payload-zitadel-plugin 0.4.0 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -2,22 +2,24 @@
2
2
 
3
3
  [![NPM](https://nodei.co/npm/payload-zitadel-plugin.png)](https://npmjs.org/package/payload-zitadel-plugin)
4
4
 
5
- plugin for [Payload CMS](https://payloadcms.com), which enables authentication via Zitadel IdP.
5
+ a plugin for [Payload CMS](https://payloadcms.com) (v3), which enables authentication via Zitadel IdP
6
6
 
7
7
  The default use case is to fully replace PayloadCMS Auth with Zitadel.
8
8
  Thus, the user collection in PayloadCMS becomes just a shadow of the information in Zitadel.
9
9
 
10
- :boom: :boom: :boom:   works :100: with PayloadCMS version :three:   :boom: :boom: :boom:
11
-
12
10
  ## Install
13
11
 
14
12
  ```shell
15
- pnpm add payload-zitadel-plugin@0.4.0
13
+ pnpm add payload-zitadel-plugin@0.4.1
16
14
  ```
17
15
 
18
16
  ## Configuration
19
17
 
20
- Initialize the plugin in Payload Config File. Change the parameters to connect to your Zitadel Instance.
18
+ Initialize the plugin in the Payload config file. Change the parameters to connect to your Zitadel instance.
19
+
20
+ The cleanest way to use this plugin is just to set the `ZITADEL_URL` and `ZITADEL_CLIENT_ID` environment variables,
21
+ set up the `next.config.ts` as described down below and then add `zitadelPlugin()` without further configuration to the
22
+ plugin list.
21
23
 
22
24
  #### payload.config.ts
23
25
 
@@ -31,14 +33,16 @@ export default buildConfig({
31
33
  plugins: [
32
34
  zitadelPlugin({
33
35
  // URL of your Zitadel instance
34
- issuerUrl: process.env.ZITADEL_URL ?? '',
36
+ // if not provided, it will look for the ZITADEL_URL environment variable
37
+ // issuerUrl: 'https://idp.zitadel.url',
35
38
 
36
39
  // in Zitadel create a new App->Web->PKCE in your project, then copy the Client ID
37
40
  // DO NOT FORGET to add '{http://localhost with development mode on or https://your-domain.tld}/api/users/callback'
38
41
  // to the allowed redirect URIs and ALSO to the post logout redirect URIs
39
- clientId: process.env.ZITADEL_CLIENT_ID ?? '',
42
+ // if not provided, it will look for the ZITADEL_CLIENT_ID environment variable
43
+ // clientId: '123456789012345678@project_name',
40
44
 
41
- // change field names, field labels and alse hide them if wanted
45
+ // change field names, field labels and also hide them if wanted
42
46
  /*
43
47
  fieldConfig: {
44
48
  image: {
@@ -69,20 +73,22 @@ export default buildConfig({
69
73
  }
70
74
  */
71
75
 
72
- // if you want to manually control what happen after a successful login
76
+ // if you want to manually control what happens after a successful login
73
77
  // afterLogin: (req) => NextResponse.redirect('...')
74
78
 
75
- // if you want to manually control what happen after a successful logout
79
+ // if you want to manually control what happens after a successful logout
76
80
  // afterLogout: (req) => NextResponse.redirect('...')
77
81
 
78
82
  // following properties are only needed if you want to authenticate clients (e.g. a mobile app) for the API
79
- // if the users are just visit the CMS via a browser you can ignore all of them
83
+ // if the users are just visiting the CMS via a browser you can ignore all of them
80
84
  // otherwise create in Zitadel a new App->API->JWT and copy the Client ID, Key ID and the Key itself
85
+ // if not provided it will look for the ZITADEL_API_CLIENT_ID environment variable
86
+ // if ZITADEL_API_CLIENT_ID was found it will look for ZITADEL_API_KEY_ID and ZITADEL_API_KEY
81
87
  /*
82
88
  api: {
83
- clientId: process.env.ZITADEL_API_CLIENT_ID ?? ''
84
- keyId: process.env.ZITADEL_API_KEY_ID ?? ''
85
- key: process.env.ZITADEL_API_KEY ?? ''
89
+ clientId: '123456789123456789@project_name'
90
+ keyId: '123456789012345678'
91
+ key: '-----BEGIN RSA PRIVATE KEY----- ... ----END RSA PRIVATE KEY-----'
86
92
  }
87
93
  */
88
94
  })
@@ -129,9 +135,11 @@ export default withPayload(nextConfig)
129
135
  If you want to use the Zitadel profile picture as the avatar in PayloadCMS (`disableAvatar != true`),
130
136
  you have to manually add the asset URL to the Next.js config file.
131
137
 
132
- Also if you want to automatically redirect to Zitadel without asking the user to click on the login button,
138
+ Also, if you want to automatically redirect to Zitadel without asking the user to click on the login button,
133
139
  you have to add the redirect manually to the Next.js config file.
134
140
 
141
+ For a proper logout you also have to add the `end_session` redirect.
142
+
135
143
  #### next.config.js
136
144
 
137
145
  ```typescript
@@ -144,9 +152,9 @@ const nextConfig = {
144
152
  images: {
145
153
  remotePatterns: [
146
154
  {
147
- //protocol: new URL(process.env.ZITADEL_URL).protocol,
155
+ // protocol: new URL(process.env.ZITADEL_URL).protocol,
148
156
  hostname: new URL(process.env.ZITADEL_URL).hostname,
149
- //port: new URL(process.env.ZITADEL_URL).port,
157
+ // port: new URL(process.env.ZITADEL_URL).port,
150
158
  pathname: '/assets/**'
151
159
  }
152
160
  ]
@@ -156,6 +164,8 @@ const nextConfig = {
156
164
  return [
157
165
  // for proper logout
158
166
  {
167
+ // all paths, that do not start with 'api'
168
+ // it is important to ignore the Payload API routes!
159
169
  source: '/:path((?!api).*)',
160
170
  destination: '/api/users/end_session?redirect=/:path*',
161
171
  has: [
@@ -168,16 +178,14 @@ const nextConfig = {
168
178
  },
169
179
  // optional: enable auto-redirect to Zitadel login page if not logged in
170
180
  {
171
- source: '/:path((?!admin\/logout)(?:admin|profile).*)',
181
+ // all paths that start with 'admin' or 'profile'
182
+ // you could replace 'profile' with 'app' or some other protected route
183
+ source: '/:path((?:admin|profile).*)',
172
184
  destination: '/api/users/authorize?redirect=/:path*',
173
185
  missing: [
174
186
  {
175
187
  type: 'cookie',
176
188
  key: 'zitadel_id_token'
177
- },
178
- {
179
- type: 'cookie',
180
- key: 'zitadel_logout'
181
189
  }
182
190
  ],
183
191
  permanent: false
@@ -94,6 +94,12 @@ export declare const ENDPOINT_PATHS: {
94
94
  token: string;
95
95
  end_session: string;
96
96
  };
97
+ export declare const ERRORS: {
98
+ issuerURL: Error;
99
+ clientId: Error;
100
+ apiKeyId: Error;
101
+ apiKey: Error;
102
+ };
97
103
  export declare const ROLES_KEY = "urn:zitadel:iam:org:project:roles";
98
104
  export declare const ROUTES: {
99
105
  authorize: string;
@@ -1 +1 @@
1
- {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,eAAe;;;;CAI3B,CAAA;AAED,eAAO,MAAM,eAAe,sCAAsC,CAAA;AASlE,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;CAcnB,CAAA;AAED,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsC1B,CAAA;AAED,eAAO,MAAM,cAAc;;;;;CAK1B,CAAA;AAED,eAAO,MAAM,SAAS,sCAAsC,CAAA;AAE5D,eAAO,MAAM,MAAM;;;;CAIlB,CAAA"}
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,eAAe;;;;CAI3B,CAAA;AAED,eAAO,MAAM,eAAe,sCAAsC,CAAA;AASlE,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;CAcnB,CAAA;AAED,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsC1B,CAAA;AAED,eAAO,MAAM,cAAc;;;;;CAK1B,CAAA;AAED,eAAO,MAAM,MAAM;;;;;CAWlB,CAAA;AAED,eAAO,MAAM,SAAS,sCAAsC,CAAA;AAE5D,eAAO,MAAM,MAAM;;;;CAIlB,CAAA"}
package/dist/constants.js CHANGED
@@ -91,6 +91,12 @@ export const ENDPOINT_PATHS = {
91
91
  token: '/oauth/v2/token',
92
92
  end_session: '/oidc/v1/end_session'
93
93
  };
94
+ export const ERRORS = {
95
+ issuerURL: new Error('ZITADEL-PLUGIN | Error during initialization of the issuer URL: ' + 'issuerURL in plugin configuration not provided or empty and ZITADEL_URL environment variable also not found or empty'),
96
+ clientId: new Error('ZITADEL-PLUGIN | Error during initialization of the client Id: ' + 'clientId in plugin configuration not provided or empty and ZITADEL_CLIENT_ID environment variable also not found or empty'),
97
+ apiKeyId: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' + 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' + 'but ZITADEL_API_KEY_ID environment variable was not found or is empty'),
98
+ apiKey: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' + 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' + 'but ZITADEL_API_KEY environment variable was not found or is empty')
99
+ };
94
100
  export const ROLES_KEY = 'urn:zitadel:iam:org:project:roles';
95
101
  export const ROUTES = {
96
102
  authorize: '/authorize',
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/constants.ts"],"sourcesContent":["import {ResponseCookie} from 'next/dist/compiled/@edge-runtime/cookies/index.js'\nimport type {ZitadelFieldsConfig} from './types.js'\n\nexport const AUTHORIZE_QUERY = {\n response_type: 'code',\n scope: 'openid email profile',\n code_challenge_method: 'S256'\n}\n\nexport const COMPONENTS_PATH = 'payload-zitadel-plugin/components'\n\nconst COOKIE_CONFIG = {\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n secure: process.env.NODE_ENV == 'production'\n} satisfies Pick<ResponseCookie, 'httpOnly' | 'path' | 'sameSite' | 'secure'>\n\nexport const COOKIES = {\n pkce: {\n name: 'zitadel_pkce_code_verifier',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n idToken: {\n name: 'zitadel_id_token',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n logout: {\n name: 'zitadel_logout',\n value: 'true',\n ...COOKIE_CONFIG\n } satisfies ResponseCookie\n}\n\nexport const DEFAULT_CONFIG = {\n fields: {\n id: {\n name: 'idp_id',\n label: {\n de: 'Identifikation im System des Identitätsanbieters',\n en: 'Identifier in the system of the Identity Provider'\n }\n },\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n },\n email: {\n name: 'email',\n label: {de: 'E-Mail', en: 'Email'}\n },\n image: {\n name: 'image',\n label: {de: 'Profilbild-URL', en: 'Profile picture URL'}\n },\n roles: {\n name: 'roles',\n label: {de: 'Rollen', en: 'Roles'},\n labels: {\n singular: {de: 'Rolle', en: 'Role'},\n plural: {de: 'Rollen', en: 'Roles'}\n }\n },\n roleFields: {\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n }\n }\n } satisfies ZitadelFieldsConfig,\n strategyName: 'zitadel',\n label: 'Zitadel'\n}\n\nexport const ENDPOINT_PATHS = {\n authorize: '/oauth/v2/authorize',\n introspect: '/oauth/v2/introspect',\n token: '/oauth/v2/token',\n end_session: '/oidc/v1/end_session'\n}\n\nexport const ROLES_KEY = 'urn:zitadel:iam:org:project:roles'\n\nexport const ROUTES = {\n authorize: '/authorize',\n callback: '/callback',\n end_session: '/end_session'\n}\n\n"],"names":["AUTHORIZE_QUERY","response_type","scope","code_challenge_method","COMPONENTS_PATH","COOKIE_CONFIG","httpOnly","path","sameSite","secure","process","env","NODE_ENV","COOKIES","pkce","name","idToken","logout","value","DEFAULT_CONFIG","fields","id","label","de","en","email","image","roles","labels","singular","plural","roleFields","strategyName","ENDPOINT_PATHS","authorize","introspect","token","end_session","ROLES_KEY","ROUTES","callback"],"mappings":"AAGA,OAAO,MAAMA,kBAAkB;IAC3BC,eAAe;IACfC,OAAO;IACPC,uBAAuB;AAC3B,EAAC;AAED,OAAO,MAAMC,kBAAkB,oCAAmC;AAElE,MAAMC,gBAAgB;IAClBC,UAAU;IACVC,MAAM;IACNC,UAAU;IACVC,QAAQC,QAAQC,GAAG,CAACC,QAAQ,IAAI;AACpC;AAEA,OAAO,MAAMC,UAAU;IACnBC,MAAM;QACFC,MAAM;QACN,GAAGV,aAAa;IACpB;IACAW,SAAS;QACLD,MAAM;QACN,GAAGV,aAAa;IACpB;IACAY,QAAQ;QACJF,MAAM;QACNG,OAAO;QACP,GAAGb,aAAa;IACpB;AACJ,EAAC;AAED,OAAO,MAAMc,iBAAiB;IAC1BC,QAAQ;QACJC,IAAI;YACAN,MAAM;YACNO,OAAO;gBACHC,IAAI;gBACJC,IAAI;YACR;QACJ;QACAT,MAAM;YACFA,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAQC,IAAI;YAAM;QAClC;QACAC,OAAO;YACHV,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;QACrC;QACAE,OAAO;YACHX,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAkBC,IAAI;YAAqB;QAC3D;QACAG,OAAO;YACHZ,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;YACjCI,QAAQ;gBACJC,UAAU;oBAACN,IAAI;oBAASC,IAAI;gBAAM;gBAClCM,QAAQ;oBAACP,IAAI;oBAAUC,IAAI;gBAAO;YACtC;QACJ;QACAO,YAAY;YACRhB,MAAM;gBACFA,MAAM;gBACNO,OAAO;oBAACC,IAAI;oBAAQC,IAAI;gBAAM;YAClC;QACJ;IACJ;IACAQ,cAAc;IACdV,OAAO;AACX,EAAC;AAED,OAAO,MAAMW,iBAAiB;IAC1BC,WAAW;IACXC,YAAY;IACZC,OAAO;IACPC,aAAa;AACjB,EAAC;AAED,OAAO,MAAMC,YAAY,oCAAmC;AAE5D,OAAO,MAAMC,SAAS;IAClBL,WAAW;IACXM,UAAU;IACVH,aAAa;AACjB,EAAC"}
1
+ {"version":3,"sources":["../src/constants.ts"],"sourcesContent":["import {ResponseCookie} from 'next/dist/compiled/@edge-runtime/cookies/index.js'\nimport type {ZitadelFieldsConfig} from './types.js'\n\nexport const AUTHORIZE_QUERY = {\n response_type: 'code',\n scope: 'openid email profile',\n code_challenge_method: 'S256'\n}\n\nexport const COMPONENTS_PATH = 'payload-zitadel-plugin/components'\n\nconst COOKIE_CONFIG = {\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n secure: process.env.NODE_ENV == 'production'\n} satisfies Pick<ResponseCookie, 'httpOnly' | 'path' | 'sameSite' | 'secure'>\n\nexport const COOKIES = {\n pkce: {\n name: 'zitadel_pkce_code_verifier',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n idToken: {\n name: 'zitadel_id_token',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n logout: {\n name: 'zitadel_logout',\n value: 'true',\n ...COOKIE_CONFIG\n } satisfies ResponseCookie\n}\n\nexport const DEFAULT_CONFIG = {\n fields: {\n id: {\n name: 'idp_id',\n label: {\n de: 'Identifikation im System des Identitätsanbieters',\n en: 'Identifier in the system of the Identity Provider'\n }\n },\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n },\n email: {\n name: 'email',\n label: {de: 'E-Mail', en: 'Email'}\n },\n image: {\n name: 'image',\n label: {de: 'Profilbild-URL', en: 'Profile picture URL'}\n },\n roles: {\n name: 'roles',\n label: {de: 'Rollen', en: 'Roles'},\n labels: {\n singular: {de: 'Rolle', en: 'Role'},\n plural: {de: 'Rollen', en: 'Roles'}\n }\n },\n roleFields: {\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n }\n }\n } satisfies ZitadelFieldsConfig,\n strategyName: 'zitadel',\n label: 'Zitadel'\n}\n\nexport const ENDPOINT_PATHS = {\n authorize: '/oauth/v2/authorize',\n introspect: '/oauth/v2/introspect',\n token: '/oauth/v2/token',\n end_session: '/oidc/v1/end_session'\n}\n\nexport const ERRORS = {\n issuerURL: new Error('ZITADEL-PLUGIN | Error during initialization of the issuer URL: ' +\n 'issuerURL in plugin configuration not provided or empty and ZITADEL_URL environment variable also not found or empty'),\n clientId: new Error('ZITADEL-PLUGIN | Error during initialization of the client Id: ' +\n 'clientId in plugin configuration not provided or empty and ZITADEL_CLIENT_ID environment variable also not found or empty'),\n apiKeyId: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' +\n 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' +\n 'but ZITADEL_API_KEY_ID environment variable was not found or is empty'),\n apiKey: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' +\n 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' +\n 'but ZITADEL_API_KEY environment variable was not found or is empty')\n}\n\nexport const ROLES_KEY = 'urn:zitadel:iam:org:project:roles'\n\nexport const ROUTES = {\n authorize: '/authorize',\n callback: '/callback',\n end_session: '/end_session'\n}\n\n"],"names":["AUTHORIZE_QUERY","response_type","scope","code_challenge_method","COMPONENTS_PATH","COOKIE_CONFIG","httpOnly","path","sameSite","secure","process","env","NODE_ENV","COOKIES","pkce","name","idToken","logout","value","DEFAULT_CONFIG","fields","id","label","de","en","email","image","roles","labels","singular","plural","roleFields","strategyName","ENDPOINT_PATHS","authorize","introspect","token","end_session","ERRORS","issuerURL","Error","clientId","apiKeyId","apiKey","ROLES_KEY","ROUTES","callback"],"mappings":"AAGA,OAAO,MAAMA,kBAAkB;IAC3BC,eAAe;IACfC,OAAO;IACPC,uBAAuB;AAC3B,EAAC;AAED,OAAO,MAAMC,kBAAkB,oCAAmC;AAElE,MAAMC,gBAAgB;IAClBC,UAAU;IACVC,MAAM;IACNC,UAAU;IACVC,QAAQC,QAAQC,GAAG,CAACC,QAAQ,IAAI;AACpC;AAEA,OAAO,MAAMC,UAAU;IACnBC,MAAM;QACFC,MAAM;QACN,GAAGV,aAAa;IACpB;IACAW,SAAS;QACLD,MAAM;QACN,GAAGV,aAAa;IACpB;IACAY,QAAQ;QACJF,MAAM;QACNG,OAAO;QACP,GAAGb,aAAa;IACpB;AACJ,EAAC;AAED,OAAO,MAAMc,iBAAiB;IAC1BC,QAAQ;QACJC,IAAI;YACAN,MAAM;YACNO,OAAO;gBACHC,IAAI;gBACJC,IAAI;YACR;QACJ;QACAT,MAAM;YACFA,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAQC,IAAI;YAAM;QAClC;QACAC,OAAO;YACHV,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;QACrC;QACAE,OAAO;YACHX,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAkBC,IAAI;YAAqB;QAC3D;QACAG,OAAO;YACHZ,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;YACjCI,QAAQ;gBACJC,UAAU;oBAACN,IAAI;oBAASC,IAAI;gBAAM;gBAClCM,QAAQ;oBAACP,IAAI;oBAAUC,IAAI;gBAAO;YACtC;QACJ;QACAO,YAAY;YACRhB,MAAM;gBACFA,MAAM;gBACNO,OAAO;oBAACC,IAAI;oBAAQC,IAAI;gBAAM;YAClC;QACJ;IACJ;IACAQ,cAAc;IACdV,OAAO;AACX,EAAC;AAED,OAAO,MAAMW,iBAAiB;IAC1BC,WAAW;IACXC,YAAY;IACZC,OAAO;IACPC,aAAa;AACjB,EAAC;AAED,OAAO,MAAMC,SAAS;IAClBC,WAAW,IAAIC,MAAM,qEACjB;IACJC,UAAU,IAAID,MAAM,oEAChB;IACJE,UAAU,IAAIF,MAAM,0EAChB,0IACA;IACJG,QAAQ,IAAIH,MAAM,0EACd,0IACA;AACR,EAAC;AAED,OAAO,MAAMI,YAAY,oCAAmC;AAE5D,OAAO,MAAMC,SAAS;IAClBX,WAAW;IACXY,UAAU;IACVT,aAAa;AACjB,EAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,sBAAsB,EAAuC,MAAM,aAAa,CAAA;AAGxF,eAAO,MAAM,QAAQ,EAAE,sBAmLtB,CAAA"}
1
+ {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,sBAAsB,EAAuC,MAAM,aAAa,CAAA;AAGxF,eAAO,MAAM,QAAQ,EAAE,sBAiLtB,CAAA"}
@@ -7,7 +7,6 @@ export const callback = ({ issuerURL, clientId, fields, afterLogin, afterLogout
7
7
  const { config, secret } = payload;
8
8
  const { code } = query;
9
9
  const state = getState(req);
10
- console.log('callback with state:', JSON.stringify(state));
11
10
  const cookieStore = await cookies();
12
11
  if (state.invokedBy == 'end_session') {
13
12
  [
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {SignJWT, decodeJwt} from 'jose'\nimport {cookies} from 'next/headers.js'\nimport {COOKIES, ENDPOINT_PATHS, ROLES_KEY, ROUTES} from '../constants.js'\nimport {ZitadelCallbackHandler, ZitadelCallbackQuery, ZitadelIdToken} from '../types.js'\nimport {getAuthBaseURL, getAuthSlug, getState} from '../utils/index.js'\n\nexport const callback: ZitadelCallbackHandler = ({\n issuerURL,\n clientId,\n fields,\n afterLogin,\n afterLogout\n }) => async (req) => {\n\n const {payload, query} = req\n\n const {config, secret} = payload\n\n const {code} = query as ZitadelCallbackQuery\n\n const state = getState(req)\n\n console.log('callback with state:', JSON.stringify(state))\n\n const cookieStore = await cookies()\n\n if (state.invokedBy == 'end_session') {\n\n [COOKIES.logout, COOKIES.idToken].forEach(cookie => cookieStore.delete(cookie))\n\n return afterLogout(req)\n\n }\n\n const codeVerifier = cookieStore.get(COOKIES.pkce.name)?.value\n\n if (!code) {\n return Response.json({\n status: 'error',\n message: 'no code provided to verify'\n })\n }\n\n if (!codeVerifier) {\n return Response.json({\n status: 'error',\n message: 'code verifier not found (associated http-only cookie is empty)'\n })\n }\n\n const tokenQueryData = {\n grant_type: 'authorization_code',\n code,\n redirect_uri: getAuthBaseURL(config) + ROUTES.callback,\n client_id: clientId,\n code_verifier: codeVerifier\n }\n\n const tokenEndpoint = issuerURL + ENDPOINT_PATHS.token\n\n const tokenResponse = await fetch(new URL(tokenEndpoint), {\n method: 'POST',\n body: new URLSearchParams(tokenQueryData)\n })\n\n if (!tokenResponse.ok) {\n return Response.json({\n status: 'error',\n message: 'error while communicating with token endpoint',\n details: {\n tokenEndpoint,\n tokenQuery: tokenQueryData,\n tokenResponseCode: `${tokenResponse.status} - ${tokenResponse.statusText}`\n }\n })\n }\n\n const tokenJson = await tokenResponse.json()\n\n const {id_token: idToken} = tokenJson\n\n if (!idToken) {\n return Response.json({\n status: 'error',\n message: 'token could not be retrieved from this response',\n details: {\n responseData: tokenJson\n }\n })\n }\n\n let decodedIdToken\n\n try {\n\n decodedIdToken = decodeJwt<ZitadelIdToken>(idToken)\n\n } catch (e) {\n\n return Response.json({\n status: 'error',\n message: `error during decoding: ${JSON.stringify(e)}`,\n details: {\n idToken\n }\n })\n\n }\n\n const idpId = decodedIdToken.sub\n\n const userData = {\n [fields.name.name]: decodedIdToken.name,\n [fields.email.name]: decodedIdToken.email,\n [fields.image.name]: decodedIdToken.picture,\n [fields.roles.name]: Object.keys(decodedIdToken[ROLES_KEY] ?? {})\n .map(key => ({[fields.roleFields.name.name]: key}))\n }\n\n if (!idpId) {\n return Response.json({\n status: 'error',\n message: 'token is not complete (id not found)',\n details: {\n idToken,\n decodedIdToken,\n idpId\n }\n })\n }\n\n try {\n\n const authSlug = getAuthSlug(config)\n\n const {docs, totalDocs} = await payload.find({\n collection: authSlug,\n where: {\n [fields.id.name]: {\n equals: idpId\n }\n }\n })\n\n if (totalDocs) {\n await payload.update({\n collection: authSlug,\n id: docs[0].id,\n data: userData\n })\n } else {\n await payload.create({\n collection: authSlug,\n data: {\n [fields.id.name]: idpId,\n ...userData\n }\n })\n }\n\n } catch (e) {\n\n return Response.json({\n status: 'error',\n message: `error while creating/updating user: ${JSON.stringify(e)}`,\n details: {\n idpId\n }\n })\n\n }\n\n cookieStore.delete(COOKIES.pkce)\n\n cookieStore.set({\n ...COOKIES.idToken,\n value: await new SignJWT(decodedIdToken)\n .setProtectedHeader({alg: 'HS256'})\n .setIssuedAt()\n .sign(new TextEncoder().encode(secret)),\n maxAge: 900\n })\n\n return afterLogin(req)\n\n}"],"names":["SignJWT","decodeJwt","cookies","COOKIES","ENDPOINT_PATHS","ROLES_KEY","ROUTES","getAuthBaseURL","getAuthSlug","getState","callback","issuerURL","clientId","fields","afterLogin","afterLogout","req","payload","query","config","secret","code","state","console","log","JSON","stringify","cookieStore","invokedBy","logout","idToken","forEach","cookie","delete","codeVerifier","get","pkce","name","value","Response","json","status","message","tokenQueryData","grant_type","redirect_uri","client_id","code_verifier","tokenEndpoint","token","tokenResponse","fetch","URL","method","body","URLSearchParams","ok","details","tokenQuery","tokenResponseCode","statusText","tokenJson","id_token","responseData","decodedIdToken","e","idpId","sub","userData","email","image","picture","roles","Object","keys","map","key","roleFields","authSlug","docs","totalDocs","find","collection","where","id","equals","update","data","create","set","setProtectedHeader","alg","setIssuedAt","sign","TextEncoder","encode","maxAge"],"mappings":"AAAA,SAAQA,OAAO,EAAEC,SAAS,QAAO,OAAM;AACvC,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,EAAEC,cAAc,EAAEC,SAAS,EAAEC,MAAM,QAAO,kBAAiB;AAE1E,SAAQC,cAAc,EAAEC,WAAW,EAAEC,QAAQ,QAAO,oBAAmB;AAEvE,OAAO,MAAMC,WAAmC,CAAC,EACIC,SAAS,EACTC,QAAQ,EACRC,MAAM,EACNC,UAAU,EACVC,WAAW,EACd,GAAK,OAAOC;QAE1D,MAAM,EAACC,OAAO,EAAEC,KAAK,EAAC,GAAGF;QAEzB,MAAM,EAACG,MAAM,EAAEC,MAAM,EAAC,GAAGH;QAEzB,MAAM,EAACI,IAAI,EAAC,GAAGH;QAEf,MAAMI,QAAQb,SAASO;QAEvBO,QAAQC,GAAG,CAAC,wBAAwBC,KAAKC,SAAS,CAACJ;QAEnD,MAAMK,cAAc,MAAMzB;QAE1B,IAAIoB,MAAMM,SAAS,IAAI,eAAe;YAElC;gBAACzB,QAAQ0B,MAAM;gBAAE1B,QAAQ2B,OAAO;aAAC,CAACC,OAAO,CAACC,CAAAA,SAAUL,YAAYM,MAAM,CAACD;YAEvE,OAAOjB,YAAYC;QAEvB;QAEA,MAAMkB,eAAeP,YAAYQ,GAAG,CAAChC,QAAQiC,IAAI,CAACC,IAAI,GAAGC;QAEzD,IAAI,CAACjB,MAAM;YACP,OAAOkB,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;YACb;QACJ;QAEA,IAAI,CAACR,cAAc;YACf,OAAOK,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;YACb;QACJ;QAEA,MAAMC,iBAAiB;YACnBC,YAAY;YACZvB;YACAwB,cAActC,eAAeY,UAAUb,OAAOI,QAAQ;YACtDoC,WAAWlC;YACXmC,eAAeb;QACnB;QAEA,MAAMc,gBAAgBrC,YAAYP,eAAe6C,KAAK;QAEtD,MAAMC,gBAAgB,MAAMC,MAAM,IAAIC,IAAIJ,gBAAgB;YACtDK,QAAQ;YACRC,MAAM,IAAIC,gBAAgBZ;QAC9B;QAEA,IAAI,CAACO,cAAcM,EAAE,EAAE;YACnB,OAAOjB,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACLT;oBACAU,YAAYf;oBACZgB,mBAAmB,GAAGT,cAAcT,MAAM,CAAC,GAAG,EAAES,cAAcU,UAAU,EAAE;gBAC9E;YACJ;QACJ;QAEA,MAAMC,YAAY,MAAMX,cAAcV,IAAI;QAE1C,MAAM,EAACsB,UAAUhC,OAAO,EAAC,GAAG+B;QAE5B,IAAI,CAAC/B,SAAS;YACV,OAAOS,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACLM,cAAcF;gBAClB;YACJ;QACJ;QAEA,IAAIG;QAEJ,IAAI;YAEAA,iBAAiB/D,UAA0B6B;QAE/C,EAAE,OAAOmC,GAAG;YAER,OAAO1B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS,CAAC,uBAAuB,EAAEjB,KAAKC,SAAS,CAACuC,IAAI;gBACtDR,SAAS;oBACL3B;gBACJ;YACJ;QAEJ;QAEA,MAAMoC,QAAQF,eAAeG,GAAG;QAEhC,MAAMC,WAAW;YACb,CAACvD,OAAOwB,IAAI,CAACA,IAAI,CAAC,EAAE2B,eAAe3B,IAAI;YACvC,CAACxB,OAAOwD,KAAK,CAAChC,IAAI,CAAC,EAAE2B,eAAeK,KAAK;YACzC,CAACxD,OAAOyD,KAAK,CAACjC,IAAI,CAAC,EAAE2B,eAAeO,OAAO;YAC3C,CAAC1D,OAAO2D,KAAK,CAACnC,IAAI,CAAC,EAAEoC,OAAOC,IAAI,CAACV,cAAc,CAAC3D,UAAU,IAAI,CAAC,GAC1DsE,GAAG,CAACC,CAAAA,MAAQ,CAAA;oBAAC,CAAC/D,OAAOgE,UAAU,CAACxC,IAAI,CAACA,IAAI,CAAC,EAAEuC;gBAAG,CAAA;QACxD;QAEA,IAAI,CAACV,OAAO;YACR,OAAO3B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACL3B;oBACAkC;oBACAE;gBACJ;YACJ;QACJ;QAEA,IAAI;YAEA,MAAMY,WAAWtE,YAAYW;YAE7B,MAAM,EAAC4D,IAAI,EAAEC,SAAS,EAAC,GAAG,MAAM/D,QAAQgE,IAAI,CAAC;gBACzCC,YAAYJ;gBACZK,OAAO;oBACH,CAACtE,OAAOuE,EAAE,CAAC/C,IAAI,CAAC,EAAE;wBACdgD,QAAQnB;oBACZ;gBACJ;YACJ;YAEA,IAAIc,WAAW;gBACX,MAAM/D,QAAQqE,MAAM,CAAC;oBACjBJ,YAAYJ;oBACZM,IAAIL,IAAI,CAAC,EAAE,CAACK,EAAE;oBACdG,MAAMnB;gBACV;YACJ,OAAO;gBACH,MAAMnD,QAAQuE,MAAM,CAAC;oBACjBN,YAAYJ;oBACZS,MAAM;wBACF,CAAC1E,OAAOuE,EAAE,CAAC/C,IAAI,CAAC,EAAE6B;wBAClB,GAAGE,QAAQ;oBACf;gBACJ;YACJ;QAEJ,EAAE,OAAOH,GAAG;YAER,OAAO1B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS,CAAC,oCAAoC,EAAEjB,KAAKC,SAAS,CAACuC,IAAI;gBACnER,SAAS;oBACLS;gBACJ;YACJ;QAEJ;QAEAvC,YAAYM,MAAM,CAAC9B,QAAQiC,IAAI;QAE/BT,YAAY8D,GAAG,CAAC;YACZ,GAAGtF,QAAQ2B,OAAO;YAClBQ,OAAO,MAAM,IAAItC,QAAQgE,gBACpB0B,kBAAkB,CAAC;gBAACC,KAAK;YAAO,GAChCC,WAAW,GACXC,IAAI,CAAC,IAAIC,cAAcC,MAAM,CAAC3E;YACnC4E,QAAQ;QACZ;QAEA,OAAOlF,WAAWE;IAEtB,EAAC"}
1
+ {"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {SignJWT, decodeJwt} from 'jose'\nimport {cookies} from 'next/headers.js'\nimport {COOKIES, ENDPOINT_PATHS, ROLES_KEY, ROUTES} from '../constants.js'\nimport {ZitadelCallbackHandler, ZitadelCallbackQuery, ZitadelIdToken} from '../types.js'\nimport {getAuthBaseURL, getAuthSlug, getState} from '../utils/index.js'\n\nexport const callback: ZitadelCallbackHandler = ({\n issuerURL,\n clientId,\n fields,\n afterLogin,\n afterLogout\n }) => async (req) => {\n\n const {payload, query} = req\n\n const {config, secret} = payload\n\n const {code} = query as ZitadelCallbackQuery\n\n const state = getState(req)\n\n const cookieStore = await cookies()\n\n if (state.invokedBy == 'end_session') {\n\n [COOKIES.logout, COOKIES.idToken].forEach(cookie => cookieStore.delete(cookie))\n\n return afterLogout(req)\n\n }\n\n const codeVerifier = cookieStore.get(COOKIES.pkce.name)?.value\n\n if (!code) {\n return Response.json({\n status: 'error',\n message: 'no code provided to verify'\n })\n }\n\n if (!codeVerifier) {\n return Response.json({\n status: 'error',\n message: 'code verifier not found (associated http-only cookie is empty)'\n })\n }\n\n const tokenQueryData = {\n grant_type: 'authorization_code',\n code,\n redirect_uri: getAuthBaseURL(config) + ROUTES.callback,\n client_id: clientId,\n code_verifier: codeVerifier\n }\n\n const tokenEndpoint = issuerURL + ENDPOINT_PATHS.token\n\n const tokenResponse = await fetch(new URL(tokenEndpoint), {\n method: 'POST',\n body: new URLSearchParams(tokenQueryData)\n })\n\n if (!tokenResponse.ok) {\n return Response.json({\n status: 'error',\n message: 'error while communicating with token endpoint',\n details: {\n tokenEndpoint,\n tokenQuery: tokenQueryData,\n tokenResponseCode: `${tokenResponse.status} - ${tokenResponse.statusText}`\n }\n })\n }\n\n const tokenJson = await tokenResponse.json()\n\n const {id_token: idToken} = tokenJson\n\n if (!idToken) {\n return Response.json({\n status: 'error',\n message: 'token could not be retrieved from this response',\n details: {\n responseData: tokenJson\n }\n })\n }\n\n let decodedIdToken\n\n try {\n\n decodedIdToken = decodeJwt<ZitadelIdToken>(idToken)\n\n } catch (e) {\n\n return Response.json({\n status: 'error',\n message: `error during decoding: ${JSON.stringify(e)}`,\n details: {\n idToken\n }\n })\n\n }\n\n const idpId = decodedIdToken.sub\n\n const userData = {\n [fields.name.name]: decodedIdToken.name,\n [fields.email.name]: decodedIdToken.email,\n [fields.image.name]: decodedIdToken.picture,\n [fields.roles.name]: Object.keys(decodedIdToken[ROLES_KEY] ?? {})\n .map(key => ({[fields.roleFields.name.name]: key}))\n }\n\n if (!idpId) {\n return Response.json({\n status: 'error',\n message: 'token is not complete (id not found)',\n details: {\n idToken,\n decodedIdToken,\n idpId\n }\n })\n }\n\n try {\n\n const authSlug = getAuthSlug(config)\n\n const {docs, totalDocs} = await payload.find({\n collection: authSlug,\n where: {\n [fields.id.name]: {\n equals: idpId\n }\n }\n })\n\n if (totalDocs) {\n await payload.update({\n collection: authSlug,\n id: docs[0].id,\n data: userData\n })\n } else {\n await payload.create({\n collection: authSlug,\n data: {\n [fields.id.name]: idpId,\n ...userData\n }\n })\n }\n\n } catch (e) {\n\n return Response.json({\n status: 'error',\n message: `error while creating/updating user: ${JSON.stringify(e)}`,\n details: {\n idpId\n }\n })\n\n }\n\n cookieStore.delete(COOKIES.pkce)\n\n cookieStore.set({\n ...COOKIES.idToken,\n value: await new SignJWT(decodedIdToken)\n .setProtectedHeader({alg: 'HS256'})\n .setIssuedAt()\n .sign(new TextEncoder().encode(secret)),\n maxAge: 900\n })\n\n return afterLogin(req)\n\n}"],"names":["SignJWT","decodeJwt","cookies","COOKIES","ENDPOINT_PATHS","ROLES_KEY","ROUTES","getAuthBaseURL","getAuthSlug","getState","callback","issuerURL","clientId","fields","afterLogin","afterLogout","req","payload","query","config","secret","code","state","cookieStore","invokedBy","logout","idToken","forEach","cookie","delete","codeVerifier","get","pkce","name","value","Response","json","status","message","tokenQueryData","grant_type","redirect_uri","client_id","code_verifier","tokenEndpoint","token","tokenResponse","fetch","URL","method","body","URLSearchParams","ok","details","tokenQuery","tokenResponseCode","statusText","tokenJson","id_token","responseData","decodedIdToken","e","JSON","stringify","idpId","sub","userData","email","image","picture","roles","Object","keys","map","key","roleFields","authSlug","docs","totalDocs","find","collection","where","id","equals","update","data","create","set","setProtectedHeader","alg","setIssuedAt","sign","TextEncoder","encode","maxAge"],"mappings":"AAAA,SAAQA,OAAO,EAAEC,SAAS,QAAO,OAAM;AACvC,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,EAAEC,cAAc,EAAEC,SAAS,EAAEC,MAAM,QAAO,kBAAiB;AAE1E,SAAQC,cAAc,EAAEC,WAAW,EAAEC,QAAQ,QAAO,oBAAmB;AAEvE,OAAO,MAAMC,WAAmC,CAAC,EACIC,SAAS,EACTC,QAAQ,EACRC,MAAM,EACNC,UAAU,EACVC,WAAW,EACd,GAAK,OAAOC;QAE1D,MAAM,EAACC,OAAO,EAAEC,KAAK,EAAC,GAAGF;QAEzB,MAAM,EAACG,MAAM,EAAEC,MAAM,EAAC,GAAGH;QAEzB,MAAM,EAACI,IAAI,EAAC,GAAGH;QAEf,MAAMI,QAAQb,SAASO;QAEvB,MAAMO,cAAc,MAAMrB;QAE1B,IAAIoB,MAAME,SAAS,IAAI,eAAe;YAElC;gBAACrB,QAAQsB,MAAM;gBAAEtB,QAAQuB,OAAO;aAAC,CAACC,OAAO,CAACC,CAAAA,SAAUL,YAAYM,MAAM,CAACD;YAEvE,OAAOb,YAAYC;QAEvB;QAEA,MAAMc,eAAeP,YAAYQ,GAAG,CAAC5B,QAAQ6B,IAAI,CAACC,IAAI,GAAGC;QAEzD,IAAI,CAACb,MAAM;YACP,OAAOc,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;YACb;QACJ;QAEA,IAAI,CAACR,cAAc;YACf,OAAOK,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;YACb;QACJ;QAEA,MAAMC,iBAAiB;YACnBC,YAAY;YACZnB;YACAoB,cAAclC,eAAeY,UAAUb,OAAOI,QAAQ;YACtDgC,WAAW9B;YACX+B,eAAeb;QACnB;QAEA,MAAMc,gBAAgBjC,YAAYP,eAAeyC,KAAK;QAEtD,MAAMC,gBAAgB,MAAMC,MAAM,IAAIC,IAAIJ,gBAAgB;YACtDK,QAAQ;YACRC,MAAM,IAAIC,gBAAgBZ;QAC9B;QAEA,IAAI,CAACO,cAAcM,EAAE,EAAE;YACnB,OAAOjB,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACLT;oBACAU,YAAYf;oBACZgB,mBAAmB,GAAGT,cAAcT,MAAM,CAAC,GAAG,EAAES,cAAcU,UAAU,EAAE;gBAC9E;YACJ;QACJ;QAEA,MAAMC,YAAY,MAAMX,cAAcV,IAAI;QAE1C,MAAM,EAACsB,UAAUhC,OAAO,EAAC,GAAG+B;QAE5B,IAAI,CAAC/B,SAAS;YACV,OAAOS,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACLM,cAAcF;gBAClB;YACJ;QACJ;QAEA,IAAIG;QAEJ,IAAI;YAEAA,iBAAiB3D,UAA0ByB;QAE/C,EAAE,OAAOmC,GAAG;YAER,OAAO1B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS,CAAC,uBAAuB,EAAEwB,KAAKC,SAAS,CAACF,IAAI;gBACtDR,SAAS;oBACL3B;gBACJ;YACJ;QAEJ;QAEA,MAAMsC,QAAQJ,eAAeK,GAAG;QAEhC,MAAMC,WAAW;YACb,CAACrD,OAAOoB,IAAI,CAACA,IAAI,CAAC,EAAE2B,eAAe3B,IAAI;YACvC,CAACpB,OAAOsD,KAAK,CAAClC,IAAI,CAAC,EAAE2B,eAAeO,KAAK;YACzC,CAACtD,OAAOuD,KAAK,CAACnC,IAAI,CAAC,EAAE2B,eAAeS,OAAO;YAC3C,CAACxD,OAAOyD,KAAK,CAACrC,IAAI,CAAC,EAAEsC,OAAOC,IAAI,CAACZ,cAAc,CAACvD,UAAU,IAAI,CAAC,GAC1DoE,GAAG,CAACC,CAAAA,MAAQ,CAAA;oBAAC,CAAC7D,OAAO8D,UAAU,CAAC1C,IAAI,CAACA,IAAI,CAAC,EAAEyC;gBAAG,CAAA;QACxD;QAEA,IAAI,CAACV,OAAO;YACR,OAAO7B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACL3B;oBACAkC;oBACAI;gBACJ;YACJ;QACJ;QAEA,IAAI;YAEA,MAAMY,WAAWpE,YAAYW;YAE7B,MAAM,EAAC0D,IAAI,EAAEC,SAAS,EAAC,GAAG,MAAM7D,QAAQ8D,IAAI,CAAC;gBACzCC,YAAYJ;gBACZK,OAAO;oBACH,CAACpE,OAAOqE,EAAE,CAACjD,IAAI,CAAC,EAAE;wBACdkD,QAAQnB;oBACZ;gBACJ;YACJ;YAEA,IAAIc,WAAW;gBACX,MAAM7D,QAAQmE,MAAM,CAAC;oBACjBJ,YAAYJ;oBACZM,IAAIL,IAAI,CAAC,EAAE,CAACK,EAAE;oBACdG,MAAMnB;gBACV;YACJ,OAAO;gBACH,MAAMjD,QAAQqE,MAAM,CAAC;oBACjBN,YAAYJ;oBACZS,MAAM;wBACF,CAACxE,OAAOqE,EAAE,CAACjD,IAAI,CAAC,EAAE+B;wBAClB,GAAGE,QAAQ;oBACf;gBACJ;YACJ;QAEJ,EAAE,OAAOL,GAAG;YAER,OAAO1B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS,CAAC,oCAAoC,EAAEwB,KAAKC,SAAS,CAACF,IAAI;gBACnER,SAAS;oBACLW;gBACJ;YACJ;QAEJ;QAEAzC,YAAYM,MAAM,CAAC1B,QAAQ6B,IAAI;QAE/BT,YAAYgE,GAAG,CAAC;YACZ,GAAGpF,QAAQuB,OAAO;YAClBQ,OAAO,MAAM,IAAIlC,QAAQ4D,gBACpB4B,kBAAkB,CAAC;gBAACC,KAAK;YAAO,GAChCC,WAAW,GACXC,IAAI,CAAC,IAAIC,cAAcC,MAAM,CAACzE;YACnC0E,QAAQ;QACZ;QAEA,OAAOhF,WAAWE;IAEtB,EAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAqB,aAAa,EAAC,MAAM,YAAY,CAAA;AAG5D,eAAO,MAAM,aAAa,EAAE,aA4J3B,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAqB,aAAa,EAAC,MAAM,YAAY,CAAA;AAG5D,eAAO,MAAM,aAAa,EAAE,aA0L3B,CAAA"}
package/dist/index.js CHANGED
@@ -1,11 +1,33 @@
1
1
  import { cookies } from 'next/headers.js';
2
2
  import { AvatarComponent, LoginButtonComponent } from './components/index.js';
3
- import { COOKIES, DEFAULT_CONFIG, ROUTES } from './constants.js';
3
+ import { COOKIES, DEFAULT_CONFIG, ERRORS, ROUTES } from './constants.js';
4
4
  import { authorize, callback } from './handlers/index.js';
5
5
  import { zitadelStrategy } from './strategy.js';
6
6
  import { translations } from './translations.js';
7
7
  import { defaultRedirect, getAuthSlug, requestRedirect } from './utils/index.js';
8
- export const zitadelPlugin = ({ issuerURL, clientId, fields, strategyName = DEFAULT_CONFIG.strategyName, api, callbacks, components })=>{
8
+ export const zitadelPlugin = (config)=>{
9
+ let { issuerURL = process.env.ZITADEL_URL, clientId = process.env.ZITADEL_CLIENT_ID, fields, strategyName = DEFAULT_CONFIG.strategyName, api, callbacks, components } = config ?? {};
10
+ if (!issuerURL) {
11
+ throw ERRORS.issuerURL;
12
+ }
13
+ if (!clientId) {
14
+ throw ERRORS.clientId;
15
+ }
16
+ if (!api && process.env.ZITADEL_API_CLIENT_ID) {
17
+ const keyId = process.env.ZITADEL_API_KEY_ID;
18
+ if (!keyId) {
19
+ throw ERRORS.apiKeyId;
20
+ }
21
+ const key = process.env.ZITADEL_API_KEY;
22
+ if (!key) {
23
+ throw ERRORS.apiKey;
24
+ }
25
+ api = {
26
+ clientId: process.env.ZITADEL_API_CLIENT_ID,
27
+ keyId,
28
+ key
29
+ };
30
+ }
9
31
  const fieldsConfig = {
10
32
  ...DEFAULT_CONFIG.fields,
11
33
  ...fields
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {AvatarComponent, LoginButtonComponent} from './components/index.js'\nimport {COOKIES, DEFAULT_CONFIG, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {translations} from './translations.js'\nimport {ZitadelAvatarProps, ZitadelPlugin} from './types.js'\nimport {defaultRedirect, getAuthSlug, requestRedirect} from './utils/index.js'\n\nexport const zitadelPlugin: ZitadelPlugin = ({\n issuerURL,\n clientId,\n fields,\n strategyName = DEFAULT_CONFIG.strategyName,\n api,\n callbacks,\n components\n }) => {\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ...fields}\n\n return (incomingConfig) => ({\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...components?.avatar ? {} : {\n avatar: {\n Component: {\n ...AvatarComponent,\n clientProps: {\n imageFieldName: fieldsConfig.image.name\n } satisfies ZitadelAvatarProps\n }\n }\n },\n ...components?.loginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n ...LoginButtonComponent,\n serverProps: {\n label: components?.loginButton?.label ?? DEFAULT_CONFIG.label\n }\n }\n ]\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == getAuthSlug(incomingConfig) ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n strategyName: strategyName,\n issuerURL,\n fields: fieldsConfig,\n api: api ?? false\n })\n ]\n },\n hooks: {\n afterLogout: [async () => (await cookies()).set(COOKIES.logout)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize({\n issuerURL,\n clientId\n })\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback({\n issuerURL,\n clientId,\n fields: fieldsConfig,\n afterLogin: callbacks?.afterLogin ?? defaultRedirect,\n afterLogout: callbacks?.afterLogout ?? defaultRedirect\n })\n },\n {\n path: ROUTES.end_session,\n method: 'get',\n handler: (req) => requestRedirect({req, issuerURL, clientId, invokedBy: 'end_session'})\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n })\n\n}"],"names":["cookies","AvatarComponent","LoginButtonComponent","COOKIES","DEFAULT_CONFIG","ROUTES","authorize","callback","zitadelStrategy","translations","defaultRedirect","getAuthSlug","requestRedirect","zitadelPlugin","issuerURL","clientId","fields","strategyName","api","callbacks","components","fieldsConfig","incomingConfig","admin","avatar","Component","clientProps","imageFieldName","image","name","loginButton","afterLogin","serverProps","label","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","hooks","afterLogout","set","logout","endpoints","path","method","handler","end_session","req","invokedBy","id","type","readOnly","index","unique","required","email","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,eAAe,EAAEC,oBAAoB,QAAO,wBAAuB;AAC3E,SAAQC,OAAO,EAAEC,cAAc,EAAEC,MAAM,QAAO,iBAAgB;AAC9D,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAC7C,SAAQC,YAAY,QAAO,oBAAmB;AAE9C,SAAQC,eAAe,EAAEC,WAAW,EAAEC,eAAe,QAAO,mBAAkB;AAE9E,OAAO,MAAMC,gBAA+B,CAAC,EACIC,SAAS,EACTC,QAAQ,EACRC,MAAM,EACNC,eAAeb,eAAea,YAAY,EAC1CC,GAAG,EACHC,SAAS,EACTC,UAAU,EACb;IAE1C,MAAMC,eAAe;QAAC,GAAGjB,eAAeY,MAAM;QAAE,GAAGA,MAAM;IAAA;IAEzD,OAAO,CAACM,iBAAoB,CAAA;YACxB,GAAGA,cAAc;YACjBC,OAAO;gBACH,GAAGD,eAAeC,KAAK;gBACvB,GAAGH,YAAYI,SAAS,CAAC,IAAI;oBACzBA,QAAQ;wBACJC,WAAW;4BACP,GAAGxB,eAAe;4BAClByB,aAAa;gCACTC,gBAAgBN,aAAaO,KAAK,CAACC,IAAI;4BAC3C;wBACJ;oBACJ;gBACJ,CAAC;gBACD,GAAGT,YAAYU,cAAc,CAAC,IAAI;oBAC9BV,YAAY;wBACR,GAAGE,eAAeC,KAAK,EAAEH,UAAU;wBACnCW,YAAY;+BACLT,eAAeC,KAAK,EAAEH,YAAYW,cAAc,EAAE;4BACrD;gCACI,GAAG7B,oBAAoB;gCACvB8B,aAAa;oCACTC,OAAOb,YAAYU,aAAaG,SAAS7B,eAAe6B,KAAK;gCACjE;4BACJ;yBACH;oBACL;gBACJ,CAAC;YACL;YACAC,aAAa,AAACZ,CAAAA,eAAeY,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAI5B,YAAYW,kBAAkB;wBAChDgB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/BjC,gBAAgB;oCACZS,cAAcA;oCACdH;oCACAE,QAAQK;oCACRH,KAAKA,OAAO;gCAChB;6BACH;wBACL;wBACAwB,OAAO;4BACHC,aAAa;gCAAC,UAAY,AAAC,CAAA,MAAM3C,SAAQ,EAAG4C,GAAG,CAACzC,QAAQ0C,MAAM;6BAAE;wBACpE;wBACAC,WAAW;4BACP;gCACIC,MAAM1C,OAAOC,SAAS;gCACtB0C,QAAQ;gCACRC,SAAS3C,UAAU;oCACfQ;oCACAC;gCACJ;4BACJ;4BACA;gCACIgC,MAAM1C,OAAOE,QAAQ;gCACrByC,QAAQ;gCACRC,SAAS1C,SAAS;oCACdO;oCACAC;oCACAC,QAAQK;oCACRU,YAAYZ,WAAWY,cAAcrB;oCACrCiC,aAAaxB,WAAWwB,eAAejC;gCAC3C;4BACJ;4BACA;gCACIqC,MAAM1C,OAAO6C,WAAW;gCACxBF,QAAQ;gCACRC,SAAS,CAACE,MAAQvC,gBAAgB;wCAACuC;wCAAKrC;wCAAWC;wCAAUqC,WAAW;oCAAa;4BACzF;yBACH;wBACDpC,QAAQ;+BACDoB,WAAWpB,MAAM;4BACpB;gCACI,GAAGK,aAAagC,EAAE;gCAClBC,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGrC,aAAaQ,IAAI;gCACpByB,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAasC,KAAK;gCACrBL,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAaO,KAAK;gCACrB0B,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAauC,KAAK;gCACrBN,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAvC,QAAQ;oCACJ;wCACI,GAAGK,aAAawC,UAAU,CAAChC,IAAI;wCAC/ByB,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAQ,MAAM;gBACF,GAAGxC,eAAewC,IAAI;gBACtBrD,cAAc;oBACV,GAAGa,eAAewC,IAAI,EAAErD,YAAY;oBACpCsD,IAAI;wBACA,GAAGzC,eAAewC,IAAI,EAAErD,cAAcsD,EAAE;wBACxC,GAAGtD,aAAasD,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAG1C,eAAewC,IAAI,EAAErD,cAAcuD,EAAE;wBACxC,GAAGvD,aAAauD,EAAE;oBACtB;gBACJ;YACJ;QACJ,CAAA;AAEJ,EAAC"}
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {AvatarComponent, LoginButtonComponent} from './components/index.js'\nimport {COOKIES, DEFAULT_CONFIG, ERRORS, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {translations} from './translations.js'\nimport {ZitadelAvatarProps, ZitadelPlugin} from './types.js'\nimport {defaultRedirect, getAuthSlug, requestRedirect} from './utils/index.js'\n\nexport const zitadelPlugin: ZitadelPlugin = (config) => {\n\n let {\n issuerURL = process.env.ZITADEL_URL,\n clientId = process.env.ZITADEL_CLIENT_ID,\n fields,\n strategyName = DEFAULT_CONFIG.strategyName,\n api,\n callbacks,\n components\n } = config ?? {}\n\n if (!issuerURL) {\n throw ERRORS.issuerURL\n }\n\n if (!clientId) {\n throw ERRORS.clientId\n }\n\n if (!api && process.env.ZITADEL_API_CLIENT_ID) {\n\n const keyId = process.env.ZITADEL_API_KEY_ID\n if (!keyId) {\n throw ERRORS.apiKeyId\n }\n\n const key = process.env.ZITADEL_API_KEY\n if (!key) {\n throw ERRORS.apiKey\n }\n\n api = {\n clientId: process.env.ZITADEL_API_CLIENT_ID,\n keyId,\n key\n }\n\n }\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ...fields}\n\n return (incomingConfig) => ({\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...components?.avatar ? {} : {\n avatar: {\n Component: {\n ...AvatarComponent,\n clientProps: {\n imageFieldName: fieldsConfig.image.name\n } satisfies ZitadelAvatarProps\n }\n }\n },\n ...components?.loginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n ...LoginButtonComponent,\n serverProps: {\n label: components?.loginButton?.label ?? DEFAULT_CONFIG.label\n }\n }\n ]\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == getAuthSlug(incomingConfig) ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n strategyName: strategyName,\n issuerURL,\n fields: fieldsConfig,\n api: api ?? false\n })\n ]\n },\n hooks: {\n afterLogout: [async () => (await cookies()).set(COOKIES.logout)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize({\n issuerURL,\n clientId\n })\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback({\n issuerURL,\n clientId,\n fields: fieldsConfig,\n afterLogin: callbacks?.afterLogin ?? defaultRedirect,\n afterLogout: callbacks?.afterLogout ?? defaultRedirect\n })\n },\n {\n path: ROUTES.end_session,\n method: 'get',\n handler: (req) => requestRedirect({req, issuerURL, clientId, invokedBy: 'end_session'})\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n })\n\n}"],"names":["cookies","AvatarComponent","LoginButtonComponent","COOKIES","DEFAULT_CONFIG","ERRORS","ROUTES","authorize","callback","zitadelStrategy","translations","defaultRedirect","getAuthSlug","requestRedirect","zitadelPlugin","config","issuerURL","process","env","ZITADEL_URL","clientId","ZITADEL_CLIENT_ID","fields","strategyName","api","callbacks","components","ZITADEL_API_CLIENT_ID","keyId","ZITADEL_API_KEY_ID","apiKeyId","key","ZITADEL_API_KEY","apiKey","fieldsConfig","incomingConfig","admin","avatar","Component","clientProps","imageFieldName","image","name","loginButton","afterLogin","serverProps","label","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","hooks","afterLogout","set","logout","endpoints","path","method","handler","end_session","req","invokedBy","id","type","readOnly","index","unique","required","email","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,eAAe,EAAEC,oBAAoB,QAAO,wBAAuB;AAC3E,SAAQC,OAAO,EAAEC,cAAc,EAAEC,MAAM,EAAEC,MAAM,QAAO,iBAAgB;AACtE,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAC7C,SAAQC,YAAY,QAAO,oBAAmB;AAE9C,SAAQC,eAAe,EAAEC,WAAW,EAAEC,eAAe,QAAO,mBAAkB;AAE9E,OAAO,MAAMC,gBAA+B,CAACC;IAEzC,IAAI,EACAC,YAAYC,QAAQC,GAAG,CAACC,WAAW,EACnCC,WAAWH,QAAQC,GAAG,CAACG,iBAAiB,EACxCC,MAAM,EACNC,eAAenB,eAAemB,YAAY,EAC1CC,GAAG,EACHC,SAAS,EACTC,UAAU,EACb,GAAGX,UAAU,CAAC;IAEf,IAAI,CAACC,WAAW;QACZ,MAAMX,OAAOW,SAAS;IAC1B;IAEA,IAAI,CAACI,UAAU;QACX,MAAMf,OAAOe,QAAQ;IACzB;IAEA,IAAI,CAACI,OAAOP,QAAQC,GAAG,CAACS,qBAAqB,EAAE;QAE3C,MAAMC,QAAQX,QAAQC,GAAG,CAACW,kBAAkB;QAC5C,IAAI,CAACD,OAAO;YACR,MAAMvB,OAAOyB,QAAQ;QACzB;QAEA,MAAMC,MAAMd,QAAQC,GAAG,CAACc,eAAe;QACvC,IAAI,CAACD,KAAK;YACN,MAAM1B,OAAO4B,MAAM;QACvB;QAEAT,MAAM;YACFJ,UAAUH,QAAQC,GAAG,CAACS,qBAAqB;YAC3CC;YACAG;QACJ;IAEJ;IAEA,MAAMG,eAAe;QAAC,GAAG9B,eAAekB,MAAM;QAAE,GAAGA,MAAM;IAAA;IAEzD,OAAO,CAACa,iBAAoB,CAAA;YACxB,GAAGA,cAAc;YACjBC,OAAO;gBACH,GAAGD,eAAeC,KAAK;gBACvB,GAAGV,YAAYW,SAAS,CAAC,IAAI;oBACzBA,QAAQ;wBACJC,WAAW;4BACP,GAAGrC,eAAe;4BAClBsC,aAAa;gCACTC,gBAAgBN,aAAaO,KAAK,CAACC,IAAI;4BAC3C;wBACJ;oBACJ;gBACJ,CAAC;gBACD,GAAGhB,YAAYiB,cAAc,CAAC,IAAI;oBAC9BjB,YAAY;wBACR,GAAGS,eAAeC,KAAK,EAAEV,UAAU;wBACnCkB,YAAY;+BACLT,eAAeC,KAAK,EAAEV,YAAYkB,cAAc,EAAE;4BACrD;gCACI,GAAG1C,oBAAoB;gCACvB2C,aAAa;oCACTC,OAAOpB,YAAYiB,aAAaG,SAAS1C,eAAe0C,KAAK;gCACjE;4BACJ;yBACH;oBACL;gBACJ,CAAC;YACL;YACAC,aAAa,AAACZ,CAAAA,eAAeY,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAIxC,YAAYuB,kBAAkB;wBAChDgB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/B7C,gBAAgB;oCACZc,cAAcA;oCACdP;oCACAM,QAAQY;oCACRV,KAAKA,OAAO;gCAChB;6BACH;wBACL;wBACA+B,OAAO;4BACHC,aAAa;gCAAC,UAAY,AAAC,CAAA,MAAMxD,SAAQ,EAAGyD,GAAG,CAACtD,QAAQuD,MAAM;6BAAE;wBACpE;wBACAC,WAAW;4BACP;gCACIC,MAAMtD,OAAOC,SAAS;gCACtBsD,QAAQ;gCACRC,SAASvD,UAAU;oCACfS;oCACAI;gCACJ;4BACJ;4BACA;gCACIwC,MAAMtD,OAAOE,QAAQ;gCACrBqD,QAAQ;gCACRC,SAAStD,SAAS;oCACdQ;oCACAI;oCACAE,QAAQY;oCACRU,YAAYnB,WAAWmB,cAAcjC;oCACrC6C,aAAa/B,WAAW+B,eAAe7C;gCAC3C;4BACJ;4BACA;gCACIiD,MAAMtD,OAAOyD,WAAW;gCACxBF,QAAQ;gCACRC,SAAS,CAACE,MAAQnD,gBAAgB;wCAACmD;wCAAKhD;wCAAWI;wCAAU6C,WAAW;oCAAa;4BACzF;yBACH;wBACD3C,QAAQ;+BACD2B,WAAW3B,MAAM;4BACpB;gCACI,GAAGY,aAAagC,EAAE;gCAClBC,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGrC,aAAaQ,IAAI;gCACpByB,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAasC,KAAK;gCACrBL,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAaO,KAAK;gCACrB0B,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAauC,KAAK;gCACrBN,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACA9C,QAAQ;oCACJ;wCACI,GAAGY,aAAawC,UAAU,CAAChC,IAAI;wCAC/ByB,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAQ,MAAM;gBACF,GAAGxC,eAAewC,IAAI;gBACtBjE,cAAc;oBACV,GAAGyB,eAAewC,IAAI,EAAEjE,YAAY;oBACpCkE,IAAI;wBACA,GAAGzC,eAAewC,IAAI,EAAEjE,cAAckE,EAAE;wBACxC,GAAGlE,aAAakE,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAG1C,eAAewC,IAAI,EAAEjE,cAAcmE,EAAE;wBACxC,GAAGnE,aAAamE,EAAE;oBACtB;gBACJ;YACJ;QACJ,CAAA;AAEJ,EAAC"}
package/dist/types.d.ts CHANGED
@@ -77,11 +77,11 @@ type ZitadelComponentsConfig = {
77
77
  avatar: ZitadelAvatarConfig;
78
78
  loginButton: ZitadelLoginButtonConfig;
79
79
  };
80
- type ZitadelPluginConfig = ZitadelBaseConfig & Partial<ZitadelUserConfig> & Partial<ZitadelStrategyConfig> & Partial<{
80
+ type ZitadelPluginConfig = Partial<ZitadelBaseConfig> & Partial<ZitadelUserConfig> & Partial<ZitadelStrategyConfig> & Partial<{
81
81
  callbacks: Partial<ZitadelCallbackConfig>;
82
82
  components: Partial<ZitadelComponentsConfig>;
83
83
  }>;
84
- export type ZitadelPlugin = (config: ZitadelPluginConfig) => (config: Config) => Config;
84
+ export type ZitadelPlugin = (config?: ZitadelPluginConfig) => (config: Config) => Config;
85
85
  type ZitadelAuthorizeRequestConfig = {
86
86
  codeChallenge: string;
87
87
  };
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAC,MAAM,SAAS,CAAA;AAC9F,OAAO,KAAK,EAAC,UAAU,EAAE,kBAAkB,EAAC,MAAM,0BAA0B,CAAA;AAC5E,OAAO,EAAC,YAAY,EAAC,MAAM,mBAAmB,CAAA;AAE9C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAC/E,CAAC,CAAA;AAEF,KAAK,kBAAkB,GAAG;IACtB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,EAAE,EAAE,kBAAkB,CAAA;IACtB,IAAI,EAAE,kBAAkB,CAAA;IACxB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,GAAG;QACxB,MAAM,EAAE;YACJ,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;YACzC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;SAC1C,CAAA;KACJ,CAAA;IACD,UAAU,EAAE;QACR,IAAI,EAAE,kBAAkB,CAAA;KAC3B,CAAA;CACJ,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,MAAM,EAAE,mBAAmB,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAC;IACvC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,KAAK,cAAc,GAAG,WAAW,GAAG,aAAa,CAAA;AAEjD,KAAK,gBAAgB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI;IACvE,SAAS,EAAE,SAAS,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAA;AAEtE,MAAM,MAAM,qBAAqB,GAAG;IAChC,UAAU,EAAE,cAAc,CAAA;IAC1B,WAAW,EAAE,cAAc,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,eAAe,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,iBAAiB,GAAG,eAAe,KAAK,cAAc,CAAA;AAEtH,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,CAAC,iBAAiB,GAAG,qBAAqB,CAAC,CAAA;AAElG,KAAK,gBAAgB,GAAG;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,KAAK,qBAAqB,GAAG;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,GAAG,EAAE,gBAAgB,GAAG,KAAK,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAAG,iBAAiB,GAAG,qBAAqB,KAAK,YAAY,CAAA;AAEvI,KAAK,mBAAmB,GAAG;IACvB,OAAO,EAAE,IAAI,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC7B,cAAc,EAAE,MAAM,CAAA;CACzB,CAAA;AAED,KAAK,wBAAwB,GAAG;IAC5B,OAAO,EAAE,IAAI,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG,IAAI,CAAC,wBAAwB,EAAE,SAAS,CAAC,GAAG;IAC5F,IAAI,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,EAAE,kBAAkB,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAA;CACvF,CAAA;AAED,KAAK,uBAAuB,GAAG;IAC3B,MAAM,EAAE,mBAAmB,CAAA;IAC3B,WAAW,EAAE,wBAAwB,CAAA;CACxC,CAAA;AAED,KAAK,mBAAmB,GACpB,iBAAiB,GACf,OAAO,CAAC,iBAAiB,CAAC,GAC1B,OAAO,CAAC,qBAAqB,CAAC,GAC9B,OAAO,CAAC;IACV,SAAS,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAA;IACzC,UAAU,EAAE,OAAO,CAAC,uBAAuB,CAAC,CAAA;CAC/C,CAAC,CAAA;AAEF,MAAM,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,mBAAmB,KAAK,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAA;AAEvF,KAAK,6BAA6B,GAAG;IACjC,aAAa,EAAE,MAAM,CAAA;CACxB,CAAA;AAGD,KAAK,mBAAmB,GACpB,CAAC,gBAAgB,CAAC,WAAW,CAAC,GAAG,6BAA6B,CAAC,GAC7D,CAAC,gBAAgB,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC,6BAA6B,CAAC,CAAC,CAAA;AAEhF,KAAK,oBAAoB,GAAG;IACxB,GAAG,EAAE,cAAc,CAAA;CACtB,GAAG,iBAAiB,GAAG,mBAAmB,CAAA;AAE3C,MAAM,MAAM,qBAAqB,GAAG,CAAC,MAAM,EAAE,oBAAoB,KAAK,QAAQ,CAAA"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAC,MAAM,SAAS,CAAA;AAC9F,OAAO,KAAK,EAAC,UAAU,EAAE,kBAAkB,EAAC,MAAM,0BAA0B,CAAA;AAC5E,OAAO,EAAC,YAAY,EAAC,MAAM,mBAAmB,CAAA;AAE9C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAC/E,CAAC,CAAA;AAEF,KAAK,kBAAkB,GAAG;IACtB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,EAAE,EAAE,kBAAkB,CAAA;IACtB,IAAI,EAAE,kBAAkB,CAAA;IACxB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,GAAG;QACxB,MAAM,EAAE;YACJ,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;YACzC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;SAC1C,CAAA;KACJ,CAAA;IACD,UAAU,EAAE;QACR,IAAI,EAAE,kBAAkB,CAAA;KAC3B,CAAA;CACJ,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,MAAM,EAAE,mBAAmB,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAC;IACvC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,KAAK,cAAc,GAAG,WAAW,GAAG,aAAa,CAAA;AAEjD,KAAK,gBAAgB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI;IACvE,SAAS,EAAE,SAAS,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAA;AAEtE,MAAM,MAAM,qBAAqB,GAAG;IAChC,UAAU,EAAE,cAAc,CAAA;IAC1B,WAAW,EAAE,cAAc,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,eAAe,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,iBAAiB,GAAG,eAAe,KAAK,cAAc,CAAA;AAEtH,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,CAAC,iBAAiB,GAAG,qBAAqB,CAAC,CAAA;AAElG,KAAK,gBAAgB,GAAG;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,KAAK,qBAAqB,GAAG;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,GAAG,EAAE,gBAAgB,GAAG,KAAK,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAAG,iBAAiB,GAAG,qBAAqB,KAAK,YAAY,CAAA;AAEvI,KAAK,mBAAmB,GAAG;IACvB,OAAO,EAAE,IAAI,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC7B,cAAc,EAAE,MAAM,CAAA;CACzB,CAAA;AAED,KAAK,wBAAwB,GAAG;IAC5B,OAAO,EAAE,IAAI,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG,IAAI,CAAC,wBAAwB,EAAE,SAAS,CAAC,GAAG;IAC5F,IAAI,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,EAAE,kBAAkB,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAA;CACvF,CAAA;AAED,KAAK,uBAAuB,GAAG;IAC3B,MAAM,EAAE,mBAAmB,CAAA;IAC3B,WAAW,EAAE,wBAAwB,CAAA;CACxC,CAAA;AAED,KAAK,mBAAmB,GACpB,OAAO,CAAC,iBAAiB,CAAC,GACxB,OAAO,CAAC,iBAAiB,CAAC,GAC1B,OAAO,CAAC,qBAAqB,CAAC,GAC9B,OAAO,CAAC;IACV,SAAS,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAA;IACzC,UAAU,EAAE,OAAO,CAAC,uBAAuB,CAAC,CAAA;CAC/C,CAAC,CAAA;AAEF,MAAM,MAAM,aAAa,GAAG,CAAC,MAAM,CAAC,EAAE,mBAAmB,KAAK,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAA;AAExF,KAAK,6BAA6B,GAAG;IACjC,aAAa,EAAE,MAAM,CAAA;CACxB,CAAA;AAGD,KAAK,mBAAmB,GACpB,CAAC,gBAAgB,CAAC,WAAW,CAAC,GAAG,6BAA6B,CAAC,GAC7D,CAAC,gBAAgB,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC,6BAA6B,CAAC,CAAC,CAAA;AAEhF,KAAK,oBAAoB,GAAG;IACxB,GAAG,EAAE,cAAc,CAAA;CACtB,GAAG,iBAAiB,GAAG,mBAAmB,CAAA;AAE3C,MAAM,MAAM,qBAAqB,GAAG,CAAC,MAAM,EAAE,oBAAoB,KAAK,QAAQ,CAAA"}
package/dist/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/types.ts"],"sourcesContent":["import type {AuthStrategy, Config, PayloadHandler, PayloadRequest, ServerProps} from 'payload'\nimport type {I18nClient, NestedKeysStripped} from '@payloadcms/translations'\nimport {translations} from './translations.js'\n\nexport type ZitadelIdToken = Partial<{\n sub: string\n name: string\n email: string\n picture: string\n 'urn:zitadel:iam:org:project:roles'?: Record<string, Record<string, string>>\n}>\n\ntype ZitadelFieldConfig = {\n hidden?: boolean\n name: string\n label: string | Record<string, string>\n}\n\nexport type ZitadelFieldsConfig = {\n id: ZitadelFieldConfig\n name: ZitadelFieldConfig\n email: ZitadelFieldConfig\n image: ZitadelFieldConfig\n roles: ZitadelFieldConfig & {\n labels: {\n singular: string | Record<string, string>\n plural: string | Record<string, string>\n }\n }\n roleFields: {\n name: ZitadelFieldConfig\n }\n}\n\ntype ZitadelBaseConfig = {\n issuerURL: string\n clientId: string\n}\n\ntype ZitadelUserConfig = {\n fields: ZitadelFieldsConfig\n}\n\nexport type ZitadelCallbackQuery = Partial<{\n code: string | null,\n state: string | null,\n}>\n\ntype ZitadelInvoker = 'authorize' | 'end_session'\n\ntype ZitadelInvokedBy<InvokedBy extends ZitadelInvoker = ZitadelInvoker> = {\n invokedBy: InvokedBy\n}\n\nexport type ZitadelCallbackState = Record<any, any> & ZitadelInvokedBy\n\nexport type ZitadelCallbackConfig = {\n afterLogin: PayloadHandler\n afterLogout: PayloadHandler\n}\n\nexport type ZitadelBaseHandler<ConfigExtension = {}> = (config: ZitadelBaseConfig & ConfigExtension) => PayloadHandler\n\nexport type ZitadelCallbackHandler = ZitadelBaseHandler<ZitadelUserConfig & ZitadelCallbackConfig>\n\ntype ZitadelAPIConfig = {\n clientId: string\n key: string\n keyId: string\n}\n\ntype ZitadelStrategyConfig = {\n strategyName: string\n api: ZitadelAPIConfig | false\n}\n\nexport type ZitadelStrategy = (config: Omit<ZitadelBaseConfig, 'clientId'> & ZitadelUserConfig & ZitadelStrategyConfig) => AuthStrategy\n\ntype ZitadelAvatarConfig = {\n disable: true\n}\n\nexport type ZitadelAvatarProps = {\n imageFieldName: string\n}\n\ntype ZitadelLoginButtonConfig = {\n disable: true\n label: string\n}\n\nexport type ZitadelLoginButtonProps = ServerProps & Omit<ZitadelLoginButtonConfig, 'disable'> & {\n i18n: I18nClient<typeof translations.en, NestedKeysStripped<typeof translations.en>>\n}\n\ntype ZitadelComponentsConfig = {\n avatar: ZitadelAvatarConfig\n loginButton: ZitadelLoginButtonConfig\n}\n\ntype ZitadelPluginConfig =\n ZitadelBaseConfig\n & Partial<ZitadelUserConfig>\n & Partial<ZitadelStrategyConfig>\n & Partial<{\n callbacks: Partial<ZitadelCallbackConfig>\n components: Partial<ZitadelComponentsConfig>\n}>\n\nexport type ZitadelPlugin = (config: ZitadelPluginConfig) => (config: Config) => Config\n\ntype ZitadelAuthorizeRequestConfig = {\n codeChallenge: string\n}\n\n\ntype ZitadelRequestState =\n (ZitadelInvokedBy<'authorize'> & ZitadelAuthorizeRequestConfig)\n | (ZitadelInvokedBy<'end_session'> & Partial<ZitadelAuthorizeRequestConfig>)\n\ntype ZitadelRequestConfig = {\n req: PayloadRequest\n} & ZitadelBaseConfig & ZitadelRequestState\n\nexport type ZitadelRequestHandler = (config: ZitadelRequestConfig) => Response\n\n\n"],"names":[],"mappings":"AA4HA,WAA8E"}
1
+ {"version":3,"sources":["../src/types.ts"],"sourcesContent":["import type {AuthStrategy, Config, PayloadHandler, PayloadRequest, ServerProps} from 'payload'\nimport type {I18nClient, NestedKeysStripped} from '@payloadcms/translations'\nimport {translations} from './translations.js'\n\nexport type ZitadelIdToken = Partial<{\n sub: string\n name: string\n email: string\n picture: string\n 'urn:zitadel:iam:org:project:roles'?: Record<string, Record<string, string>>\n}>\n\ntype ZitadelFieldConfig = {\n hidden?: boolean\n name: string\n label: string | Record<string, string>\n}\n\nexport type ZitadelFieldsConfig = {\n id: ZitadelFieldConfig\n name: ZitadelFieldConfig\n email: ZitadelFieldConfig\n image: ZitadelFieldConfig\n roles: ZitadelFieldConfig & {\n labels: {\n singular: string | Record<string, string>\n plural: string | Record<string, string>\n }\n }\n roleFields: {\n name: ZitadelFieldConfig\n }\n}\n\ntype ZitadelBaseConfig = {\n issuerURL: string\n clientId: string\n}\n\ntype ZitadelUserConfig = {\n fields: ZitadelFieldsConfig\n}\n\nexport type ZitadelCallbackQuery = Partial<{\n code: string | null,\n state: string | null,\n}>\n\ntype ZitadelInvoker = 'authorize' | 'end_session'\n\ntype ZitadelInvokedBy<InvokedBy extends ZitadelInvoker = ZitadelInvoker> = {\n invokedBy: InvokedBy\n}\n\nexport type ZitadelCallbackState = Record<any, any> & ZitadelInvokedBy\n\nexport type ZitadelCallbackConfig = {\n afterLogin: PayloadHandler\n afterLogout: PayloadHandler\n}\n\nexport type ZitadelBaseHandler<ConfigExtension = {}> = (config: ZitadelBaseConfig & ConfigExtension) => PayloadHandler\n\nexport type ZitadelCallbackHandler = ZitadelBaseHandler<ZitadelUserConfig & ZitadelCallbackConfig>\n\ntype ZitadelAPIConfig = {\n clientId: string\n key: string\n keyId: string\n}\n\ntype ZitadelStrategyConfig = {\n strategyName: string\n api: ZitadelAPIConfig | false\n}\n\nexport type ZitadelStrategy = (config: Omit<ZitadelBaseConfig, 'clientId'> & ZitadelUserConfig & ZitadelStrategyConfig) => AuthStrategy\n\ntype ZitadelAvatarConfig = {\n disable: true\n}\n\nexport type ZitadelAvatarProps = {\n imageFieldName: string\n}\n\ntype ZitadelLoginButtonConfig = {\n disable: true\n label: string\n}\n\nexport type ZitadelLoginButtonProps = ServerProps & Omit<ZitadelLoginButtonConfig, 'disable'> & {\n i18n: I18nClient<typeof translations.en, NestedKeysStripped<typeof translations.en>>\n}\n\ntype ZitadelComponentsConfig = {\n avatar: ZitadelAvatarConfig\n loginButton: ZitadelLoginButtonConfig\n}\n\ntype ZitadelPluginConfig =\n Partial<ZitadelBaseConfig>\n & Partial<ZitadelUserConfig>\n & Partial<ZitadelStrategyConfig>\n & Partial<{\n callbacks: Partial<ZitadelCallbackConfig>\n components: Partial<ZitadelComponentsConfig>\n}>\n\nexport type ZitadelPlugin = (config?: ZitadelPluginConfig) => (config: Config) => Config\n\ntype ZitadelAuthorizeRequestConfig = {\n codeChallenge: string\n}\n\n\ntype ZitadelRequestState =\n (ZitadelInvokedBy<'authorize'> & ZitadelAuthorizeRequestConfig)\n | (ZitadelInvokedBy<'end_session'> & Partial<ZitadelAuthorizeRequestConfig>)\n\ntype ZitadelRequestConfig = {\n req: PayloadRequest\n} & ZitadelBaseConfig & ZitadelRequestState\n\nexport type ZitadelRequestHandler = (config: ZitadelRequestConfig) => Response\n\n\n"],"names":[],"mappings":"AA4HA,WAA8E"}
@@ -1 +1 @@
1
- {"version":3,"file":"redirects.d.ts","sourceRoot":"","sources":["../../src/utils/redirects.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAGtC,OAAO,EAAC,qBAAqB,EAAC,MAAM,aAAa,CAAA;AAIjD,eAAO,MAAM,eAAe,EAAE,cAC0D,CAAA;AAExF,eAAO,MAAM,eAAe,EAAE,qBAgB7B,CAAA"}
1
+ {"version":3,"file":"redirects.d.ts","sourceRoot":"","sources":["../../src/utils/redirects.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAGtC,OAAO,EAAC,qBAAqB,EAAC,MAAM,aAAa,CAAA;AAIjD,eAAO,MAAM,eAAe,EAAE,cAC0D,CAAA;AAExF,eAAO,MAAM,eAAe,EAAE,qBASrB,CAAA"}
@@ -3,8 +3,7 @@ import { AUTHORIZE_QUERY, ENDPOINT_PATHS, ROUTES } from '../constants.js';
3
3
  import { createState, getState } from './state.js';
4
4
  import { getAuthBaseURL } from './urls.js';
5
5
  export const defaultRedirect = (req)=>NextResponse.redirect(req.payload.config.serverURL + (getState(req).redirect ?? ''));
6
- export const requestRedirect = ({ req, issuerURL, clientId, invokedBy, codeChallenge })=>{
7
- const redirectURL = `${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({
6
+ export const requestRedirect = ({ req, issuerURL, clientId, invokedBy, codeChallenge })=>NextResponse.redirect(`${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({
8
7
  client_id: clientId,
9
8
  [`${invokedBy == 'authorize' ? '' : 'post_logout_'}redirect_uri`]: getAuthBaseURL(req.payload.config) + ROUTES.callback,
10
9
  state: createState(req, invokedBy),
@@ -12,9 +11,6 @@ export const requestRedirect = ({ req, issuerURL, clientId, invokedBy, codeChall
12
11
  code_challenge: codeChallenge,
13
12
  ...AUTHORIZE_QUERY
14
13
  } : {}
15
- })}`;
16
- console.log('requesting redirect to:', redirectURL);
17
- return NextResponse.redirect(redirectURL);
18
- };
14
+ })}`);
19
15
 
20
16
  //# sourceMappingURL=redirects.js.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/utils/redirects.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {AUTHORIZE_QUERY, ENDPOINT_PATHS, ROUTES} from '../constants.js'\nimport {ZitadelRequestHandler} from '../types.js'\nimport {createState, getState} from './state.js'\nimport {getAuthBaseURL} from './urls.js'\n\nexport const defaultRedirect: PayloadHandler = (req) =>\n NextResponse.redirect(req.payload.config.serverURL + (getState(req).redirect ?? ''))\n\nexport const requestRedirect: ZitadelRequestHandler = ({req, issuerURL, clientId, invokedBy, codeChallenge}) => {\n\n const redirectURL = `${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({\n client_id: clientId,\n [`${invokedBy == 'authorize' ? '' : 'post_logout_'}redirect_uri`]: getAuthBaseURL(req.payload.config) + ROUTES.callback,\n state: createState(req, invokedBy),\n ...invokedBy == 'authorize' ? {\n code_challenge: codeChallenge,\n ...AUTHORIZE_QUERY\n } : {}\n })}`\n\n console.log('requesting redirect to:', redirectURL)\n\n return NextResponse.redirect(redirectURL)\n\n}"],"names":["NextResponse","AUTHORIZE_QUERY","ENDPOINT_PATHS","ROUTES","createState","getState","getAuthBaseURL","defaultRedirect","req","redirect","payload","config","serverURL","requestRedirect","issuerURL","clientId","invokedBy","codeChallenge","redirectURL","URLSearchParams","client_id","callback","state","code_challenge","console","log"],"mappings":"AACA,SAAQA,YAAY,QAAO,iBAAgB;AAC3C,SAAQC,eAAe,EAAEC,cAAc,EAAEC,MAAM,QAAO,kBAAiB;AAEvE,SAAQC,WAAW,EAAEC,QAAQ,QAAO,aAAY;AAChD,SAAQC,cAAc,QAAO,YAAW;AAExC,OAAO,MAAMC,kBAAkC,CAACC,MAC5CR,aAAaS,QAAQ,CAACD,IAAIE,OAAO,CAACC,MAAM,CAACC,SAAS,GAAIP,CAAAA,SAASG,KAAKC,QAAQ,IAAI,EAAC,GAAG;AAExF,OAAO,MAAMI,kBAAyC,CAAC,EAACL,GAAG,EAAEM,SAAS,EAAEC,QAAQ,EAAEC,SAAS,EAAEC,aAAa,EAAC;IAEvG,MAAMC,cAAc,GAAGJ,YAAYZ,cAAc,CAACc,UAAU,CAAC,CAAC,EAAE,IAAIG,gBAAgB;QAChFC,WAAWL;QACX,CAAC,GAAGC,aAAa,cAAc,KAAK,eAAe,YAAY,CAAC,CAAC,EAAEV,eAAeE,IAAIE,OAAO,CAACC,MAAM,IAAIR,OAAOkB,QAAQ;QACvHC,OAAOlB,YAAYI,KAAKQ;QACxB,GAAGA,aAAa,cAAc;YAC1BO,gBAAgBN;YAChB,GAAGhB,eAAe;QACtB,IAAI,CAAC,CAAC;IACV,IAAI;IAEJuB,QAAQC,GAAG,CAAC,2BAA2BP;IAEvC,OAAOlB,aAAaS,QAAQ,CAACS;AAEjC,EAAC"}
1
+ {"version":3,"sources":["../../src/utils/redirects.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {AUTHORIZE_QUERY, ENDPOINT_PATHS, ROUTES} from '../constants.js'\nimport {ZitadelRequestHandler} from '../types.js'\nimport {createState, getState} from './state.js'\nimport {getAuthBaseURL} from './urls.js'\n\nexport const defaultRedirect: PayloadHandler = (req) =>\n NextResponse.redirect(req.payload.config.serverURL + (getState(req).redirect ?? ''))\n\nexport const requestRedirect: ZitadelRequestHandler = ({req, issuerURL, clientId, invokedBy, codeChallenge}) =>\n NextResponse.redirect(`${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({\n client_id: clientId,\n [`${invokedBy == 'authorize' ? '' : 'post_logout_'}redirect_uri`]: getAuthBaseURL(req.payload.config) + ROUTES.callback,\n state: createState(req, invokedBy),\n ...invokedBy == 'authorize' ? {\n code_challenge: codeChallenge,\n ...AUTHORIZE_QUERY\n } : {}\n })}`)"],"names":["NextResponse","AUTHORIZE_QUERY","ENDPOINT_PATHS","ROUTES","createState","getState","getAuthBaseURL","defaultRedirect","req","redirect","payload","config","serverURL","requestRedirect","issuerURL","clientId","invokedBy","codeChallenge","URLSearchParams","client_id","callback","state","code_challenge"],"mappings":"AACA,SAAQA,YAAY,QAAO,iBAAgB;AAC3C,SAAQC,eAAe,EAAEC,cAAc,EAAEC,MAAM,QAAO,kBAAiB;AAEvE,SAAQC,WAAW,EAAEC,QAAQ,QAAO,aAAY;AAChD,SAAQC,cAAc,QAAO,YAAW;AAExC,OAAO,MAAMC,kBAAkC,CAACC,MAC5CR,aAAaS,QAAQ,CAACD,IAAIE,OAAO,CAACC,MAAM,CAACC,SAAS,GAAIP,CAAAA,SAASG,KAAKC,QAAQ,IAAI,EAAC,GAAG;AAExF,OAAO,MAAMI,kBAAyC,CAAC,EAACL,GAAG,EAAEM,SAAS,EAAEC,QAAQ,EAAEC,SAAS,EAAEC,aAAa,EAAC,GACvGjB,aAAaS,QAAQ,CAAC,GAAGK,YAAYZ,cAAc,CAACc,UAAU,CAAC,CAAC,EAAE,IAAIE,gBAAgB;QAClFC,WAAWJ;QACX,CAAC,GAAGC,aAAa,cAAc,KAAK,eAAe,YAAY,CAAC,CAAC,EAAEV,eAAeE,IAAIE,OAAO,CAACC,MAAM,IAAIR,OAAOiB,QAAQ;QACvHC,OAAOjB,YAAYI,KAAKQ;QACxB,GAAGA,aAAa,cAAc;YAC1BM,gBAAgBL;YAChB,GAAGhB,eAAe;QACtB,IAAI,CAAC,CAAC;IACV,IAAI,EAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "payload-zitadel-plugin",
3
- "version": "0.4.0",
3
+ "version": "0.4.2",
4
4
  "description": "plugin for Payload CMS, which enables authentication via Zitadel IdP",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -36,18 +36,18 @@
36
36
  "dist"
37
37
  ],
38
38
  "dependencies": {
39
- "@payloadcms/next": "^3.11.0",
40
- "@payloadcms/translations": "^3.11.0",
41
- "@payloadcms/ui": "^3.11.0",
39
+ "@payloadcms/next": "^3.12.0",
40
+ "@payloadcms/translations": "^3.12.0",
41
+ "@payloadcms/ui": "^3.12.0",
42
42
  "jose": "^5.9.6",
43
43
  "next": "^15.1.3",
44
- "payload": "^3.11.0",
44
+ "payload": "^3.12.0",
45
45
  "react": "^19.0.0",
46
46
  "react-dom": "^19.0.0"
47
47
  },
48
48
  "devDependencies": {
49
49
  "@swc/cli": "^0.5.2",
50
- "@swc/core": "^1.10.3",
50
+ "@swc/core": "^1.10.4",
51
51
  "@types/node": "^22.10.2",
52
52
  "@types/react": "^19.0.2",
53
53
  "@types/react-dom": "^19.0.2",