payload-zitadel-plugin 0.2.30 → 0.2.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/components/Avatar.d.ts.map +1 -1
- package/dist/components/Avatar.js +2 -3
- package/dist/components/Avatar.js.map +1 -1
- package/dist/handlers/authorize.d.ts.map +1 -1
- package/dist/handlers/authorize.js +2 -1
- package/dist/handlers/authorize.js.map +1 -1
- package/dist/handlers/callback.js +1 -1
- package/dist/handlers/callback.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/strategy.js +1 -1
- package/dist/strategy.js.map +1 -1
- package/package.json +12 -12
package/README.md
CHANGED
|
@@ -5,14 +5,14 @@
|
|
|
5
5
|
plugin for [Payload CMS](https://payloadcms.com), which enables authentication via Zitadel IdP.
|
|
6
6
|
|
|
7
7
|
The default use case is to fully replace PayloadCMS Auth with Zitadel.
|
|
8
|
-
Thus the user collection in PayloadCMS becomes just a shadow of the information in Zitadel.
|
|
8
|
+
Thus, the user collection in PayloadCMS becomes just a shadow of the information in Zitadel.
|
|
9
9
|
|
|
10
10
|
:boom: :boom: :boom: works :100: with PayloadCMS version :three: :boom: :boom: :boom:
|
|
11
11
|
|
|
12
12
|
## Install
|
|
13
13
|
|
|
14
14
|
```shell
|
|
15
|
-
pnpm add payload-zitadel-plugin@0.2.
|
|
15
|
+
pnpm add payload-zitadel-plugin@0.2.32
|
|
16
16
|
```
|
|
17
17
|
|
|
18
18
|
## Configuration
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Avatar.d.ts","sourceRoot":"","sources":["../../src/components/Avatar.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAA;AAK9B,eAAO,MAAM,MAAM,eAAc;IAAE,MAAM,EAAE,OAAO,CAAA;CAAE,
|
|
1
|
+
{"version":3,"file":"Avatar.d.ts","sourceRoot":"","sources":["../../src/components/Avatar.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAA;AAK9B,eAAO,MAAM,MAAM,eAAc;IAAE,MAAM,EAAE,OAAO,CAAA;CAAE,sBAgBnD,CAAA"}
|
|
@@ -1,10 +1,9 @@
|
|
|
1
1
|
'use client';
|
|
2
2
|
import * as React from 'react';
|
|
3
3
|
import { DefaultAccountIcon } from '@payloadcms/ui/graphics/Account/Default';
|
|
4
|
-
import {
|
|
4
|
+
import { useAuth } from '@payloadcms/ui';
|
|
5
5
|
export const Avatar = ({ active })=>{
|
|
6
|
-
const {
|
|
7
|
-
const { user } = data;
|
|
6
|
+
const { user } = useAuth();
|
|
8
7
|
return user?.image ? /*#__PURE__*/ React.createElement(React.Fragment, null, /*#__PURE__*/ React.createElement("style", null, 'zitadel-avatar:hover { filter: brightness(1.2); }'), /*#__PURE__*/ React.createElement("img", {
|
|
9
8
|
className: "zitadel-avatar",
|
|
10
9
|
src: user.image,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/components/Avatar.tsx"],"sourcesContent":["'use client'\n\nimport * as React from 'react'\nimport {DefaultAccountIcon} from '@payloadcms/ui/graphics/Account/Default'\nimport {
|
|
1
|
+
{"version":3,"sources":["../../src/components/Avatar.tsx"],"sourcesContent":["'use client'\n\nimport * as React from 'react'\nimport {DefaultAccountIcon} from '@payloadcms/ui/graphics/Account/Default'\nimport {useAuth} from '@payloadcms/ui'\nimport {ZitadelUser} from '../types.js'\n\nexport const Avatar = ({active}: { active: boolean }) => {\n\n const {user} = useAuth<ZitadelUser>()\n\n return (\n user?.image ?\n <>\n <style>{'zitadel-avatar:hover { filter: brightness(1.2); }'}</style>\n <img className=\"zitadel-avatar\" src={user.image} height={25} width={25} alt=\"Profile Picture\" style={{\n borderRadius: '100%',\n ...(active ? {filter: 'brightness(.8)'} : {})\n }}/>\n </> :\n <DefaultAccountIcon active={active}/>\n )\n\n}\n"],"names":["React","DefaultAccountIcon","useAuth","Avatar","active","user","image","style","img","className","src","height","width","alt","borderRadius","filter"],"mappings":"AAAA;AAEA,YAAYA,WAAW,QAAO;AAC9B,SAAQC,kBAAkB,QAAO,0CAAyC;AAC1E,SAAQC,OAAO,QAAO,iBAAgB;AAGtC,OAAO,MAAMC,SAAS,CAAC,EAACC,MAAM,EAAsB;IAEhD,MAAM,EAACC,IAAI,EAAC,GAAGH;IAEf,OACIG,MAAMC,sBACF,wDACI,oBAACC,eAAO,oEACR,oBAACC;QAAIC,WAAU;QAAiBC,KAAKL,KAAKC,KAAK;QAAEK,QAAQ;QAAIC,OAAO;QAAIC,KAAI;QAAkBN,OAAO;YACjGO,cAAc;YACd,GAAIV,SAAS;gBAACW,QAAQ;YAAgB,IAAI,CAAC,CAAC;QAChD;wBAEJ,oBAACd;QAAmBG,QAAQA;;AAGxC,EAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorize.d.ts","sourceRoot":"","sources":["../../src/handlers/authorize.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAMtC,eAAO,MAAM,SAAS,EAAE,
|
|
1
|
+
{"version":3,"file":"authorize.d.ts","sourceRoot":"","sources":["../../src/handlers/authorize.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAMtC,eAAO,MAAM,SAAS,EAAE,cA8BvB,CAAA"}
|
|
@@ -7,7 +7,8 @@ export const authorize = async ({ searchParams, payload: { config } })=>{
|
|
|
7
7
|
const { admin: { custom: { zitadel: { issuerURL, clientId, callbackURL } } } } = config;
|
|
8
8
|
const code_verifier = Buffer.from(crypto.getRandomValues(new Uint8Array(24))).toString('base64url');
|
|
9
9
|
const code_challenge = Buffer.from(await crypto.subtle.digest('SHA-256', new TextEncoder().encode(code_verifier))).toString('base64url');
|
|
10
|
-
cookies()
|
|
10
|
+
const cookieStore = await cookies();
|
|
11
|
+
cookieStore.set({
|
|
11
12
|
name: COOKIES.pkce,
|
|
12
13
|
value: code_verifier,
|
|
13
14
|
httpOnly: true,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/handlers/authorize.ts"],"sourcesContent":["'use server'\n\nimport process from 'node:process'\nimport {PayloadHandler} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {PayloadConfigWithZitadel} from '../types.js'\nimport {COOKIES} from '../constants.js'\nimport {cookies} from 'next/headers.js'\n\nexport const authorize: PayloadHandler = async ({searchParams, payload: {config}}) => {\n\n const {admin: {custom: {zitadel: {issuerURL, clientId, callbackURL}}}} = config as PayloadConfigWithZitadel\n\n const code_verifier = Buffer.from(crypto.getRandomValues(new Uint8Array(24))).toString('base64url')\n\n const code_challenge = Buffer.from(await crypto.subtle.digest('SHA-256', new TextEncoder().encode(code_verifier))).toString('base64url')\n\n cookies().set({\n name: COOKIES.pkce,\n value: code_verifier,\n httpOnly: true,\n sameSite: 'lax',\n path: '/',\n maxAge: 300,\n secure: process.env.NODE_ENV == 'production'\n })\n\n return NextResponse.redirect(`${issuerURL}/oauth/v2/authorize?${new URLSearchParams({\n client_id: clientId,\n redirect_uri: callbackURL,\n response_type: 'code',\n scope: 'openid email profile',\n state: btoa(searchParams.toString()),\n code_challenge,\n code_challenge_method: 'S256'\n })}`)\n\n}\n"],"names":["process","NextResponse","COOKIES","cookies","authorize","searchParams","payload","config","admin","custom","zitadel","issuerURL","clientId","callbackURL","code_verifier","Buffer","from","crypto","getRandomValues","Uint8Array","toString","code_challenge","subtle","digest","TextEncoder","encode","set","name","pkce","value","httpOnly","sameSite","path","maxAge","secure","env","NODE_ENV","redirect","URLSearchParams","client_id","redirect_uri","response_type","scope","state","btoa","code_challenge_method"],"mappings":"AAAA;AAEA,OAAOA,aAAa,eAAc;AAElC,SAAQC,YAAY,QAAO,iBAAgB;AAE3C,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,QAAO,kBAAiB;AAEvC,OAAO,MAAMC,YAA4B,OAAO,EAACC,YAAY,EAAEC,SAAS,EAACC,MAAM,EAAC,EAAC;IAE7E,MAAM,EAACC,OAAO,EAACC,QAAQ,EAACC,SAAS,EAACC,SAAS,EAAEC,QAAQ,EAAEC,WAAW,EAAC,EAAC,EAAC,EAAC,GAAGN;IAEzE,MAAMO,gBAAgBC,OAAOC,IAAI,CAACC,OAAOC,eAAe,CAAC,IAAIC,WAAW,MAAMC,QAAQ,CAAC;IAEvF,MAAMC,iBAAiBN,OAAOC,IAAI,CAAC,MAAMC,OAAOK,MAAM,CAACC,MAAM,CAAC,WAAW,IAAIC,cAAcC,MAAM,CAACX,iBAAiBM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"sources":["../../src/handlers/authorize.ts"],"sourcesContent":["'use server'\n\nimport process from 'node:process'\nimport {PayloadHandler} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {PayloadConfigWithZitadel} from '../types.js'\nimport {COOKIES} from '../constants.js'\nimport {cookies} from 'next/headers.js'\n\nexport const authorize: PayloadHandler = async ({searchParams, payload: {config}}) => {\n\n const {admin: {custom: {zitadel: {issuerURL, clientId, callbackURL}}}} = config as PayloadConfigWithZitadel\n\n const code_verifier = Buffer.from(crypto.getRandomValues(new Uint8Array(24))).toString('base64url')\n\n const code_challenge = Buffer.from(await crypto.subtle.digest('SHA-256', new TextEncoder().encode(code_verifier))).toString('base64url')\n\n const cookieStore = await cookies()\n\n cookieStore.set({\n name: COOKIES.pkce,\n value: code_verifier,\n httpOnly: true,\n sameSite: 'lax',\n path: '/',\n maxAge: 300,\n secure: process.env.NODE_ENV == 'production'\n })\n\n return NextResponse.redirect(`${issuerURL}/oauth/v2/authorize?${new URLSearchParams({\n client_id: clientId,\n redirect_uri: callbackURL,\n response_type: 'code',\n scope: 'openid email profile',\n state: btoa(searchParams.toString()),\n code_challenge,\n code_challenge_method: 'S256'\n })}`)\n\n}\n"],"names":["process","NextResponse","COOKIES","cookies","authorize","searchParams","payload","config","admin","custom","zitadel","issuerURL","clientId","callbackURL","code_verifier","Buffer","from","crypto","getRandomValues","Uint8Array","toString","code_challenge","subtle","digest","TextEncoder","encode","cookieStore","set","name","pkce","value","httpOnly","sameSite","path","maxAge","secure","env","NODE_ENV","redirect","URLSearchParams","client_id","redirect_uri","response_type","scope","state","btoa","code_challenge_method"],"mappings":"AAAA;AAEA,OAAOA,aAAa,eAAc;AAElC,SAAQC,YAAY,QAAO,iBAAgB;AAE3C,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,QAAO,kBAAiB;AAEvC,OAAO,MAAMC,YAA4B,OAAO,EAACC,YAAY,EAAEC,SAAS,EAACC,MAAM,EAAC,EAAC;IAE7E,MAAM,EAACC,OAAO,EAACC,QAAQ,EAACC,SAAS,EAACC,SAAS,EAAEC,QAAQ,EAAEC,WAAW,EAAC,EAAC,EAAC,EAAC,GAAGN;IAEzE,MAAMO,gBAAgBC,OAAOC,IAAI,CAACC,OAAOC,eAAe,CAAC,IAAIC,WAAW,MAAMC,QAAQ,CAAC;IAEvF,MAAMC,iBAAiBN,OAAOC,IAAI,CAAC,MAAMC,OAAOK,MAAM,CAACC,MAAM,CAAC,WAAW,IAAIC,cAAcC,MAAM,CAACX,iBAAiBM,QAAQ,CAAC;IAE5H,MAAMM,cAAc,MAAMvB;IAE1BuB,YAAYC,GAAG,CAAC;QACZC,MAAM1B,QAAQ2B,IAAI;QAClBC,OAAOhB;QACPiB,UAAU;QACVC,UAAU;QACVC,MAAM;QACNC,QAAQ;QACRC,QAAQnC,QAAQoC,GAAG,CAACC,QAAQ,IAAI;IACpC;IAEA,OAAOpC,aAAaqC,QAAQ,CAAC,GAAG3B,UAAU,oBAAoB,EAAE,IAAI4B,gBAAgB;QAChFC,WAAW5B;QACX6B,cAAc5B;QACd6B,eAAe;QACfC,OAAO;QACPC,OAAOC,KAAKxC,aAAae,QAAQ;QACjCC;QACAyB,uBAAuB;IAC3B,IAAI;AAER,EAAC"}
|
|
@@ -4,7 +4,7 @@ import jwt from 'jsonwebtoken';
|
|
|
4
4
|
import { COOKIES } from '../constants.js';
|
|
5
5
|
export const callback = (onSuccess)=>async ({ payload: { config, secret }, query: { code, state } })=>{
|
|
6
6
|
const { admin: { custom: { zitadel: { issuerURL, clientId, callbackURL } } } } = config;
|
|
7
|
-
const cookieStore = cookies();
|
|
7
|
+
const cookieStore = await cookies();
|
|
8
8
|
const code_verifier = cookieStore.get(COOKIES.pkce)?.value;
|
|
9
9
|
if (code_verifier) {
|
|
10
10
|
const response = await fetch(new URL(`${issuerURL}/oauth/v2/token`), {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {cookies} from 'next/headers.js'\nimport process from 'node:process'\nimport jwt from 'jsonwebtoken'\nimport {PayloadConfigWithZitadel, ZitadelIdToken, ZitadelOnSuccess} from '../types.js'\nimport {COOKIES} from '../constants.js'\n\nexport const callback = (onSuccess: ZitadelOnSuccess): PayloadHandler => async ({\n payload: {config, secret},\n query: {code, state}\n }) => {\n\n const {admin: {custom: {zitadel: {issuerURL, clientId, callbackURL}}}} = config as PayloadConfigWithZitadel\n\n const cookieStore = cookies()\n\n const code_verifier = cookieStore.get(COOKIES.pkce)?.value\n\n if (code_verifier) {\n\n const response = await fetch(new URL(`${issuerURL}/oauth/v2/token`), {\n method: 'POST',\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code: code as string,\n redirect_uri: callbackURL,\n client_id: clientId,\n code_verifier\n })\n })\n\n if (response.ok) {\n\n const {id_token} = await response.json()\n\n if (id_token) {\n\n console.log(JSON.stringify(jwt.decode(id_token)))\n\n cookieStore.delete(COOKIES.pkce)\n\n cookieStore.set({\n name: COOKIES.idToken,\n value: jwt.sign(jwt.decode(id_token) as ZitadelIdToken, secret),\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n maxAge: 900,\n secure: process.env.NODE_ENV == 'production'\n })\n\n return onSuccess(new URLSearchParams(atob(state as string ?? '')))\n\n }\n\n return Response.json({\n status: 'error',\n message: 'token could not be retrieved from the response'\n })\n\n }\n\n return Response.json({\n status: 'error',\n message: 'error while communicating with token endpoint'\n })\n\n }\n\n return Response.json({\n status: 'error',\n message: 'code verifier not found (associated http-only cookie is empty)'\n })\n\n}"],"names":["cookies","process","jwt","COOKIES","callback","onSuccess","payload","config","secret","query","code","state","admin","custom","zitadel","issuerURL","clientId","callbackURL","cookieStore","code_verifier","get","pkce","value","response","fetch","URL","method","body","URLSearchParams","grant_type","redirect_uri","client_id","ok","id_token","json","console","log","JSON","stringify","decode","delete","set","name","idToken","sign","httpOnly","path","sameSite","maxAge","secure","env","NODE_ENV","atob","Response","status","message"],"mappings":"AACA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,OAAOC,aAAa,eAAc;AAClC,OAAOC,SAAS,eAAc;AAE9B,SAAQC,OAAO,QAAO,kBAAiB;AAEvC,OAAO,MAAMC,WAAW,CAACC,YAAgD,OAAO,EACIC,SAAS,EAACC,MAAM,EAAEC,MAAM,EAAC,EACzBC,OAAO,EAACC,IAAI,EAAEC,KAAK,EAAC,EACvB;QAE7E,MAAM,EAACC,OAAO,EAACC,QAAQ,EAACC,SAAS,EAACC,SAAS,EAAEC,QAAQ,EAAEC,WAAW,EAAC,EAAC,EAAC,EAAC,GAAGV;QAEzE,MAAMW,
|
|
1
|
+
{"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {cookies} from 'next/headers.js'\nimport process from 'node:process'\nimport jwt from 'jsonwebtoken'\nimport {PayloadConfigWithZitadel, ZitadelIdToken, ZitadelOnSuccess} from '../types.js'\nimport {COOKIES} from '../constants.js'\n\nexport const callback = (onSuccess: ZitadelOnSuccess): PayloadHandler => async ({\n payload: {config, secret},\n query: {code, state}\n }) => {\n\n const {admin: {custom: {zitadel: {issuerURL, clientId, callbackURL}}}} = config as PayloadConfigWithZitadel\n\n const cookieStore = await cookies()\n\n const code_verifier = cookieStore.get(COOKIES.pkce)?.value\n\n if (code_verifier) {\n\n const response = await fetch(new URL(`${issuerURL}/oauth/v2/token`), {\n method: 'POST',\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code: code as string,\n redirect_uri: callbackURL,\n client_id: clientId,\n code_verifier\n })\n })\n\n if (response.ok) {\n\n const {id_token} = await response.json()\n\n if (id_token) {\n\n console.log(JSON.stringify(jwt.decode(id_token)))\n\n cookieStore.delete(COOKIES.pkce)\n\n cookieStore.set({\n name: COOKIES.idToken,\n value: jwt.sign(jwt.decode(id_token) as ZitadelIdToken, secret),\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n maxAge: 900,\n secure: process.env.NODE_ENV == 'production'\n })\n\n return onSuccess(new URLSearchParams(atob(state as string ?? '')))\n\n }\n\n return Response.json({\n status: 'error',\n message: 'token could not be retrieved from the response'\n })\n\n }\n\n return Response.json({\n status: 'error',\n message: 'error while communicating with token endpoint'\n })\n\n }\n\n return Response.json({\n status: 'error',\n message: 'code verifier not found (associated http-only cookie is empty)'\n })\n\n}"],"names":["cookies","process","jwt","COOKIES","callback","onSuccess","payload","config","secret","query","code","state","admin","custom","zitadel","issuerURL","clientId","callbackURL","cookieStore","code_verifier","get","pkce","value","response","fetch","URL","method","body","URLSearchParams","grant_type","redirect_uri","client_id","ok","id_token","json","console","log","JSON","stringify","decode","delete","set","name","idToken","sign","httpOnly","path","sameSite","maxAge","secure","env","NODE_ENV","atob","Response","status","message"],"mappings":"AACA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,OAAOC,aAAa,eAAc;AAClC,OAAOC,SAAS,eAAc;AAE9B,SAAQC,OAAO,QAAO,kBAAiB;AAEvC,OAAO,MAAMC,WAAW,CAACC,YAAgD,OAAO,EACIC,SAAS,EAACC,MAAM,EAAEC,MAAM,EAAC,EACzBC,OAAO,EAACC,IAAI,EAAEC,KAAK,EAAC,EACvB;QAE7E,MAAM,EAACC,OAAO,EAACC,QAAQ,EAACC,SAAS,EAACC,SAAS,EAAEC,QAAQ,EAAEC,WAAW,EAAC,EAAC,EAAC,EAAC,GAAGV;QAEzE,MAAMW,cAAc,MAAMlB;QAE1B,MAAMmB,gBAAgBD,YAAYE,GAAG,CAACjB,QAAQkB,IAAI,GAAGC;QAErD,IAAIH,eAAe;YAEf,MAAMI,WAAW,MAAMC,MAAM,IAAIC,IAAI,GAAGV,UAAU,eAAe,CAAC,GAAG;gBACjEW,QAAQ;gBACRC,MAAM,IAAIC,gBAAgB;oBACtBC,YAAY;oBACZnB,MAAMA;oBACNoB,cAAcb;oBACdc,WAAWf;oBACXG;gBACJ;YACJ;YAEA,IAAII,SAASS,EAAE,EAAE;gBAEb,MAAM,EAACC,QAAQ,EAAC,GAAG,MAAMV,SAASW,IAAI;gBAEtC,IAAID,UAAU;oBAEVE,QAAQC,GAAG,CAACC,KAAKC,SAAS,CAACpC,IAAIqC,MAAM,CAACN;oBAEtCf,YAAYsB,MAAM,CAACrC,QAAQkB,IAAI;oBAE/BH,YAAYuB,GAAG,CAAC;wBACZC,MAAMvC,QAAQwC,OAAO;wBACrBrB,OAAOpB,IAAI0C,IAAI,CAAC1C,IAAIqC,MAAM,CAACN,WAA6BzB;wBACxDqC,UAAU;wBACVC,MAAM;wBACNC,UAAU;wBACVC,QAAQ;wBACRC,QAAQhD,QAAQiD,GAAG,CAACC,QAAQ,IAAI;oBACpC;oBAEA,OAAO9C,UAAU,IAAIuB,gBAAgBwB,KAAKzC,SAAmB;gBAEjE;gBAEA,OAAO0C,SAASnB,IAAI,CAAC;oBACjBoB,QAAQ;oBACRC,SAAS;gBACb;YAEJ;YAEA,OAAOF,SAASnB,IAAI,CAAC;gBACjBoB,QAAQ;gBACRC,SAAS;YACb;QAEJ;QAEA,OAAOF,SAASnB,IAAI,CAAC;YACjBoB,QAAQ;YACRC,SAAS;QACb;IAEJ,EAAC"}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAA6C,iBAAiB,EAAC,MAAM,YAAY,CAAA;AAIxF,eAAO,MAAM,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAA6C,iBAAiB,EAAC,MAAM,YAAY,CAAA;AAIxF,eAAO,MAAM,aAAa,EAAE,iBA0L3B,CAAA"}
|
package/dist/index.js
CHANGED
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {COOKIES, DEFAULT_CONFIG, ERROR_MESSAGES, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {PayloadConfigWithZitadel, ZitadelOnSuccess, ZitadelPluginType} from './types.js'\nimport {translations} from './translations.js'\nimport {NextResponse} from 'next/server.js'\n\nexport const ZitadelPlugin: ZitadelPluginType = ({\n fieldsConfig: _fieldsConfig,\n disableAvatar,\n disableDefaultLoginButton,\n strategyName = DEFAULT_CONFIG.strategyName,\n label = DEFAULT_CONFIG.label,\n issuerURL,\n clientId,\n enableAPI,\n apiClientId,\n apiKeyId,\n apiKey,\n onSuccess\n }) => {\n\n if (!issuerURL)\n throw new Error(ERROR_MESSAGES.issuerURL)\n if (!clientId)\n throw new Error(ERROR_MESSAGES.clientId)\n if (enableAPI) {\n if (!apiClientId)\n throw new Error(ERROR_MESSAGES.apiClientId)\n if (!apiKeyId)\n throw new Error(ERROR_MESSAGES.apiKey)\n if (!apiKey)\n throw new Error(ERROR_MESSAGES.apiKey)\n }\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ..._fieldsConfig}\n\n return (incomingConfig) => {\n\n const serverURL = incomingConfig.serverURL ?? 'http://localhost'\n\n const authSlug = incomingConfig.admin?.user ?? 'users'\n\n const authBaseURL = `${serverURL}/api/${authSlug}`\n const authorizeURL = authBaseURL + ROUTES.authorize\n const callbackURL = authBaseURL + ROUTES.callback\n\n const defaultOnSuccess: ZitadelOnSuccess = (state) =>\n NextResponse.redirect(serverURL + (state.get('redirect') ?? ''))\n\n\n return {\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...disableAvatar ? {} : {\n avatar: {\n Component: 'payload-zitadel-plugin/components#Avatar'\n }\n },\n ...disableDefaultLoginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n path: 'payload-zitadel-plugin/components#LoginButton',\n serverProps: {\n authorizeURL,\n label\n }\n }\n ]\n }\n },\n custom: {\n ...incomingConfig.admin?.custom,\n zitadel: {\n issuerURL,\n clientId,\n callbackURL\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == authSlug ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n authSlug,\n fieldsConfig,\n strategyName: strategyName,\n issuerURL: issuerURL as string,\n clientId: clientId as string,\n ...(enableAPI ? {\n enableAPI: true,\n apiClientId: apiClientId!,\n apiKeyId: apiClientId!,\n apiKey: apiKey!\n } : {enableAPI: undefined})\n })\n ]\n },\n hooks: {\n afterLogout: [() => cookies().delete(COOKIES.idToken)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback(onSuccess ?? defaultOnSuccess)\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n } satisfies PayloadConfigWithZitadel\n\n }\n\n}"],"names":["cookies","COOKIES","DEFAULT_CONFIG","ERROR_MESSAGES","ROUTES","authorize","callback","zitadelStrategy","translations","NextResponse","ZitadelPlugin","fieldsConfig","_fieldsConfig","disableAvatar","disableDefaultLoginButton","strategyName","label","issuerURL","clientId","enableAPI","apiClientId","apiKeyId","apiKey","onSuccess","Error","fields","incomingConfig","serverURL","authSlug","admin","user","authBaseURL","authorizeURL","callbackURL","defaultOnSuccess","state","redirect","get","avatar","Component","components","afterLogin","path","serverProps","custom","zitadel","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","undefined","hooks","afterLogout","delete","idToken","endpoints","method","handler","id","type","readOnly","index","unique","required","name","email","image","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,EAAEC,cAAc,EAAEC,cAAc,EAAEC,MAAM,QAAO,iBAAgB;AAC9E,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAE7C,SAAQC,YAAY,QAAO,oBAAmB;AAC9C,SAAQC,YAAY,QAAO,iBAAgB;AAE3C,OAAO,MAAMC,gBAAmC,CAAC,EACIC,cAAcC,aAAa,EAC3BC,aAAa,EACbC,yBAAyB,EACzBC,eAAeb,eAAea,YAAY,EAC1CC,QAAQd,eAAec,KAAK,EAC5BC,SAAS,EACTC,QAAQ,EACRC,SAAS,EACTC,WAAW,EACXC,QAAQ,EACRC,MAAM,EACNC,SAAS,EACZ;IAE9C,IAAI,CAACN,WACD,MAAM,IAAIO,MAAMrB,eAAec,SAAS;IAC5C,IAAI,CAACC,UACD,MAAM,IAAIM,MAAMrB,eAAee,QAAQ;IAC3C,IAAIC,WAAW;QACX,IAAI,CAACC,aACD,MAAM,IAAII,MAAMrB,eAAeiB,WAAW;QAC9C,IAAI,CAACC,UACD,MAAM,IAAIG,MAAMrB,eAAemB,MAAM;QACzC,IAAI,CAACA,QACD,MAAM,IAAIE,MAAMrB,eAAemB,MAAM;IAC7C;IAEA,MAAMX,eAAe;QAAC,GAAGT,eAAeuB,MAAM;QAAE,GAAGb,aAAa;IAAA;IAEhE,OAAO,CAACc;QAEJ,MAAMC,YAAYD,eAAeC,SAAS,IAAI;QAE9C,MAAMC,WAAWF,eAAeG,KAAK,EAAEC,QAAQ;QAE/C,MAAMC,cAAc,CAAC,EAAEJ,UAAU,KAAK,EAAEC,SAAS,CAAC;QAClD,MAAMI,eAAeD,cAAc3B,OAAOC,SAAS;QACnD,MAAM4B,cAAcF,cAAc3B,OAAOE,QAAQ;QAEjD,MAAM4B,mBAAqC,CAACC,QACxC1B,aAAa2B,QAAQ,CAACT,YAAaQ,CAAAA,MAAME,GAAG,CAAC,eAAe,EAAC;QAGjE,OAAO;YACH,GAAGX,cAAc;YACjBG,OAAO;gBACH,GAAGH,eAAeG,KAAK;gBACvB,GAAGhB,gBAAgB,CAAC,IAAI;oBACpByB,QAAQ;wBACJC,WAAW;oBACf;gBACJ,CAAC;gBACD,GAAGzB,4BAA4B,CAAC,IAAI;oBAChC0B,YAAY;wBACR,GAAGd,eAAeG,KAAK,EAAEW,UAAU;wBACnCC,YAAY;+BACLf,eAAeG,KAAK,EAAEW,YAAYC,cAAc,EAAE;4BACrD;gCACIC,MAAM;gCACNC,aAAa;oCACTX;oCACAhB;gCACJ;4BACJ;yBACH;oBACL;gBACJ,CAAC;gBACD4B,QAAQ;oBACJ,GAAGlB,eAAeG,KAAK,EAAEe,MAAM;oBAC/BC,SAAS;wBACL5B;wBACAC;wBACAe;oBACJ;gBACJ;YACJ;YACAa,aAAa,AAACpB,CAAAA,eAAeoB,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAIvB,WAAW;wBAC7BsB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/B9C,gBAAgB;oCACZqB;oCACAjB;oCACAI,cAAcA;oCACdE,WAAWA;oCACXC,UAAUA;oCACV,GAAIC,YAAY;wCACZA,WAAW;wCACXC,aAAaA;wCACbC,UAAUD;wCACVE,QAAQA;oCACZ,IAAI;wCAACH,WAAWmC;oCAAS,CAAC;gCAC9B;6BACH;wBACL;wBACAC,OAAO;4BACHC,aAAa;gCAAC,IAAMxD,UAAUyD,MAAM,CAACxD,QAAQyD,OAAO;6BAAE;wBAC1D;wBACAC,WAAW;4BACP;gCACIjB,MAAMtC,OAAOC,SAAS;gCACtBuD,QAAQ;gCACRC,SAASxD;4BACb;4BACA;gCACIqC,MAAMtC,OAAOE,QAAQ;gCACrBsD,QAAQ;gCACRC,SAASvD,SAASiB,aAAaW;4BACnC;yBACH;wBACDT,QAAQ;+BACDuB,WAAWvB,MAAM;4BACpB;gCACI,GAAGd,aAAamD,EAAE;gCAClBC,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGxD,aAAayD,IAAI;gCACpBL,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGrD,aAAa0D,KAAK;gCACrBN,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGrD,aAAa2D,KAAK;gCACrBP,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGrD,aAAa4D,KAAK;gCACrBR,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;gCACAvC,QAAQ;oCACJ;wCACI,GAAGd,aAAa6D,UAAU,CAACJ,IAAI;wCAC/BL,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAU,MAAM;gBACF,GAAG/C,eAAe+C,IAAI;gBACtBjE,cAAc;oBACV,GAAGkB,eAAe+C,IAAI,EAAEjE,YAAY;oBACpCkE,IAAI;wBACA,GAAGhD,eAAe+C,IAAI,EAAEjE,cAAckE,EAAE;wBACxC,GAAGlE,aAAakE,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAGjD,eAAe+C,IAAI,EAAEjE,cAAcmE,EAAE;wBACxC,GAAGnE,aAAamE,EAAE;oBACtB;gBACJ;YACJ;QACJ;IAEJ;AAEJ,EAAC"}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {COOKIES, DEFAULT_CONFIG, ERROR_MESSAGES, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {PayloadConfigWithZitadel, ZitadelOnSuccess, ZitadelPluginType} from './types.js'\nimport {translations} from './translations.js'\nimport {NextResponse} from 'next/server.js'\n\nexport const ZitadelPlugin: ZitadelPluginType = ({\n fieldsConfig: _fieldsConfig,\n disableAvatar,\n disableDefaultLoginButton,\n strategyName = DEFAULT_CONFIG.strategyName,\n label = DEFAULT_CONFIG.label,\n issuerURL,\n clientId,\n enableAPI,\n apiClientId,\n apiKeyId,\n apiKey,\n onSuccess\n }) => {\n\n if (!issuerURL)\n throw new Error(ERROR_MESSAGES.issuerURL)\n if (!clientId)\n throw new Error(ERROR_MESSAGES.clientId)\n if (enableAPI) {\n if (!apiClientId)\n throw new Error(ERROR_MESSAGES.apiClientId)\n if (!apiKeyId)\n throw new Error(ERROR_MESSAGES.apiKey)\n if (!apiKey)\n throw new Error(ERROR_MESSAGES.apiKey)\n }\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ..._fieldsConfig}\n\n return (incomingConfig) => {\n\n const serverURL = incomingConfig.serverURL ?? 'http://localhost'\n\n const authSlug = incomingConfig.admin?.user ?? 'users'\n\n const authBaseURL = `${serverURL}/api/${authSlug}`\n const authorizeURL = authBaseURL + ROUTES.authorize\n const callbackURL = authBaseURL + ROUTES.callback\n\n const defaultOnSuccess: ZitadelOnSuccess = (state) =>\n NextResponse.redirect(serverURL + (state.get('redirect') ?? ''))\n\n return {\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...disableAvatar ? {} : {\n avatar: {\n Component: 'payload-zitadel-plugin/components#Avatar'\n }\n },\n ...disableDefaultLoginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n path: 'payload-zitadel-plugin/components#LoginButton',\n serverProps: {\n authorizeURL,\n label\n }\n }\n ]\n }\n },\n custom: {\n ...incomingConfig.admin?.custom,\n zitadel: {\n issuerURL,\n clientId,\n callbackURL\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == authSlug ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n authSlug,\n fieldsConfig,\n strategyName: strategyName,\n issuerURL: issuerURL as string,\n clientId: clientId as string,\n ...(enableAPI ? {\n enableAPI: true,\n apiClientId: apiClientId!,\n apiKeyId: apiClientId!,\n apiKey: apiKey!\n } : {enableAPI: undefined})\n })\n ]\n },\n hooks: {\n afterLogout: [async () => (await cookies()).delete(COOKIES.idToken)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback(onSuccess ?? defaultOnSuccess)\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n } satisfies PayloadConfigWithZitadel\n\n }\n\n}"],"names":["cookies","COOKIES","DEFAULT_CONFIG","ERROR_MESSAGES","ROUTES","authorize","callback","zitadelStrategy","translations","NextResponse","ZitadelPlugin","fieldsConfig","_fieldsConfig","disableAvatar","disableDefaultLoginButton","strategyName","label","issuerURL","clientId","enableAPI","apiClientId","apiKeyId","apiKey","onSuccess","Error","fields","incomingConfig","serverURL","authSlug","admin","user","authBaseURL","authorizeURL","callbackURL","defaultOnSuccess","state","redirect","get","avatar","Component","components","afterLogin","path","serverProps","custom","zitadel","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","undefined","hooks","afterLogout","delete","idToken","endpoints","method","handler","id","type","readOnly","index","unique","required","name","email","image","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,EAAEC,cAAc,EAAEC,cAAc,EAAEC,MAAM,QAAO,iBAAgB;AAC9E,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAE7C,SAAQC,YAAY,QAAO,oBAAmB;AAC9C,SAAQC,YAAY,QAAO,iBAAgB;AAE3C,OAAO,MAAMC,gBAAmC,CAAC,EACIC,cAAcC,aAAa,EAC3BC,aAAa,EACbC,yBAAyB,EACzBC,eAAeb,eAAea,YAAY,EAC1CC,QAAQd,eAAec,KAAK,EAC5BC,SAAS,EACTC,QAAQ,EACRC,SAAS,EACTC,WAAW,EACXC,QAAQ,EACRC,MAAM,EACNC,SAAS,EACZ;IAE9C,IAAI,CAACN,WACD,MAAM,IAAIO,MAAMrB,eAAec,SAAS;IAC5C,IAAI,CAACC,UACD,MAAM,IAAIM,MAAMrB,eAAee,QAAQ;IAC3C,IAAIC,WAAW;QACX,IAAI,CAACC,aACD,MAAM,IAAII,MAAMrB,eAAeiB,WAAW;QAC9C,IAAI,CAACC,UACD,MAAM,IAAIG,MAAMrB,eAAemB,MAAM;QACzC,IAAI,CAACA,QACD,MAAM,IAAIE,MAAMrB,eAAemB,MAAM;IAC7C;IAEA,MAAMX,eAAe;QAAC,GAAGT,eAAeuB,MAAM;QAAE,GAAGb,aAAa;IAAA;IAEhE,OAAO,CAACc;QAEJ,MAAMC,YAAYD,eAAeC,SAAS,IAAI;QAE9C,MAAMC,WAAWF,eAAeG,KAAK,EAAEC,QAAQ;QAE/C,MAAMC,cAAc,GAAGJ,UAAU,KAAK,EAAEC,UAAU;QAClD,MAAMI,eAAeD,cAAc3B,OAAOC,SAAS;QACnD,MAAM4B,cAAcF,cAAc3B,OAAOE,QAAQ;QAEjD,MAAM4B,mBAAqC,CAACC,QACxC1B,aAAa2B,QAAQ,CAACT,YAAaQ,CAAAA,MAAME,GAAG,CAAC,eAAe,EAAC;QAEjE,OAAO;YACH,GAAGX,cAAc;YACjBG,OAAO;gBACH,GAAGH,eAAeG,KAAK;gBACvB,GAAGhB,gBAAgB,CAAC,IAAI;oBACpByB,QAAQ;wBACJC,WAAW;oBACf;gBACJ,CAAC;gBACD,GAAGzB,4BAA4B,CAAC,IAAI;oBAChC0B,YAAY;wBACR,GAAGd,eAAeG,KAAK,EAAEW,UAAU;wBACnCC,YAAY;+BACLf,eAAeG,KAAK,EAAEW,YAAYC,cAAc,EAAE;4BACrD;gCACIC,MAAM;gCACNC,aAAa;oCACTX;oCACAhB;gCACJ;4BACJ;yBACH;oBACL;gBACJ,CAAC;gBACD4B,QAAQ;oBACJ,GAAGlB,eAAeG,KAAK,EAAEe,MAAM;oBAC/BC,SAAS;wBACL5B;wBACAC;wBACAe;oBACJ;gBACJ;YACJ;YACAa,aAAa,AAACpB,CAAAA,eAAeoB,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAIvB,WAAW;wBAC7BsB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/B9C,gBAAgB;oCACZqB;oCACAjB;oCACAI,cAAcA;oCACdE,WAAWA;oCACXC,UAAUA;oCACV,GAAIC,YAAY;wCACZA,WAAW;wCACXC,aAAaA;wCACbC,UAAUD;wCACVE,QAAQA;oCACZ,IAAI;wCAACH,WAAWmC;oCAAS,CAAC;gCAC9B;6BACH;wBACL;wBACAC,OAAO;4BACHC,aAAa;gCAAC,UAAY,AAAC,CAAA,MAAMxD,SAAQ,EAAGyD,MAAM,CAACxD,QAAQyD,OAAO;6BAAE;wBACxE;wBACAC,WAAW;4BACP;gCACIjB,MAAMtC,OAAOC,SAAS;gCACtBuD,QAAQ;gCACRC,SAASxD;4BACb;4BACA;gCACIqC,MAAMtC,OAAOE,QAAQ;gCACrBsD,QAAQ;gCACRC,SAASvD,SAASiB,aAAaW;4BACnC;yBACH;wBACDT,QAAQ;+BACDuB,WAAWvB,MAAM;4BACpB;gCACI,GAAGd,aAAamD,EAAE;gCAClBC,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGxD,aAAayD,IAAI;gCACpBL,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGrD,aAAa0D,KAAK;gCACrBN,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGrD,aAAa2D,KAAK;gCACrBP,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGrD,aAAa4D,KAAK;gCACrBR,MAAM;gCACNlC,OAAO;oCACHmC,UAAU;gCACd;gCACAvC,QAAQ;oCACJ;wCACI,GAAGd,aAAa6D,UAAU,CAACJ,IAAI;wCAC/BL,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAU,MAAM;gBACF,GAAG/C,eAAe+C,IAAI;gBACtBjE,cAAc;oBACV,GAAGkB,eAAe+C,IAAI,EAAEjE,YAAY;oBACpCkE,IAAI;wBACA,GAAGhD,eAAe+C,IAAI,EAAEjE,cAAckE,EAAE;wBACxC,GAAGlE,aAAakE,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAGjD,eAAe+C,IAAI,EAAEjE,cAAcmE,EAAE;wBACxC,GAAGnE,aAAamE,EAAE;oBACtB;gBACJ;YACJ;QACJ;IAEJ;AAEJ,EAAC"}
|
package/dist/strategy.js
CHANGED
|
@@ -5,7 +5,7 @@ export const zitadelStrategy = ({ authSlug, fieldsConfig, strategyName, issuerUR
|
|
|
5
5
|
name: strategyName,
|
|
6
6
|
authenticate: async ({ headers, payload })=>{
|
|
7
7
|
let id, idp_id, id_token;
|
|
8
|
-
const cookieStore = cookies();
|
|
8
|
+
const cookieStore = await cookies();
|
|
9
9
|
if (enableAPI) {
|
|
10
10
|
// in case of incoming API call from the app
|
|
11
11
|
const authHeader = headers.get('Authorization');
|
package/dist/strategy.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/strategy.ts"],"sourcesContent":["import {ZitadelIdToken, ZitadelStrategyType} from './types.js'\nimport jwt from 'jsonwebtoken'\nimport {cookies} from 'next/headers.js'\nimport {COOKIES} from './constants.js'\n\nexport const zitadelStrategy: ZitadelStrategyType = ({\n authSlug,\n fieldsConfig,\n strategyName,\n issuerURL,\n enableAPI,\n apiClientId,\n apiKeyId,\n apiKey\n }) => ({\n name: strategyName,\n authenticate: async ({headers, payload}) => {\n\n let id, idp_id, id_token\n\n const cookieStore = cookies()\n\n if (enableAPI) {\n // in case of incoming API call from the app\n const authHeader = headers.get('Authorization')\n if (authHeader?.includes('Bearer')) {\n const introspect = await fetch(`${issuerURL}/oauth/v2/introspect`, {\n method: 'post',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded'\n },\n body: new URLSearchParams({\n 'client_assertion_type': 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',\n 'client_assertion': jwt.sign({}, apiKey, {\n algorithm: 'RS256',\n audience: issuerURL,\n expiresIn: '1h',\n issuer: apiClientId,\n keyid: apiKeyId,\n subject: apiClientId\n }),\n 'token': authHeader.split(' ')[1]\n })\n })\n if (introspect.ok) {\n const data = await introspect.json()\n if (data?.active) {\n idp_id = data.sub\n }\n }\n }\n }\n\n // in case of normal browsing\n if (!idp_id && cookieStore.has(COOKIES.idToken)) {\n id_token = jwt.verify(cookieStore.get(COOKIES.idToken)?.value ?? '', payload.secret) as ZitadelIdToken\n idp_id = id_token.sub\n }\n\n // search for associated user; if not found, create one\n if (idp_id) {\n const {docs, totalDocs} = await payload.find({\n collection: authSlug,\n where: {\n [fieldsConfig.id.name]: {\n equals: idp_id\n }\n }\n })\n id = totalDocs ? docs[0].id : (await payload.create({\n collection: authSlug,\n data: {\n [fieldsConfig.id.name]: idp_id\n }\n })).id\n }\n\n // update user information if possible\n if (id && id_token) {\n await payload.update({\n collection: authSlug,\n id,\n data: {\n [fieldsConfig.name.name]: id_token.name,\n [fieldsConfig.email.name]: id_token.email,\n [fieldsConfig.image.name]: id_token.picture,\n [fieldsConfig.roles.name]: Object.keys(id_token['urn:zitadel:iam:org:project:roles'] ?? {})\n .map(key => ({[fieldsConfig.roleFields.name.name]: key}))\n }\n })\n }\n\n return {\n user: id ? {\n collection: authSlug,\n id\n } : null\n }\n\n }\n})"],"names":["jwt","cookies","COOKIES","zitadelStrategy","authSlug","fieldsConfig","strategyName","issuerURL","enableAPI","apiClientId","apiKeyId","apiKey","name","authenticate","headers","payload","id","idp_id","id_token","cookieStore","authHeader","get","includes","introspect","fetch","method","body","URLSearchParams","sign","algorithm","audience","expiresIn","issuer","keyid","subject","split","ok","data","json","active","sub","has","idToken","verify","value","secret","docs","totalDocs","find","collection","where","equals","create","update","email","image","picture","roles","Object","keys","map","key","roleFields","user"],"mappings":"AACA,OAAOA,SAAS,eAAc;AAC9B,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,QAAO,iBAAgB;AAEtC,OAAO,MAAMC,kBAAuC,CAAC,EACIC,QAAQ,EACRC,YAAY,EACZC,YAAY,EACZC,SAAS,EACTC,SAAS,EACTC,WAAW,EACXC,QAAQ,EACRC,MAAM,EACT,GAAM,CAAA;QACxDC,MAAMN;QACNO,cAAc,OAAO,EAACC,OAAO,EAAEC,OAAO,EAAC;YAEnC,IAAIC,IAAIC,QAAQC;YAEhB,MAAMC,
|
|
1
|
+
{"version":3,"sources":["../src/strategy.ts"],"sourcesContent":["import {ZitadelIdToken, ZitadelStrategyType} from './types.js'\nimport jwt from 'jsonwebtoken'\nimport {cookies} from 'next/headers.js'\nimport {COOKIES} from './constants.js'\n\nexport const zitadelStrategy: ZitadelStrategyType = ({\n authSlug,\n fieldsConfig,\n strategyName,\n issuerURL,\n enableAPI,\n apiClientId,\n apiKeyId,\n apiKey\n }) => ({\n name: strategyName,\n authenticate: async ({headers, payload}) => {\n\n let id, idp_id, id_token\n\n const cookieStore = await cookies()\n\n if (enableAPI) {\n // in case of incoming API call from the app\n const authHeader = headers.get('Authorization')\n if (authHeader?.includes('Bearer')) {\n const introspect = await fetch(`${issuerURL}/oauth/v2/introspect`, {\n method: 'post',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded'\n },\n body: new URLSearchParams({\n 'client_assertion_type': 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',\n 'client_assertion': jwt.sign({}, apiKey, {\n algorithm: 'RS256',\n audience: issuerURL,\n expiresIn: '1h',\n issuer: apiClientId,\n keyid: apiKeyId,\n subject: apiClientId\n }),\n 'token': authHeader.split(' ')[1]\n })\n })\n if (introspect.ok) {\n const data = await introspect.json()\n if (data?.active) {\n idp_id = data.sub\n }\n }\n }\n }\n\n // in case of normal browsing\n if (!idp_id && cookieStore.has(COOKIES.idToken)) {\n id_token = jwt.verify(cookieStore.get(COOKIES.idToken)?.value ?? '', payload.secret) as ZitadelIdToken\n idp_id = id_token.sub\n }\n\n // search for associated user; if not found, create one\n if (idp_id) {\n const {docs, totalDocs} = await payload.find({\n collection: authSlug,\n where: {\n [fieldsConfig.id.name]: {\n equals: idp_id\n }\n }\n })\n id = totalDocs ? docs[0].id : (await payload.create({\n collection: authSlug,\n data: {\n [fieldsConfig.id.name]: idp_id\n }\n })).id\n }\n\n // update user information if possible\n if (id && id_token) {\n await payload.update({\n collection: authSlug,\n id,\n data: {\n [fieldsConfig.name.name]: id_token.name,\n [fieldsConfig.email.name]: id_token.email,\n [fieldsConfig.image.name]: id_token.picture,\n [fieldsConfig.roles.name]: Object.keys(id_token['urn:zitadel:iam:org:project:roles'] ?? {})\n .map(key => ({[fieldsConfig.roleFields.name.name]: key}))\n }\n })\n }\n\n return {\n user: id ? {\n collection: authSlug,\n id\n } : null\n }\n\n }\n})"],"names":["jwt","cookies","COOKIES","zitadelStrategy","authSlug","fieldsConfig","strategyName","issuerURL","enableAPI","apiClientId","apiKeyId","apiKey","name","authenticate","headers","payload","id","idp_id","id_token","cookieStore","authHeader","get","includes","introspect","fetch","method","body","URLSearchParams","sign","algorithm","audience","expiresIn","issuer","keyid","subject","split","ok","data","json","active","sub","has","idToken","verify","value","secret","docs","totalDocs","find","collection","where","equals","create","update","email","image","picture","roles","Object","keys","map","key","roleFields","user"],"mappings":"AACA,OAAOA,SAAS,eAAc;AAC9B,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,QAAO,iBAAgB;AAEtC,OAAO,MAAMC,kBAAuC,CAAC,EACIC,QAAQ,EACRC,YAAY,EACZC,YAAY,EACZC,SAAS,EACTC,SAAS,EACTC,WAAW,EACXC,QAAQ,EACRC,MAAM,EACT,GAAM,CAAA;QACxDC,MAAMN;QACNO,cAAc,OAAO,EAACC,OAAO,EAAEC,OAAO,EAAC;YAEnC,IAAIC,IAAIC,QAAQC;YAEhB,MAAMC,cAAc,MAAMlB;YAE1B,IAAIO,WAAW;gBACX,4CAA4C;gBAC5C,MAAMY,aAAaN,QAAQO,GAAG,CAAC;gBAC/B,IAAID,YAAYE,SAAS,WAAW;oBAChC,MAAMC,aAAa,MAAMC,MAAM,GAAGjB,UAAU,oBAAoB,CAAC,EAAE;wBAC/DkB,QAAQ;wBACRX,SAAS;4BACL,gBAAgB;wBACpB;wBACAY,MAAM,IAAIC,gBAAgB;4BACtB,yBAAyB;4BACzB,oBAAoB3B,IAAI4B,IAAI,CAAC,CAAC,GAAGjB,QAAQ;gCACrCkB,WAAW;gCACXC,UAAUvB;gCACVwB,WAAW;gCACXC,QAAQvB;gCACRwB,OAAOvB;gCACPwB,SAASzB;4BACb;4BACA,SAASW,WAAWe,KAAK,CAAC,IAAI,CAAC,EAAE;wBACrC;oBACJ;oBACA,IAAIZ,WAAWa,EAAE,EAAE;wBACf,MAAMC,OAAO,MAAMd,WAAWe,IAAI;wBAClC,IAAID,MAAME,QAAQ;4BACdtB,SAASoB,KAAKG,GAAG;wBACrB;oBACJ;gBACJ;YACJ;YAEA,6BAA6B;YAC7B,IAAI,CAACvB,UAAUE,YAAYsB,GAAG,CAACvC,QAAQwC,OAAO,GAAG;gBAC7CxB,WAAWlB,IAAI2C,MAAM,CAACxB,YAAYE,GAAG,CAACnB,QAAQwC,OAAO,GAAGE,SAAS,IAAI7B,QAAQ8B,MAAM;gBACnF5B,SAASC,SAASsB,GAAG;YACzB;YAEA,uDAAuD;YACvD,IAAIvB,QAAQ;gBACR,MAAM,EAAC6B,IAAI,EAAEC,SAAS,EAAC,GAAG,MAAMhC,QAAQiC,IAAI,CAAC;oBACzCC,YAAY7C;oBACZ8C,OAAO;wBACH,CAAC7C,aAAaW,EAAE,CAACJ,IAAI,CAAC,EAAE;4BACpBuC,QAAQlC;wBACZ;oBACJ;gBACJ;gBACAD,KAAK+B,YAAYD,IAAI,CAAC,EAAE,CAAC9B,EAAE,GAAG,AAAC,CAAA,MAAMD,QAAQqC,MAAM,CAAC;oBAChDH,YAAY7C;oBACZiC,MAAM;wBACF,CAAChC,aAAaW,EAAE,CAACJ,IAAI,CAAC,EAAEK;oBAC5B;gBACJ,EAAC,EAAGD,EAAE;YACV;YAEA,sCAAsC;YACtC,IAAIA,MAAME,UAAU;gBAChB,MAAMH,QAAQsC,MAAM,CAAC;oBACjBJ,YAAY7C;oBACZY;oBACAqB,MAAM;wBACF,CAAChC,aAAaO,IAAI,CAACA,IAAI,CAAC,EAAEM,SAASN,IAAI;wBACvC,CAACP,aAAaiD,KAAK,CAAC1C,IAAI,CAAC,EAAEM,SAASoC,KAAK;wBACzC,CAACjD,aAAakD,KAAK,CAAC3C,IAAI,CAAC,EAAEM,SAASsC,OAAO;wBAC3C,CAACnD,aAAaoD,KAAK,CAAC7C,IAAI,CAAC,EAAE8C,OAAOC,IAAI,CAACzC,QAAQ,CAAC,oCAAoC,IAAI,CAAC,GACpF0C,GAAG,CAACC,CAAAA,MAAQ,CAAA;gCAAC,CAACxD,aAAayD,UAAU,CAAClD,IAAI,CAACA,IAAI,CAAC,EAAEiD;4BAAG,CAAA;oBAC9D;gBACJ;YACJ;YAEA,OAAO;gBACHE,MAAM/C,KAAK;oBACPiC,YAAY7C;oBACZY;gBACJ,IAAI;YACR;QAEJ;IACJ,CAAA,EAAE"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "payload-zitadel-plugin",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.32",
|
|
4
4
|
"description": "plugin for Payload CMS, which enables authentication via Zitadel IdP",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
@@ -36,24 +36,24 @@
|
|
|
36
36
|
"dist"
|
|
37
37
|
],
|
|
38
38
|
"dependencies": {
|
|
39
|
-
"@payloadcms/next": "3.0.0-beta.
|
|
40
|
-
"@payloadcms/translations": "3.0.0-beta.
|
|
41
|
-
"@payloadcms/ui": "3.0.0-beta.
|
|
39
|
+
"@payloadcms/next": "3.0.0-beta.110",
|
|
40
|
+
"@payloadcms/translations": "3.0.0-beta.110",
|
|
41
|
+
"@payloadcms/ui": "3.0.0-beta.110",
|
|
42
42
|
"jsonwebtoken": "^9.0.2",
|
|
43
|
-
"next": "15.0.0-canary.
|
|
44
|
-
"payload": "3.0.0-beta.
|
|
45
|
-
"react": "19.0.0-rc-
|
|
46
|
-
"react-dom": "19.0.0-rc-
|
|
43
|
+
"next": "15.0.0-canary.177",
|
|
44
|
+
"payload": "3.0.0-beta.110",
|
|
45
|
+
"react": "19.0.0-rc-0751fac7-20241002",
|
|
46
|
+
"react-dom": "19.0.0-rc-0751fac7-20241002"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
49
|
"@swc/cli": "^0.4.1-nightly.20240914",
|
|
50
|
-
"@swc/core": "^1.7.
|
|
50
|
+
"@swc/core": "^1.7.30-nightly-20241002.1",
|
|
51
51
|
"@types/jsonwebtoken": "^9.0.7",
|
|
52
|
-
"@types/node": "^22.
|
|
53
|
-
"@types/react": "^18.3.
|
|
52
|
+
"@types/node": "^22.7.4",
|
|
53
|
+
"@types/react": "^18.3.11",
|
|
54
54
|
"@types/react-dom": "^18.3.0",
|
|
55
55
|
"rimraf": "^6.0.1",
|
|
56
|
-
"typescript": "5.7.0-dev.
|
|
56
|
+
"typescript": "5.7.0-dev.20241003"
|
|
57
57
|
},
|
|
58
58
|
"engines": {
|
|
59
59
|
"node": "^22.9.0"
|