAAA,EAAE"}
package/dist/types.d.ts CHANGED
@@ -2,7 +2,28 @@ import { AuthStrategy, Config, SanitizedConfig, ServerProps, TypedUser } from 'p
2
2
  import { NextResponse } from 'next/server.js';
3
3
  import { translations } from './translations.js';
4
4
  import { I18nClient, NestedKeysStripped } from '@payloadcms/translations';
5
+ export type ZitadelFieldConfig = {
6
+ hidden?: boolean;
7
+ name: string;
8
+ label: string | Record<string, string>;
9
+ };
10
+ export type ZitadelFieldsConfig = {
11
+ id: ZitadelFieldConfig;
12
+ name: ZitadelFieldConfig;
13
+ email: ZitadelFieldConfig;
14
+ image: ZitadelFieldConfig;
15
+ roles: ZitadelFieldConfig & {
16
+ labels: {
17
+ singular: string | Record<string, string>;
18
+ plural: string | Record<string, string>;
19
+ };
20
+ };
21
+ roleFields: {
22
+ name: ZitadelFieldConfig;
23
+ };
24
+ };
5
25
  export type ZitadelPluginProps = Partial<{
26
+ fieldsConfig: Partial<ZitadelFieldsConfig>;
6
27
  disableAvatar: true;
7
28
  disableDefaultLoginButton: true;
8
29
  defaultLoginButtonTitle: string;
@@ -20,18 +41,19 @@ export type ZitadelStrategyProps = {
20
41
  strategyName: string;
21
42
  issuerURL: string;
22
43
  clientId: string;
23
- } & {
24
44
  authSlug: string;
25
- associatedIdFieldName: string;
26
45
  } & (ZitadelAPIProps | {
27
46
  enableAPI?: undefined;
28
47
  } & Partial<ZitadelAPIProps>);
29
- export type ZitadelStrategyType = (props: ZitadelStrategyProps) => AuthStrategy;
48
+ export type ZitadelStrategyType = (props: ZitadelStrategyProps & {
49
+ fieldsConfig: ZitadelFieldsConfig;
50
+ }) => AuthStrategy;
30
51
  export type ZitadelIdToken = Partial<{
31
52
  sub: string;
32
53
  name: string;
33
54
  email: string;
34
55
  picture: string;
56
+ 'urn:zitadel:iam:org:project:roles'?: Record<string, Record<string, string>>;
35
57
  }>;
36
58
  export type ZitadelUser = TypedUser & Partial<{
37
59
  email: string | null;
package/dist/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAE,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,EAAC,MAAM,SAAS,CAAA;AACrF,OAAO,EAAC,YAAY,EAAC,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAC,YAAY,EAAC,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAC,UAAU,EAAE,kBAAkB,EAAC,MAAM,0BAA0B,CAAA;AAEvE,MAAM,MAAM,kBAAkB,GAAG,OAAO,CAAC;IACrC,aAAa,EAAE,IAAI,CAAA;IACnB,yBAAyB,EAAE,IAAI,CAAA;IAC/B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,gBAAgB,CAAA;CAC9B,CAAC,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAA;AAElC,MAAM,MAAM,iBAAiB,GAAG,CAAC,KAAK,EAAE,kBAAkB,KAAK,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAA;AAEzF,MAAM,MAAM,eAAe,GAAG;IAC1B,SAAS,EAAE,IAAI,CAAA;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAA;CACnB,GAAG;IACA,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,EAAE,MAAM,CAAC;CACjC,GAAG,CAAC,eAAe,GAAG;IACnB,SAAS,CAAC,EAAE,SAAS,CAAA;CACxB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAA;AAE7B,MAAM,MAAM,mBAAmB,GAAG,CAAC,KAAK,EAAE,oBAAoB,KAAK,YAAY,CAAA;AAE/E,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAA;CAClB,CAAC,CAAA;AAEF,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,OAAO,CAAC;IAC1C,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG;IAChD,IAAI,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,EAAE,kBAAkB,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IACrF,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG,CAAC,KAAK,EAAE,eAAe,KAAK,YAAY,CAAA;AAEvE,MAAM,MAAM,wBAAwB,GAAG,CAAC,MAAM,GAAG,eAAe,CAAC,GAAG;IAChE,KAAK,EAAE;QACH,MAAM,EAAE;YACJ,OAAO,EAAE;gBACL,SAAS,EAAE,MAAM,CAAA;gBACjB,QAAQ,EAAE,MAAM,CAAA;gBAChB,WAAW,EAAE,MAAM,CAAA;aACtB,CAAA;SACJ,CAAA;KACJ,CAAA;CACJ,CAAA"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAE,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,EAAC,MAAM,SAAS,CAAA;AACrF,OAAO,EAAC,YAAY,EAAC,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAC,YAAY,EAAC,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAC,UAAU,EAAE,kBAAkB,EAAC,MAAM,0BAA0B,CAAA;AAEvE,MAAM,MAAM,kBAAkB,GAAG;IAC7B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC1C,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,EAAE,EAAE,kBAAkB,CAAC;IACvB,IAAI,EAAE,kBAAkB,CAAA;IACxB,KAAK,EAAE,kBAAkB,CAAC;IAC1B,KAAK,EAAE,kBAAkB,CAAC;IAC1B,KAAK,EAAE,kBAAkB,GAAG;QACxB,MAAM,EAAE;YACJ,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC1C,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;SAC1C,CAAA;KACJ,CAAA;IACD,UAAU,EAAE;QACR,IAAI,EAAE,kBAAkB,CAAA;KAC3B,CAAA;CACJ,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG,OAAO,CAAC;IACrC,YAAY,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC3C,aAAa,EAAE,IAAI,CAAA;IACnB,yBAAyB,EAAE,IAAI,CAAA;IAC/B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,gBAAgB,CAAA;CAC9B,CAAC,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAA;AAElC,MAAM,MAAM,iBAAiB,GAAG,CAAC,KAAK,EAAE,kBAAkB,KAAK,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAA;AAEzF,MAAM,MAAM,eAAe,GAAG;IAC1B,SAAS,EAAE,IAAI,CAAA;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;CACnB,GAAG,CAAC,eAAe,GAAG;IACnB,SAAS,CAAC,EAAE,SAAS,CAAA;CACxB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAA;AAE7B,MAAM,MAAM,mBAAmB,GAAG,CAAC,KAAK,EAAE,oBAAoB,GAAG;IAC7D,YAAY,EAAE,mBAAmB,CAAA;CACpC,KAAK,YAAY,CAAA;AAElB,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAC/E,CAAC,CAAA;AAEF,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,OAAO,CAAC;IAC1C,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG;IAChD,IAAI,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,EAAE,kBAAkB,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IACrF,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG,CAAC,KAAK,EAAE,eAAe,KAAK,YAAY,CAAA;AAEvE,MAAM,MAAM,wBAAwB,GAAG,CAAC,MAAM,GAAG,eAAe,CAAC,GAAG;IAChE,KAAK,EAAE;QACH,MAAM,EAAE;YACJ,OAAO,EAAE;gBACL,SAAS,EAAE,MAAM,CAAA;gBACjB,QAAQ,EAAE,MAAM,CAAA;gBAChB,WAAW,EAAE,MAAM,CAAA;aACtB,CAAA;SACJ,CAAA;KACJ,CAAA;CACJ,CAAA"}
package/dist/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/types.ts"],"sourcesContent":["import {AuthStrategy, Config, SanitizedConfig, ServerProps, TypedUser} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {translations} from './translations.js'\nimport {I18nClient, NestedKeysStripped} from '@payloadcms/translations'\n\nexport type ZitadelPluginProps = Partial<{\n disableAvatar: true\n disableDefaultLoginButton: true\n defaultLoginButtonTitle: string\n label: string\n onSuccess: ZitadelOnSuccess\n}> & Partial<ZitadelStrategyProps>\n\nexport type ZitadelPluginType = (props: ZitadelPluginProps) => (config: Config) => Config\n\nexport type ZitadelAPIProps = {\n enableAPI: true\n apiClientId: string,\n apiKeyId: string,\n apiKey: string\n}\n\nexport type ZitadelStrategyProps = {\n strategyName: string,\n issuerURL: string,\n clientId: string\n} & {\n authSlug: string,\n associatedIdFieldName: string,\n} & (ZitadelAPIProps | {\n enableAPI?: undefined\n} & Partial<ZitadelAPIProps>)\n\nexport type ZitadelStrategyType = (props: ZitadelStrategyProps) => AuthStrategy\n\nexport type ZitadelIdToken = Partial<{\n sub: string,\n name: string,\n email: string,\n picture: string\n}>\n\nexport type ZitadelUser = TypedUser & Partial<{\n email: string | null,\n name: string | null,\n image: string | null,\n}>\n\nexport type ZitadelLoginButtonProps = ServerProps & {\n i18n: I18nClient<typeof translations.en, NestedKeysStripped<typeof translations.en>>,\n authorizeURL: string,\n label: string\n}\n\nexport type ZitadelOnSuccess = (state: URLSearchParams) => NextResponse\n\nexport type PayloadConfigWithZitadel = (Config | SanitizedConfig) & {\n admin: {\n custom: {\n zitadel: {\n issuerURL: string\n clientId: string\n callbackURL: string\n }\n }\n }\n}"],"names":[],"mappings":"AAwDA,WAUC"}
1
+ {"version":3,"sources":["../src/types.ts"],"sourcesContent":["import {AuthStrategy, Config, SanitizedConfig, ServerProps, TypedUser} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {translations} from './translations.js'\nimport {I18nClient, NestedKeysStripped} from '@payloadcms/translations'\n\nexport type ZitadelFieldConfig = {\n hidden?: boolean,\n name: string,\n label: string | Record<string, string>,\n}\n\nexport type ZitadelFieldsConfig = {\n id: ZitadelFieldConfig,\n name: ZitadelFieldConfig\n email: ZitadelFieldConfig,\n image: ZitadelFieldConfig,\n roles: ZitadelFieldConfig & {\n labels: {\n singular: string | Record<string, string>,\n plural: string | Record<string, string>\n }\n }\n roleFields: {\n name: ZitadelFieldConfig\n }\n}\n\nexport type ZitadelPluginProps = Partial<{\n fieldsConfig: Partial<ZitadelFieldsConfig>,\n disableAvatar: true\n disableDefaultLoginButton: true\n defaultLoginButtonTitle: string\n label: string\n onSuccess: ZitadelOnSuccess\n}> & Partial<ZitadelStrategyProps>\n\nexport type ZitadelPluginType = (props: ZitadelPluginProps) => (config: Config) => Config\n\nexport type ZitadelAPIProps = {\n enableAPI: true\n apiClientId: string,\n apiKeyId: string,\n apiKey: string\n}\n\nexport type ZitadelStrategyProps = {\n strategyName: string,\n issuerURL: string,\n clientId: string\n authSlug: string\n} & (ZitadelAPIProps | {\n enableAPI?: undefined\n} & Partial<ZitadelAPIProps>)\n\nexport type ZitadelStrategyType = (props: ZitadelStrategyProps & {\n fieldsConfig: ZitadelFieldsConfig\n}) => AuthStrategy\n\nexport type ZitadelIdToken = Partial<{\n sub: string,\n name: string,\n email: string,\n picture: string,\n 'urn:zitadel:iam:org:project:roles'?: Record<string, Record<string, string>>\n}>\n\nexport type ZitadelUser = TypedUser & Partial<{\n email: string | null,\n name: string | null,\n image: string | null,\n}>\n\nexport type ZitadelLoginButtonProps = ServerProps & {\n i18n: I18nClient<typeof translations.en, NestedKeysStripped<typeof translations.en>>,\n authorizeURL: string,\n label: string\n}\n\nexport type ZitadelOnSuccess = (state: URLSearchParams) => NextResponse\n\nexport type PayloadConfigWithZitadel = (Config | SanitizedConfig) & {\n admin: {\n custom: {\n zitadel: {\n issuerURL: string\n clientId: string\n callbackURL: string\n }\n }\n }\n}"],"names":[],"mappings":"AAgFA,WAUC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "payload-zitadel-plugin",
3
- "version": "0.2.28",
3
+ "version": "0.2.30",
4
4
  "description": "plugin for Payload CMS, which enables authentication via Zitadel IdP",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -36,27 +36,27 @@
36
36
  "dist"
37
37
  ],
38
38
  "dependencies": {
39
- "@payloadcms/next": "3.0.0-beta.106",
40
- "@payloadcms/translations": "3.0.0-beta.106",
41
- "@payloadcms/ui": "3.0.0-beta.106",
39
+ "@payloadcms/next": "3.0.0-beta.108",
40
+ "@payloadcms/translations": "3.0.0-beta.108",
41
+ "@payloadcms/ui": "3.0.0-beta.108",
42
42
  "jsonwebtoken": "^9.0.2",
43
- "next": "15.0.0-canary.156",
44
- "payload": "3.0.0-beta.106",
45
- "react": "19.0.0-rc-206df66e-20240912",
46
- "react-dom": "19.0.0-rc-206df66e-20240912"
43
+ "next": "15.0.0-canary.161",
44
+ "payload": "3.0.0-beta.108",
45
+ "react": "19.0.0-rc-e4953922-20240919",
46
+ "react-dom": "19.0.0-rc-e4953922-20240919"
47
47
  },
48
48
  "devDependencies": {
49
- "@swc/cli": "^0.4.0",
50
- "@swc/core": "^1.7.26",
51
- "@types/jsonwebtoken": "^9.0.6",
49
+ "@swc/cli": "^0.4.1-nightly.20240914",
50
+ "@swc/core": "^1.7.27-nightly-20240911.1",
51
+ "@types/jsonwebtoken": "^9.0.7",
52
52
  "@types/node": "^22.5.5",
53
- "@types/react": "^18.3.5",
53
+ "@types/react": "^18.3.8",
54
54
  "@types/react-dom": "^18.3.0",
55
55
  "rimraf": "^6.0.1",
56
- "typescript": "5.7.0-dev.20240915"
56
+ "typescript": "5.7.0-dev.20240921"
57
57
  },
58
58
  "engines": {
59
- "node": "^22.8.0"
59
+ "node": "^22.9.0"
60
60
  },
61
61
  "exports": {
62
62
  ".": {