npm - payload-zitadel-plugin - Versions diffs - 0.4.0 → 0.4.2 - Mend

payload-zitadel-plugin 0.4.0 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/README.md +30 -22
package/dist/constants.d.ts +6 -0
package/dist/constants.d.ts.map +1 -1
package/dist/constants.js +6 -0
package/dist/constants.js.map +1 -1
package/dist/handlers/callback.d.ts.map +1 -1
package/dist/handlers/callback.js +0 -1
package/dist/handlers/callback.js.map +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +24 -2
package/dist/index.js.map +1 -1
package/dist/types.d.ts +2 -2
package/dist/types.d.ts.map +1 -1
package/dist/types.js.map +1 -1
package/dist/utils/redirects.d.ts.map +1 -1
package/dist/utils/redirects.js +2 -6
package/dist/utils/redirects.js.map +1 -1
package/package.json +6 -6

package/README.md CHANGED Viewed

@@ -2,22 +2,24 @@
 [![NPM](https://nodei.co/npm/payload-zitadel-plugin.png)](https://npmjs.org/package/payload-zitadel-plugin)
-plugin for [Payload CMS](https://payloadcms.com), which enables authentication via Zitadel IdP.
+a plugin for [Payload CMS](https://payloadcms.com) (v3), which enables authentication via Zitadel IdP
 The default use case is to fully replace PayloadCMS Auth with Zitadel.
 Thus, the user collection in PayloadCMS becomes just a shadow of the information in Zitadel.
-:boom: :boom: :boom: &nbsp; works :100: with PayloadCMS version :three: &nbsp; :boom: :boom: :boom:
 ## Install
 ```shell
-pnpm add payload-zitadel-plugin@0.4.0
+pnpm add payload-zitadel-plugin@0.4.1
 ```
 ## Configuration
-Initialize the plugin in Payload Config File. Change the parameters to connect to your Zitadel Instance.
+Initialize the plugin in the Payload config file. Change the parameters to connect to your Zitadel instance.
+The cleanest way to use this plugin is just to set the `ZITADEL_URL` and `ZITADEL_CLIENT_ID` environment variables,
+set up the `next.config.ts` as described down below and then add `zitadelPlugin()` without further configuration to the
+plugin list.
 #### payload.config.ts
@@ -31,14 +33,16 @@ export default buildConfig({
     plugins: [
         zitadelPlugin({
             // URL of your Zitadel instance
-            issuerUrl: process.env.ZITADEL_URL ?? '',
+            // if not provided, it will look for the ZITADEL_URL environment variable
+            // issuerUrl: 'https://idp.zitadel.url',
             // in Zitadel create a new App->Web->PKCE in your project, then copy the Client ID
             // DO NOT FORGET to add '{http://localhost with development mode on or https://your-domain.tld}/api/users/callback'
             // to the allowed redirect URIs and ALSO to the post logout redirect URIs
-            clientId: process.env.ZITADEL_CLIENT_ID ?? '',
+            // if not provided, it will look for the ZITADEL_CLIENT_ID environment variable
+            // clientId: '123456789012345678@project_name',
-            // change field names, field labels and alse hide them if wanted
+            // change field names, field labels and also hide them if wanted
             /*
             fieldConfig: {
                 image: {
@@ -69,20 +73,22 @@ export default buildConfig({
             }
              */
-            // if you want to manually control what happen after a successful login
+            // if you want to manually control what happens after a successful login
             // afterLogin: (req) => NextResponse.redirect('...')
-            // if you want to manually control what happen after a successful logout
+            // if you want to manually control what happens after a successful logout
             // afterLogout: (req) => NextResponse.redirect('...')
             // following properties are only needed if you want to authenticate clients (e.g. a mobile app) for the API
-            // if the users are just visit the CMS via a browser you can ignore all of them
+            // if the users are just visiting the CMS via a browser you can ignore all of them
             // otherwise create in Zitadel a new App->API->JWT and copy the Client ID, Key ID and the Key itself
+            // if not provided it will look for the ZITADEL_API_CLIENT_ID environment variable
+            // if ZITADEL_API_CLIENT_ID was found it will look for ZITADEL_API_KEY_ID and ZITADEL_API_KEY
             /*
             api: {
-                clientId: process.env.ZITADEL_API_CLIENT_ID ?? ''
-                keyId: process.env.ZITADEL_API_KEY_ID ?? ''
-                key: process.env.ZITADEL_API_KEY ?? ''
+                clientId: '123456789123456789@project_name'
+                keyId: '123456789012345678'
+                key: '-----BEGIN RSA PRIVATE KEY----- ... ----END RSA PRIVATE KEY-----'
             }
              */
         })
@@ -129,9 +135,11 @@ export default withPayload(nextConfig)
 If you want to use the Zitadel profile picture as the avatar in PayloadCMS (`disableAvatar != true`),
 you have to manually add the asset URL to the Next.js config file.
-Also if you want to automatically redirect to Zitadel without asking the user to click on the login button,
+Also, if you want to automatically redirect to Zitadel without asking the user to click on the login button,
 you have to add the redirect manually to the Next.js config file.
+For a proper logout you also have to add the `end_session` redirect.
 #### next.config.js
 ```typescript
@@ -144,9 +152,9 @@ const nextConfig = {
     images: {
         remotePatterns: [
             {
-                //protocol: new URL(process.env.ZITADEL_URL).protocol,
+                // protocol: new URL(process.env.ZITADEL_URL).protocol,
                 hostname: new URL(process.env.ZITADEL_URL).hostname,
-                //port: new URL(process.env.ZITADEL_URL).port,
+                // port: new URL(process.env.ZITADEL_URL).port,
                 pathname: '/assets/**'
             }
         ]
@@ -156,6 +164,8 @@ const nextConfig = {
         return [
             // for proper logout
             {
+                // all paths, that do not start with 'api'
+                // it is important to ignore the Payload API routes!
                 source: '/:path((?!api).*)',
                 destination: '/api/users/end_session?redirect=/:path*',
                 has: [
@@ -168,16 +178,14 @@ const nextConfig = {
             },
             // optional: enable auto-redirect to Zitadel login page if not logged in
             {
-                source: '/:path((?!admin\/logout)(?:admin|profile).*)',
+                // all paths that start with 'admin' or 'profile'
+                // you could replace 'profile' with 'app' or some other protected route
+                source: '/:path((?:admin|profile).*)',
                 destination: '/api/users/authorize?redirect=/:path*',
                 missing: [
                     {
                         type: 'cookie',
                         key: 'zitadel_id_token'
-                    },
-                    {
-                        type: 'cookie',
-                        key: 'zitadel_logout'
                     }
                 ],
                 permanent: false

package/dist/constants.d.ts CHANGED Viewed

@@ -94,6 +94,12 @@ export declare const ENDPOINT_PATHS: {
     token: string;
     end_session: string;
 };
+export declare const ERRORS: {
+    issuerURL: Error;
+    clientId: Error;
+    apiKeyId: Error;
+    apiKey: Error;
+};
 export declare const ROLES_KEY = "urn:zitadel:iam:org:project:roles";
 export declare const ROUTES: {
     authorize: string;

package/dist/constants.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,eAAe;;;;CAI3B,CAAA;AAED,eAAO,MAAM,eAAe,sCAAsC,CAAA;AASlE,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;CAcnB,CAAA;AAED,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsC1B,CAAA;AAED,eAAO,MAAM,cAAc;;;;;CAK1B,CAAA;AAED,eAAO,MAAM,SAAS,sCAAsC,CAAA;AAE5D,eAAO,MAAM,MAAM;;;;CAIlB,CAAA"}
1	+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,eAAe;;;;CAI3B,CAAA;AAED,eAAO,MAAM,eAAe,sCAAsC,CAAA;AASlE,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;CAcnB,CAAA;AAED,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsC1B,CAAA;AAED,eAAO,MAAM,cAAc;;;;;CAK1B,CAAA;AAED,eAAO,MAAM,MAAM;;;;;CAWlB,CAAA;AAED,eAAO,MAAM,SAAS,sCAAsC,CAAA;AAE5D,eAAO,MAAM,MAAM;;;;CAIlB,CAAA"}

package/dist/constants.js CHANGED Viewed

@@ -91,6 +91,12 @@ export const ENDPOINT_PATHS = {
     token: '/oauth/v2/token',
     end_session: '/oidc/v1/end_session'
 };
+export const ERRORS = {
+    issuerURL: new Error('ZITADEL-PLUGIN | Error during initialization of the issuer URL: ' + 'issuerURL in plugin configuration not provided or empty and ZITADEL_URL environment variable also not found or empty'),
+    clientId: new Error('ZITADEL-PLUGIN | Error during initialization of the client Id: ' + 'clientId in plugin configuration not provided or empty and ZITADEL_CLIENT_ID environment variable also not found or empty'),
+    apiKeyId: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' + 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' + 'but ZITADEL_API_KEY_ID environment variable was not found or is empty'),
+    apiKey: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' + 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' + 'but ZITADEL_API_KEY environment variable was not found or is empty')
+};
 export const ROLES_KEY = 'urn:zitadel:iam:org:project:roles';
 export const ROUTES = {
     authorize: '/authorize',

package/dist/constants.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/constants.ts"],"sourcesContent":["import {ResponseCookie} from 'next/dist/compiled/@edge-runtime/cookies/index.js'\nimport type {ZitadelFieldsConfig} from './types.js'\n\nexport const AUTHORIZE_QUERY = {\n response_type: 'code',\n scope: 'openid email profile',\n code_challenge_method: 'S256'\n}\n\nexport const COMPONENTS_PATH = 'payload-zitadel-plugin/components'\n\nconst COOKIE_CONFIG = {\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n secure: process.env.NODE_ENV == 'production'\n} satisfies Pick<ResponseCookie, 'httpOnly' \| 'path' \| 'sameSite' \| 'secure'>\n\nexport const COOKIES = {\n pkce: {\n name: 'zitadel_pkce_code_verifier',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n idToken: {\n name: 'zitadel_id_token',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n logout: {\n name: 'zitadel_logout',\n value: 'true',\n ...COOKIE_CONFIG\n } satisfies ResponseCookie\n}\n\nexport const DEFAULT_CONFIG = {\n fields: {\n id: {\n name: 'idp_id',\n label: {\n de: 'Identifikation im System des Identitätsanbieters',\n en: 'Identifier in the system of the Identity Provider'\n }\n },\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n },\n email: {\n name: 'email',\n label: {de: 'E-Mail', en: 'Email'}\n },\n image: {\n name: 'image',\n label: {de: 'Profilbild-URL', en: 'Profile picture URL'}\n },\n roles: {\n name: 'roles',\n label: {de: 'Rollen', en: 'Roles'},\n labels: {\n singular: {de: 'Rolle', en: 'Role'},\n plural: {de: 'Rollen', en: 'Roles'}\n }\n },\n roleFields: {\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n }\n }\n } satisfies ZitadelFieldsConfig,\n strategyName: 'zitadel',\n label: 'Zitadel'\n}\n\nexport const ENDPOINT_PATHS = {\n authorize: '/oauth/v2/authorize',\n introspect: '/oauth/v2/introspect',\n token: '/oauth/v2/token',\n end_session: '/oidc/v1/end_session'\n}\n\nexport const ROLES_KEY = 'urn:zitadel:iam:org:project:roles'\n\nexport const ROUTES = {\n authorize: '/authorize',\n callback: '/callback',\n end_session: '/end_session'\n}\n\n"],"names":["AUTHORIZE_QUERY","response_type","scope","code_challenge_method","COMPONENTS_PATH","COOKIE_CONFIG","httpOnly","path","sameSite","secure","process","env","NODE_ENV","COOKIES","pkce","name","idToken","logout","value","DEFAULT_CONFIG","fields","id","label","de","en","email","image","roles","labels","singular","plural","roleFields","strategyName","ENDPOINT_PATHS","authorize","introspect","token","end_session","ROLES_KEY","ROUTES","callback"],"mappings":"AAGA,OAAO,MAAMA,kBAAkB;IAC3BC,eAAe;IACfC,OAAO;IACPC,uBAAuB;AAC3B,EAAC;AAED,OAAO,MAAMC,kBAAkB,oCAAmC;AAElE,MAAMC,gBAAgB;IAClBC,UAAU;IACVC,MAAM;IACNC,UAAU;IACVC,QAAQC,QAAQC,GAAG,CAACC,QAAQ,IAAI;AACpC;AAEA,OAAO,MAAMC,UAAU;IACnBC,MAAM;QACFC,MAAM;QACN,GAAGV,aAAa;IACpB;IACAW,SAAS;QACLD,MAAM;QACN,GAAGV,aAAa;IACpB;IACAY,QAAQ;QACJF,MAAM;QACNG,OAAO;QACP,GAAGb,aAAa;IACpB;AACJ,EAAC;AAED,OAAO,MAAMc,iBAAiB;IAC1BC,QAAQ;QACJC,IAAI;YACAN,MAAM;YACNO,OAAO;gBACHC,IAAI;gBACJC,IAAI;YACR;QACJ;QACAT,MAAM;YACFA,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAQC,IAAI;YAAM;QAClC;QACAC,OAAO;YACHV,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;QACrC;QACAE,OAAO;YACHX,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAkBC,IAAI;YAAqB;QAC3D;QACAG,OAAO;YACHZ,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;YACjCI,QAAQ;gBACJC,UAAU;oBAACN,IAAI;oBAASC,IAAI;gBAAM;gBAClCM,QAAQ;oBAACP,IAAI;oBAAUC,IAAI;gBAAO;YACtC;QACJ;QACAO,YAAY;YACRhB,MAAM;gBACFA,MAAM;gBACNO,OAAO;oBAACC,IAAI;oBAAQC,IAAI;gBAAM;YAClC;QACJ;IACJ;IACAQ,cAAc;IACdV,OAAO;AACX,EAAC;AAED,OAAO,MAAMW,iBAAiB;IAC1BC,WAAW;IACXC,YAAY;IACZC,OAAO;IACPC,aAAa;AACjB,EAAC;AAED,OAAO,MAAMC,YAAY,oCAAmC;AAE5D,OAAO,MAAMC,SAAS;~~IAClBL~~,WAAW;~~IACXM~~,UAAU;~~IACVH~~,aAAa;AACjB,EAAC"}
1	+ {"version":3,"sources":["../src/constants.ts"],"sourcesContent":["import {ResponseCookie} from 'next/dist/compiled/@edge-runtime/cookies/index.js'\nimport type {ZitadelFieldsConfig} from './types.js'\n\nexport const AUTHORIZE_QUERY = {\n response_type: 'code',\n scope: 'openid email profile',\n code_challenge_method: 'S256'\n}\n\nexport const COMPONENTS_PATH = 'payload-zitadel-plugin/components'\n\nconst COOKIE_CONFIG = {\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n secure: process.env.NODE_ENV == 'production'\n} satisfies Pick<ResponseCookie, 'httpOnly' \| 'path' \| 'sameSite' \| 'secure'>\n\nexport const COOKIES = {\n pkce: {\n name: 'zitadel_pkce_code_verifier',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n idToken: {\n name: 'zitadel_id_token',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n logout: {\n name: 'zitadel_logout',\n value: 'true',\n ...COOKIE_CONFIG\n } satisfies ResponseCookie\n}\n\nexport const DEFAULT_CONFIG = {\n fields: {\n id: {\n name: 'idp_id',\n label: {\n de: 'Identifikation im System des Identitätsanbieters',\n en: 'Identifier in the system of the Identity Provider'\n }\n },\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n },\n email: {\n name: 'email',\n label: {de: 'E-Mail', en: 'Email'}\n },\n image: {\n name: 'image',\n label: {de: 'Profilbild-URL', en: 'Profile picture URL'}\n },\n roles: {\n name: 'roles',\n label: {de: 'Rollen', en: 'Roles'},\n labels: {\n singular: {de: 'Rolle', en: 'Role'},\n plural: {de: 'Rollen', en: 'Roles'}\n }\n },\n roleFields: {\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n }\n }\n } satisfies ZitadelFieldsConfig,\n strategyName: 'zitadel',\n label: 'Zitadel'\n}\n\nexport const ENDPOINT_PATHS = {\n authorize: '/oauth/v2/authorize',\n introspect: '/oauth/v2/introspect',\n token: '/oauth/v2/token',\n end_session: '/oidc/v1/end_session'\n}\n\nexport const ERRORS = {\n issuerURL: new Error('ZITADEL-PLUGIN \| Error during initialization of the issuer URL: ' +\n 'issuerURL in plugin configuration not provided or empty and ZITADEL_URL environment variable also not found or empty'),\n clientId: new Error('ZITADEL-PLUGIN \| Error during initialization of the client Id: ' +\n 'clientId in plugin configuration not provided or empty and ZITADEL_CLIENT_ID environment variable also not found or empty'),\n apiKeyId: new Error('ZITADEL-PLUGIN \| Error during initialization of the API credentials: ' +\n 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' +\n 'but ZITADEL_API_KEY_ID environment variable was not found or is empty'),\n apiKey: new Error('ZITADEL-PLUGIN \| Error during initialization of the API credentials: ' +\n 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' +\n 'but ZITADEL_API_KEY environment variable was not found or is empty')\n}\n\nexport const ROLES_KEY = 'urn:zitadel:iam:org:project:roles'\n\nexport const ROUTES = {\n authorize: '/authorize',\n callback: '/callback',\n end_session: '/end_session'\n}\n\n"],"names":["AUTHORIZE_QUERY","response_type","scope","code_challenge_method","COMPONENTS_PATH","COOKIE_CONFIG","httpOnly","path","sameSite","secure","process","env","NODE_ENV","COOKIES","pkce","name","idToken","logout","value","DEFAULT_CONFIG","fields","id","label","de","en","email","image","roles","labels","singular","plural","roleFields","strategyName","ENDPOINT_PATHS","authorize","introspect","token","end_session","ERRORS","issuerURL","Error","clientId","apiKeyId","apiKey","ROLES_KEY","ROUTES","callback"],"mappings":"AAGA,OAAO,MAAMA,kBAAkB;IAC3BC,eAAe;IACfC,OAAO;IACPC,uBAAuB;AAC3B,EAAC;AAED,OAAO,MAAMC,kBAAkB,oCAAmC;AAElE,MAAMC,gBAAgB;IAClBC,UAAU;IACVC,MAAM;IACNC,UAAU;IACVC,QAAQC,QAAQC,GAAG,CAACC,QAAQ,IAAI;AACpC;AAEA,OAAO,MAAMC,UAAU;IACnBC,MAAM;QACFC,MAAM;QACN,GAAGV,aAAa;IACpB;IACAW,SAAS;QACLD,MAAM;QACN,GAAGV,aAAa;IACpB;IACAY,QAAQ;QACJF,MAAM;QACNG,OAAO;QACP,GAAGb,aAAa;IACpB;AACJ,EAAC;AAED,OAAO,MAAMc,iBAAiB;IAC1BC,QAAQ;QACJC,IAAI;YACAN,MAAM;YACNO,OAAO;gBACHC,IAAI;gBACJC,IAAI;YACR;QACJ;QACAT,MAAM;YACFA,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAQC,IAAI;YAAM;QAClC;QACAC,OAAO;YACHV,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;QACrC;QACAE,OAAO;YACHX,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAkBC,IAAI;YAAqB;QAC3D;QACAG,OAAO;YACHZ,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;YACjCI,QAAQ;gBACJC,UAAU;oBAACN,IAAI;oBAASC,IAAI;gBAAM;gBAClCM,QAAQ;oBAACP,IAAI;oBAAUC,IAAI;gBAAO;YACtC;QACJ;QACAO,YAAY;YACRhB,MAAM;gBACFA,MAAM;gBACNO,OAAO;oBAACC,IAAI;oBAAQC,IAAI;gBAAM;YAClC;QACJ;IACJ;IACAQ,cAAc;IACdV,OAAO;AACX,EAAC;AAED,OAAO,MAAMW,iBAAiB;IAC1BC,WAAW;IACXC,YAAY;IACZC,OAAO;IACPC,aAAa;AACjB,EAAC;AAED,OAAO,MAAMC,SAAS;IAClBC,WAAW,IAAIC,MAAM,qEACjB;IACJC,UAAU,IAAID,MAAM,oEAChB;IACJE,UAAU,IAAIF,MAAM,0EAChB,0IACA;IACJG,QAAQ,IAAIH,MAAM,0EACd,0IACA;AACR,EAAC;AAED,OAAO,MAAMI,YAAY,oCAAmC;AAE5D,OAAO,MAAMC,SAAS;IAClBX,WAAW;IACXY,UAAU;IACVT,aAAa;AACjB,EAAC"}

package/dist/handlers/callback.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,sBAAsB,EAAuC,MAAM,aAAa,CAAA;AAGxF,eAAO,MAAM,QAAQ,EAAE,~~sBAmLtB~~,CAAA"}
1	+ {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,sBAAsB,EAAuC,MAAM,aAAa,CAAA;AAGxF,eAAO,MAAM,QAAQ,EAAE,sBAiLtB,CAAA"}

package/dist/handlers/callback.js CHANGED Viewed

@@ -7,7 +7,6 @@ export const callback = ({ issuerURL, clientId, fields, afterLogin, afterLogout
         const { config, secret } = payload;
         const { code } = query;
         const state = getState(req);
-        console.log('callback with state:', JSON.stringify(state));
         const cookieStore = await cookies();
         if (state.invokedBy == 'end_session') {
             [

package/dist/handlers/callback.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {SignJWT, decodeJwt} from 'jose'\nimport {cookies} from 'next/headers.js'\nimport {COOKIES, ENDPOINT_PATHS, ROLES_KEY, ROUTES} from '../constants.js'\nimport {ZitadelCallbackHandler, ZitadelCallbackQuery, ZitadelIdToken} from '../types.js'\nimport {getAuthBaseURL, getAuthSlug, getState} from '../utils/index.js'\n\nexport const callback: ZitadelCallbackHandler = ({\n issuerURL,\n clientId,\n fields,\n afterLogin,\n afterLogout\n }) => async (req) => {\n\n const {payload, query} = req\n\n const {config, secret} = payload\n\n const {code} = query as ZitadelCallbackQuery\n\n const state = getState(req)\n\n ~~console.log('callback with state:', JSON.stringify(state))\n\n~~ const cookieStore = await cookies()\n\n if (state.invokedBy == 'end_session') {\n\n [COOKIES.logout, COOKIES.idToken].forEach(cookie => cookieStore.delete(cookie))\n\n return afterLogout(req)\n\n }\n\n const codeVerifier = cookieStore.get(COOKIES.pkce.name)?.value\n\n if (!code) {\n return Response.json({\n status: 'error',\n message: 'no code provided to verify'\n })\n }\n\n if (!codeVerifier) {\n return Response.json({\n status: 'error',\n message: 'code verifier not found (associated http-only cookie is empty)'\n })\n }\n\n const tokenQueryData = {\n grant_type: 'authorization_code',\n code,\n redirect_uri: getAuthBaseURL(config) + ROUTES.callback,\n client_id: clientId,\n code_verifier: codeVerifier\n }\n\n const tokenEndpoint = issuerURL + ENDPOINT_PATHS.token\n\n const tokenResponse = await fetch(new URL(tokenEndpoint), {\n method: 'POST',\n body: new URLSearchParams(tokenQueryData)\n })\n\n if (!tokenResponse.ok) {\n return Response.json({\n status: 'error',\n message: 'error while communicating with token endpoint',\n details: {\n tokenEndpoint,\n tokenQuery: tokenQueryData,\n tokenResponseCode: `${tokenResponse.status} - ${tokenResponse.statusText}`\n }\n })\n }\n\n const tokenJson = await tokenResponse.json()\n\n const {id_token: idToken} = tokenJson\n\n if (!idToken) {\n return Response.json({\n status: 'error',\n message: 'token could not be retrieved from this response',\n details: {\n responseData: tokenJson\n }\n })\n }\n\n let decodedIdToken\n\n try {\n\n decodedIdToken = decodeJwt<ZitadelIdToken>(idToken)\n\n } catch (e) {\n\n return Response.json({\n status: 'error',\n message: `error during decoding: ${JSON.stringify(e)}`,\n details: {\n idToken\n }\n })\n\n }\n\n const idpId = decodedIdToken.sub\n\n const userData = {\n [fields.name.name]: decodedIdToken.name,\n [fields.email.name]: decodedIdToken.email,\n [fields.image.name]: decodedIdToken.picture,\n [fields.roles.name]: Object.keys(decodedIdToken[ROLES_KEY] ?? {})\n .map(key => ({[fields.roleFields.name.name]: key}))\n }\n\n if (!idpId) {\n return Response.json({\n status: 'error',\n message: 'token is not complete (id not found)',\n details: {\n idToken,\n decodedIdToken,\n idpId\n }\n })\n }\n\n try {\n\n const authSlug = getAuthSlug(config)\n\n const {docs, totalDocs} = await payload.find({\n collection: authSlug,\n where: {\n [fields.id.name]: {\n equals: idpId\n }\n }\n })\n\n if (totalDocs) {\n await payload.update({\n collection: authSlug,\n id: docs[0].id,\n data: userData\n })\n } else {\n await payload.create({\n collection: authSlug,\n data: {\n [fields.id.name]: idpId,\n ...userData\n }\n })\n }\n\n } catch (e) {\n\n return Response.json({\n status: 'error',\n message: `error while creating/updating user: ${JSON.stringify(e)}`,\n details: {\n idpId\n }\n })\n\n }\n\n cookieStore.delete(COOKIES.pkce)\n\n cookieStore.set({\n ...COOKIES.idToken,\n value: await new SignJWT(decodedIdToken)\n .setProtectedHeader({alg: 'HS256'})\n .setIssuedAt()\n .sign(new TextEncoder().encode(secret)),\n maxAge: 900\n })\n\n return afterLogin(req)\n\n}"],"names":["SignJWT","decodeJwt","cookies","COOKIES","ENDPOINT_PATHS","ROLES_KEY","ROUTES","getAuthBaseURL","getAuthSlug","getState","callback","issuerURL","clientId","fields","afterLogin","afterLogout","req","payload","query","config","secret","code","state","~~console","log","JSON","stringify","~~cookieStore","invokedBy","logout","idToken","forEach","cookie","delete","codeVerifier","get","pkce","name","value","Response","json","status","message","tokenQueryData","grant_type","redirect_uri","client_id","code_verifier","tokenEndpoint","token","tokenResponse","fetch","URL","method","body","URLSearchParams","ok","details","tokenQuery","tokenResponseCode","statusText","tokenJson","id_token","responseData","decodedIdToken","e","idpId","sub","userData","email","image","picture","roles","Object","keys","map","key","roleFields","authSlug","docs","totalDocs","find","collection","where","id","equals","update","data","create","set","setProtectedHeader","alg","setIssuedAt","sign","TextEncoder","encode","maxAge"],"mappings":"AAAA,SAAQA,OAAO,EAAEC,SAAS,QAAO,OAAM;AACvC,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,EAAEC,cAAc,EAAEC,SAAS,EAAEC,MAAM,QAAO,kBAAiB;AAE1E,SAAQC,cAAc,EAAEC,WAAW,EAAEC,QAAQ,QAAO,oBAAmB;AAEvE,OAAO,MAAMC,WAAmC,CAAC,EACIC,SAAS,EACTC,QAAQ,EACRC,MAAM,EACNC,UAAU,EACVC,WAAW,EACd,GAAK,OAAOC;QAE1D,MAAM,EAACC,OAAO,EAAEC,KAAK,EAAC,GAAGF;QAEzB,MAAM,EAACG,MAAM,EAAEC,MAAM,EAAC,GAAGH;QAEzB,MAAM,EAACI,IAAI,EAAC,GAAGH;QAEf,MAAMI,QAAQb,SAASO;~~QAEvBO~~,~~QAAQC~~,~~GAAG,CAAC,wBAAwBC,KAAKC,SAAS,CAACJ;QAEnD,MAAMK,~~cAAc,~~MAAMzB~~;QAE1B,IAAIoB,~~MAAMM~~,SAAS,IAAI,eAAe;YAElC;~~gBAACzB~~,~~QAAQ0B~~,MAAM;~~gBAAE1B~~,~~QAAQ2B~~,OAAO;aAAC,CAACC,OAAO,CAACC,CAAAA,SAAUL,YAAYM,MAAM,CAACD;YAEvE,~~OAAOjB~~,YAAYC;QAEvB;QAEA,~~MAAMkB~~,eAAeP,YAAYQ,GAAG,~~CAAChC~~,~~QAAQiC~~,IAAI,CAACC,IAAI,GAAGC;QAEzD,IAAI,~~CAACjB~~,MAAM;YACP,~~OAAOkB~~,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;YACb;QACJ;QAEA,IAAI,CAACR,cAAc;YACf,OAAOK,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;YACb;QACJ;QAEA,MAAMC,iBAAiB;YACnBC,YAAY;~~YACZvB~~;~~YACAwB~~,~~cAActC~~,eAAeY,UAAUb,OAAOI,QAAQ;~~YACtDoC~~,~~WAAWlC~~;~~YACXmC~~,eAAeb;QACnB;QAEA,MAAMc,~~gBAAgBrC~~,YAAYP,~~eAAe6C~~,KAAK;QAEtD,MAAMC,gBAAgB,MAAMC,MAAM,IAAIC,IAAIJ,gBAAgB;YACtDK,QAAQ;YACRC,MAAM,IAAIC,gBAAgBZ;QAC9B;QAEA,IAAI,CAACO,cAAcM,EAAE,EAAE;YACnB,OAAOjB,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACLT;oBACAU,YAAYf;oBACZgB,mBAAmB,GAAGT,cAAcT,MAAM,CAAC,GAAG,EAAES,cAAcU,UAAU,EAAE;gBAC9E;YACJ;QACJ;QAEA,MAAMC,YAAY,MAAMX,cAAcV,IAAI;QAE1C,MAAM,EAACsB,UAAUhC,OAAO,EAAC,GAAG+B;QAE5B,IAAI,CAAC/B,SAAS;YACV,OAAOS,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACLM,cAAcF;gBAClB;YACJ;QACJ;QAEA,IAAIG;QAEJ,IAAI;YAEAA,~~iBAAiB/D~~,~~UAA0B6B~~;QAE/C,EAAE,OAAOmC,GAAG;YAER,OAAO1B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS,CAAC,uBAAuB,~~EAAEjB~~,KAAKC,SAAS,~~CAACuC~~,IAAI;gBACtDR,SAAS;oBACL3B;gBACJ;YACJ;QAEJ;QAEA,~~MAAMoC~~,~~QAAQF~~,~~eAAeG~~,GAAG;QAEhC,MAAMC,WAAW;YACb,~~CAACvD~~,~~OAAOwB~~,IAAI,CAACA,IAAI,CAAC,EAAE2B,eAAe3B,IAAI;YACvC,~~CAACxB~~,~~OAAOwD~~,KAAK,~~CAAChC~~,IAAI,CAAC,EAAE2B,~~eAAeK~~,KAAK;YACzC,~~CAACxD~~,~~OAAOyD~~,KAAK,~~CAACjC~~,IAAI,CAAC,EAAE2B,~~eAAeO~~,OAAO;YAC3C,~~CAAC1D~~,~~OAAO2D~~,KAAK,~~CAACnC~~,IAAI,CAAC,~~EAAEoC~~,OAAOC,IAAI,~~CAACV~~,cAAc,~~CAAC3D~~,UAAU,IAAI,CAAC,~~GAC1DsE~~,GAAG,CAACC,CAAAA,MAAQ,CAAA;oBAAC,~~CAAC/D~~,~~OAAOgE~~,UAAU,~~CAACxC~~,IAAI,CAACA,IAAI,CAAC,~~EAAEuC~~;gBAAG,CAAA;QACxD;QAEA,IAAI,CAACV,OAAO;YACR,~~OAAO3B~~,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACL3B;oBACAkC;~~oBACAE~~;gBACJ;YACJ;QACJ;QAEA,IAAI;YAEA,MAAMY,~~WAAWtE~~,YAAYW;YAE7B,MAAM,~~EAAC4D~~,IAAI,EAAEC,SAAS,EAAC,GAAG,~~MAAM/D~~,~~QAAQgE~~,IAAI,CAAC;gBACzCC,YAAYJ;gBACZK,OAAO;oBACH,~~CAACtE~~,~~OAAOuE~~,EAAE,~~CAAC/C~~,IAAI,CAAC,EAAE;~~wBACdgD~~,QAAQnB;oBACZ;gBACJ;YACJ;YAEA,IAAIc,WAAW;gBACX,~~MAAM/D~~,~~QAAQqE~~,MAAM,CAAC;oBACjBJ,YAAYJ;oBACZM,IAAIL,IAAI,CAAC,EAAE,CAACK,EAAE;oBACdG,MAAMnB;gBACV;YACJ,OAAO;gBACH,~~MAAMnD~~,~~QAAQuE~~,MAAM,CAAC;oBACjBN,YAAYJ;oBACZS,MAAM;wBACF,~~CAAC1E~~,~~OAAOuE~~,EAAE,~~CAAC/C~~,IAAI,CAAC,~~EAAE6B~~;wBAClB,GAAGE,QAAQ;oBACf;gBACJ;YACJ;QAEJ,EAAE,~~OAAOH~~,GAAG;YAER,OAAO1B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS,CAAC,oCAAoC,~~EAAEjB~~,KAAKC,SAAS,~~CAACuC~~,IAAI;gBACnER,SAAS;~~oBACLS~~;gBACJ;YACJ;QAEJ;~~QAEAvC~~,YAAYM,MAAM,~~CAAC9B~~,~~QAAQiC~~,IAAI;QAE/BT,~~YAAY8D~~,GAAG,CAAC;YACZ,~~GAAGtF~~,~~QAAQ2B~~,OAAO;YAClBQ,OAAO,MAAM,~~IAAItC~~,~~QAAQgE~~,~~gBACpB0B~~,kBAAkB,CAAC;gBAACC,KAAK;YAAO,GAChCC,WAAW,GACXC,IAAI,CAAC,IAAIC,cAAcC,MAAM,~~CAAC3E~~;~~YACnC4E~~,QAAQ;QACZ;QAEA,~~OAAOlF~~,WAAWE;IAEtB,EAAC"}
1	+ {"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {SignJWT, decodeJwt} from 'jose'\nimport {cookies} from 'next/headers.js'\nimport {COOKIES, ENDPOINT_PATHS, ROLES_KEY, ROUTES} from '../constants.js'\nimport {ZitadelCallbackHandler, ZitadelCallbackQuery, ZitadelIdToken} from '../types.js'\nimport {getAuthBaseURL, getAuthSlug, getState} from '../utils/index.js'\n\nexport const callback: ZitadelCallbackHandler = ({\n issuerURL,\n clientId,\n fields,\n afterLogin,\n afterLogout\n }) => async (req) => {\n\n const {payload, query} = req\n\n const {config, secret} = payload\n\n const {code} = query as ZitadelCallbackQuery\n\n const state = getState(req)\n\n const cookieStore = await cookies()\n\n if (state.invokedBy == 'end_session') {\n\n [COOKIES.logout, COOKIES.idToken].forEach(cookie => cookieStore.delete(cookie))\n\n return afterLogout(req)\n\n }\n\n const codeVerifier = cookieStore.get(COOKIES.pkce.name)?.value\n\n if (!code) {\n return Response.json({\n status: 'error',\n message: 'no code provided to verify'\n })\n }\n\n if (!codeVerifier) {\n return Response.json({\n status: 'error',\n message: 'code verifier not found (associated http-only cookie is empty)'\n })\n }\n\n const tokenQueryData = {\n grant_type: 'authorization_code',\n code,\n redirect_uri: getAuthBaseURL(config) + ROUTES.callback,\n client_id: clientId,\n code_verifier: codeVerifier\n }\n\n const tokenEndpoint = issuerURL + ENDPOINT_PATHS.token\n\n const tokenResponse = await fetch(new URL(tokenEndpoint), {\n method: 'POST',\n body: new URLSearchParams(tokenQueryData)\n })\n\n if (!tokenResponse.ok) {\n return Response.json({\n status: 'error',\n message: 'error while communicating with token endpoint',\n details: {\n tokenEndpoint,\n tokenQuery: tokenQueryData,\n tokenResponseCode: `${tokenResponse.status} - ${tokenResponse.statusText}`\n }\n })\n }\n\n const tokenJson = await tokenResponse.json()\n\n const {id_token: idToken} = tokenJson\n\n if (!idToken) {\n return Response.json({\n status: 'error',\n message: 'token could not be retrieved from this response',\n details: {\n responseData: tokenJson\n }\n })\n }\n\n let decodedIdToken\n\n try {\n\n decodedIdToken = decodeJwt<ZitadelIdToken>(idToken)\n\n } catch (e) {\n\n return Response.json({\n status: 'error',\n message: `error during decoding: ${JSON.stringify(e)}`,\n details: {\n idToken\n }\n })\n\n }\n\n const idpId = decodedIdToken.sub\n\n const userData = {\n [fields.name.name]: decodedIdToken.name,\n [fields.email.name]: decodedIdToken.email,\n [fields.image.name]: decodedIdToken.picture,\n [fields.roles.name]: Object.keys(decodedIdToken[ROLES_KEY] ?? {})\n .map(key => ({[fields.roleFields.name.name]: key}))\n }\n\n if (!idpId) {\n return Response.json({\n status: 'error',\n message: 'token is not complete (id not found)',\n details: {\n idToken,\n decodedIdToken,\n idpId\n }\n })\n }\n\n try {\n\n const authSlug = getAuthSlug(config)\n\n const {docs, totalDocs} = await payload.find({\n collection: authSlug,\n where: {\n [fields.id.name]: {\n equals: idpId\n }\n }\n })\n\n if (totalDocs) {\n await payload.update({\n collection: authSlug,\n id: docs[0].id,\n data: userData\n })\n } else {\n await payload.create({\n collection: authSlug,\n data: {\n [fields.id.name]: idpId,\n ...userData\n }\n })\n }\n\n } catch (e) {\n\n return Response.json({\n status: 'error',\n message: `error while creating/updating user: ${JSON.stringify(e)}`,\n details: {\n idpId\n }\n })\n\n }\n\n cookieStore.delete(COOKIES.pkce)\n\n cookieStore.set({\n ...COOKIES.idToken,\n value: await new SignJWT(decodedIdToken)\n .setProtectedHeader({alg: 'HS256'})\n .setIssuedAt()\n .sign(new TextEncoder().encode(secret)),\n maxAge: 900\n })\n\n return afterLogin(req)\n\n}"],"names":["SignJWT","decodeJwt","cookies","COOKIES","ENDPOINT_PATHS","ROLES_KEY","ROUTES","getAuthBaseURL","getAuthSlug","getState","callback","issuerURL","clientId","fields","afterLogin","afterLogout","req","payload","query","config","secret","code","state","cookieStore","invokedBy","logout","idToken","forEach","cookie","delete","codeVerifier","get","pkce","name","value","Response","json","status","message","tokenQueryData","grant_type","redirect_uri","client_id","code_verifier","tokenEndpoint","token","tokenResponse","fetch","URL","method","body","URLSearchParams","ok","details","tokenQuery","tokenResponseCode","statusText","tokenJson","id_token","responseData","decodedIdToken","e","JSON","stringify","idpId","sub","userData","email","image","picture","roles","Object","keys","map","key","roleFields","authSlug","docs","totalDocs","find","collection","where","id","equals","update","data","create","set","setProtectedHeader","alg","setIssuedAt","sign","TextEncoder","encode","maxAge"],"mappings":"AAAA,SAAQA,OAAO,EAAEC,SAAS,QAAO,OAAM;AACvC,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,EAAEC,cAAc,EAAEC,SAAS,EAAEC,MAAM,QAAO,kBAAiB;AAE1E,SAAQC,cAAc,EAAEC,WAAW,EAAEC,QAAQ,QAAO,oBAAmB;AAEvE,OAAO,MAAMC,WAAmC,CAAC,EACIC,SAAS,EACTC,QAAQ,EACRC,MAAM,EACNC,UAAU,EACVC,WAAW,EACd,GAAK,OAAOC;QAE1D,MAAM,EAACC,OAAO,EAAEC,KAAK,EAAC,GAAGF;QAEzB,MAAM,EAACG,MAAM,EAAEC,MAAM,EAAC,GAAGH;QAEzB,MAAM,EAACI,IAAI,EAAC,GAAGH;QAEf,MAAMI,QAAQb,SAASO;QAEvB,MAAMO,cAAc,MAAMrB;QAE1B,IAAIoB,MAAME,SAAS,IAAI,eAAe;YAElC;gBAACrB,QAAQsB,MAAM;gBAAEtB,QAAQuB,OAAO;aAAC,CAACC,OAAO,CAACC,CAAAA,SAAUL,YAAYM,MAAM,CAACD;YAEvE,OAAOb,YAAYC;QAEvB;QAEA,MAAMc,eAAeP,YAAYQ,GAAG,CAAC5B,QAAQ6B,IAAI,CAACC,IAAI,GAAGC;QAEzD,IAAI,CAACb,MAAM;YACP,OAAOc,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;YACb;QACJ;QAEA,IAAI,CAACR,cAAc;YACf,OAAOK,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;YACb;QACJ;QAEA,MAAMC,iBAAiB;YACnBC,YAAY;YACZnB;YACAoB,cAAclC,eAAeY,UAAUb,OAAOI,QAAQ;YACtDgC,WAAW9B;YACX+B,eAAeb;QACnB;QAEA,MAAMc,gBAAgBjC,YAAYP,eAAeyC,KAAK;QAEtD,MAAMC,gBAAgB,MAAMC,MAAM,IAAIC,IAAIJ,gBAAgB;YACtDK,QAAQ;YACRC,MAAM,IAAIC,gBAAgBZ;QAC9B;QAEA,IAAI,CAACO,cAAcM,EAAE,EAAE;YACnB,OAAOjB,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACLT;oBACAU,YAAYf;oBACZgB,mBAAmB,GAAGT,cAAcT,MAAM,CAAC,GAAG,EAAES,cAAcU,UAAU,EAAE;gBAC9E;YACJ;QACJ;QAEA,MAAMC,YAAY,MAAMX,cAAcV,IAAI;QAE1C,MAAM,EAACsB,UAAUhC,OAAO,EAAC,GAAG+B;QAE5B,IAAI,CAAC/B,SAAS;YACV,OAAOS,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACLM,cAAcF;gBAClB;YACJ;QACJ;QAEA,IAAIG;QAEJ,IAAI;YAEAA,iBAAiB3D,UAA0ByB;QAE/C,EAAE,OAAOmC,GAAG;YAER,OAAO1B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS,CAAC,uBAAuB,EAAEwB,KAAKC,SAAS,CAACF,IAAI;gBACtDR,SAAS;oBACL3B;gBACJ;YACJ;QAEJ;QAEA,MAAMsC,QAAQJ,eAAeK,GAAG;QAEhC,MAAMC,WAAW;YACb,CAACrD,OAAOoB,IAAI,CAACA,IAAI,CAAC,EAAE2B,eAAe3B,IAAI;YACvC,CAACpB,OAAOsD,KAAK,CAAClC,IAAI,CAAC,EAAE2B,eAAeO,KAAK;YACzC,CAACtD,OAAOuD,KAAK,CAACnC,IAAI,CAAC,EAAE2B,eAAeS,OAAO;YAC3C,CAACxD,OAAOyD,KAAK,CAACrC,IAAI,CAAC,EAAEsC,OAAOC,IAAI,CAACZ,cAAc,CAACvD,UAAU,IAAI,CAAC,GAC1DoE,GAAG,CAACC,CAAAA,MAAQ,CAAA;oBAAC,CAAC7D,OAAO8D,UAAU,CAAC1C,IAAI,CAACA,IAAI,CAAC,EAAEyC;gBAAG,CAAA;QACxD;QAEA,IAAI,CAACV,OAAO;YACR,OAAO7B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACL3B;oBACAkC;oBACAI;gBACJ;YACJ;QACJ;QAEA,IAAI;YAEA,MAAMY,WAAWpE,YAAYW;YAE7B,MAAM,EAAC0D,IAAI,EAAEC,SAAS,EAAC,GAAG,MAAM7D,QAAQ8D,IAAI,CAAC;gBACzCC,YAAYJ;gBACZK,OAAO;oBACH,CAACpE,OAAOqE,EAAE,CAACjD,IAAI,CAAC,EAAE;wBACdkD,QAAQnB;oBACZ;gBACJ;YACJ;YAEA,IAAIc,WAAW;gBACX,MAAM7D,QAAQmE,MAAM,CAAC;oBACjBJ,YAAYJ;oBACZM,IAAIL,IAAI,CAAC,EAAE,CAACK,EAAE;oBACdG,MAAMnB;gBACV;YACJ,OAAO;gBACH,MAAMjD,QAAQqE,MAAM,CAAC;oBACjBN,YAAYJ;oBACZS,MAAM;wBACF,CAACxE,OAAOqE,EAAE,CAACjD,IAAI,CAAC,EAAE+B;wBAClB,GAAGE,QAAQ;oBACf;gBACJ;YACJ;QAEJ,EAAE,OAAOL,GAAG;YAER,OAAO1B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS,CAAC,oCAAoC,EAAEwB,KAAKC,SAAS,CAACF,IAAI;gBACnER,SAAS;oBACLW;gBACJ;YACJ;QAEJ;QAEAzC,YAAYM,MAAM,CAAC1B,QAAQ6B,IAAI;QAE/BT,YAAYgE,GAAG,CAAC;YACZ,GAAGpF,QAAQuB,OAAO;YAClBQ,OAAO,MAAM,IAAIlC,QAAQ4D,gBACpB4B,kBAAkB,CAAC;gBAACC,KAAK;YAAO,GAChCC,WAAW,GACXC,IAAI,CAAC,IAAIC,cAAcC,MAAM,CAACzE;YACnC0E,QAAQ;QACZ;QAEA,OAAOhF,WAAWE;IAEtB,EAAC"}

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAqB,aAAa,EAAC,MAAM,YAAY,CAAA;AAG5D,eAAO,MAAM,aAAa,EAAE,~~aA4J3B~~,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAqB,aAAa,EAAC,MAAM,YAAY,CAAA;AAG5D,eAAO,MAAM,aAAa,EAAE,aA0L3B,CAAA"}

package/dist/index.js CHANGED Viewed

@@ -1,11 +1,33 @@
 import { cookies } from 'next/headers.js';
 import { AvatarComponent, LoginButtonComponent } from './components/index.js';
-import { COOKIES, DEFAULT_CONFIG, ROUTES } from './constants.js';
+import { COOKIES, DEFAULT_CONFIG, ERRORS, ROUTES } from './constants.js';
 import { authorize, callback } from './handlers/index.js';
 import { zitadelStrategy } from './strategy.js';
 import { translations } from './translations.js';
 import { defaultRedirect, getAuthSlug, requestRedirect } from './utils/index.js';
-export const zitadelPlugin = ({ issuerURL, clientId, fields, strategyName = DEFAULT_CONFIG.strategyName, api, callbacks, components })=>{
+export const zitadelPlugin = (config)=>{
+    let { issuerURL = process.env.ZITADEL_URL, clientId = process.env.ZITADEL_CLIENT_ID, fields, strategyName = DEFAULT_CONFIG.strategyName, api, callbacks, components } = config ?? {};
+    if (!issuerURL) {
+        throw ERRORS.issuerURL;
+    }
+    if (!clientId) {
+        throw ERRORS.clientId;
+    }
+    if (!api && process.env.ZITADEL_API_CLIENT_ID) {
+        const keyId = process.env.ZITADEL_API_KEY_ID;
+        if (!keyId) {
+            throw ERRORS.apiKeyId;
+        }
+        const key = process.env.ZITADEL_API_KEY;
+        if (!key) {
+            throw ERRORS.apiKey;
+        }
+        api = {
+            clientId: process.env.ZITADEL_API_CLIENT_ID,
+            keyId,
+            key
+        };
+    }
     const fieldsConfig = {
         ...DEFAULT_CONFIG.fields,
         ...fields

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {AvatarComponent, LoginButtonComponent} from './components/index.js'\nimport {COOKIES, DEFAULT_CONFIG, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {translations} from './translations.js'\nimport {ZitadelAvatarProps, ZitadelPlugin} from './types.js'\nimport {defaultRedirect, getAuthSlug, requestRedirect} from './utils/index.js'\n\nexport const zitadelPlugin: ZitadelPlugin = ({\n issuerURL,\n clientId,\n fields,\n strategyName = DEFAULT_CONFIG.strategyName,\n api,\n callbacks,\n components\n }) => {\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ...fields}\n\n return (incomingConfig) => ({\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...components?.avatar ? {} : {\n avatar: {\n Component: {\n ...AvatarComponent,\n clientProps: {\n imageFieldName: fieldsConfig.image.name\n } satisfies ZitadelAvatarProps\n }\n }\n },\n ...components?.loginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n ...LoginButtonComponent,\n serverProps: {\n label: components?.loginButton?.label ?? DEFAULT_CONFIG.label\n }\n }\n ]\n }\n }\n },\n collections: (incomingConfig.collections \|\| []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == getAuthSlug(incomingConfig) ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n strategyName: strategyName,\n issuerURL,\n fields: fieldsConfig,\n api: api ?? false\n })\n ]\n },\n hooks: {\n afterLogout: [async () => (await cookies()).set(COOKIES.logout)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize({\n issuerURL,\n clientId\n })\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback({\n issuerURL,\n clientId,\n fields: fieldsConfig,\n afterLogin: callbacks?.afterLogin ?? defaultRedirect,\n afterLogout: callbacks?.afterLogout ?? defaultRedirect\n })\n },\n {\n path: ROUTES.end_session,\n method: 'get',\n handler: (req) => requestRedirect({req, issuerURL, clientId, invokedBy: 'end_session'})\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n })\n\n}"],"names":["cookies","AvatarComponent","LoginButtonComponent","COOKIES","DEFAULT_CONFIG","ROUTES","authorize","callback","zitadelStrategy","translations","defaultRedirect","getAuthSlug","requestRedirect","zitadelPlugin","issuerURL","clientId","fields","strategyName","api","callbacks","components","fieldsConfig","incomingConfig","admin","avatar","Component","clientProps","imageFieldName","image","name","loginButton","afterLogin","serverProps","label","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","hooks","afterLogout","set","logout","endpoints","path","method","handler","end_session","req","invokedBy","id","type","readOnly","index","unique","required","email","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,eAAe,EAAEC,oBAAoB,QAAO,wBAAuB;AAC3E,SAAQC,OAAO,EAAEC,cAAc,EAAEC,MAAM,QAAO,iBAAgB;AAC9D,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAC7C,SAAQC,YAAY,QAAO,oBAAmB;AAE9C,SAAQC,eAAe,EAAEC,WAAW,EAAEC,eAAe,QAAO,mBAAkB;AAE9E,OAAO,MAAMC,gBAA+B,CAAC,EACIC,SAAS,EACTC,QAAQ,EACRC,MAAM,EACNC,eAAeb,eAAea,YAAY,EAC1CC,GAAG,EACHC,SAAS,EACTC,UAAU,EACb;IAE1C,MAAMC,eAAe;QAAC,GAAGjB,eAAeY,MAAM;QAAE,GAAGA,MAAM;IAAA;IAEzD,OAAO,CAACM,iBAAoB,CAAA;YACxB,GAAGA,cAAc;YACjBC,OAAO;gBACH,GAAGD,eAAeC,KAAK;gBACvB,GAAGH,YAAYI,SAAS,CAAC,IAAI;oBACzBA,QAAQ;wBACJC,WAAW;4BACP,GAAGxB,eAAe;4BAClByB,aAAa;gCACTC,gBAAgBN,aAAaO,KAAK,CAACC,IAAI;4BAC3C;wBACJ;oBACJ;gBACJ,CAAC;gBACD,GAAGT,YAAYU,cAAc,CAAC,IAAI;oBAC9BV,YAAY;wBACR,GAAGE,eAAeC,KAAK,EAAEH,UAAU;wBACnCW,YAAY;+BACLT,eAAeC,KAAK,EAAEH,YAAYW,cAAc,EAAE;4BACrD;gCACI,GAAG7B,oBAAoB;gCACvB8B,aAAa;oCACTC,OAAOb,YAAYU,aAAaG,SAAS7B,eAAe6B,KAAK;gCACjE;4BACJ;yBACH;oBACL;gBACJ,CAAC;YACL;YACAC,aAAa,AAACZ,CAAAA,eAAeY,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAI5B,YAAYW,kBAAkB;wBAChDgB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/BjC,gBAAgB;oCACZS,cAAcA;oCACdH;oCACAE,QAAQK;oCACRH,KAAKA,OAAO;gCAChB;6BACH;wBACL;wBACAwB,OAAO;4BACHC,aAAa;gCAAC,UAAY,AAAC,CAAA,MAAM3C,SAAQ,EAAG4C,GAAG,CAACzC,QAAQ0C,MAAM;6BAAE;wBACpE;wBACAC,WAAW;4BACP;gCACIC,MAAM1C,OAAOC,SAAS;gCACtB0C,QAAQ;gCACRC,SAAS3C,UAAU;oCACfQ;oCACAC;gCACJ;4BACJ;4BACA;gCACIgC,MAAM1C,OAAOE,QAAQ;gCACrByC,QAAQ;gCACRC,SAAS1C,SAAS;oCACdO;oCACAC;oCACAC,QAAQK;oCACRU,YAAYZ,WAAWY,cAAcrB;oCACrCiC,aAAaxB,WAAWwB,eAAejC;gCAC3C;4BACJ;4BACA;gCACIqC,MAAM1C,OAAO6C,WAAW;gCACxBF,QAAQ;gCACRC,SAAS,CAACE,MAAQvC,gBAAgB;wCAACuC;wCAAKrC;wCAAWC;wCAAUqC,WAAW;oCAAa;4BACzF;yBACH;wBACDpC,QAAQ;+BACDoB,WAAWpB,MAAM;4BACpB;gCACI,GAAGK,aAAagC,EAAE;gCAClBC,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGrC,aAAaQ,IAAI;gCACpByB,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAasC,KAAK;gCACrBL,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAaO,KAAK;gCACrB0B,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAauC,KAAK;gCACrBN,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAvC,QAAQ;oCACJ;wCACI,GAAGK,aAAawC,UAAU,CAAChC,IAAI;wCAC/ByB,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAQ,MAAM;gBACF,GAAGxC,eAAewC,IAAI;gBACtBrD,cAAc;oBACV,GAAGa,eAAewC,IAAI,EAAErD,YAAY;oBACpCsD,IAAI;wBACA,GAAGzC,eAAewC,IAAI,EAAErD,cAAcsD,EAAE;wBACxC,GAAGtD,aAAasD,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAG1C,eAAewC,IAAI,EAAErD,cAAcuD,EAAE;wBACxC,GAAGvD,aAAauD,EAAE;oBACtB;gBACJ;YACJ;QACJ,CAAA;AAEJ,EAAC"}
1	+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {AvatarComponent, LoginButtonComponent} from './components/index.js'\nimport {COOKIES, DEFAULT_CONFIG, ERRORS, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {translations} from './translations.js'\nimport {ZitadelAvatarProps, ZitadelPlugin} from './types.js'\nimport {defaultRedirect, getAuthSlug, requestRedirect} from './utils/index.js'\n\nexport const zitadelPlugin: ZitadelPlugin = (config) => {\n\n let {\n issuerURL = process.env.ZITADEL_URL,\n clientId = process.env.ZITADEL_CLIENT_ID,\n fields,\n strategyName = DEFAULT_CONFIG.strategyName,\n api,\n callbacks,\n components\n } = config ?? {}\n\n if (!issuerURL) {\n throw ERRORS.issuerURL\n }\n\n if (!clientId) {\n throw ERRORS.clientId\n }\n\n if (!api && process.env.ZITADEL_API_CLIENT_ID) {\n\n const keyId = process.env.ZITADEL_API_KEY_ID\n if (!keyId) {\n throw ERRORS.apiKeyId\n }\n\n const key = process.env.ZITADEL_API_KEY\n if (!key) {\n throw ERRORS.apiKey\n }\n\n api = {\n clientId: process.env.ZITADEL_API_CLIENT_ID,\n keyId,\n key\n }\n\n }\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ...fields}\n\n return (incomingConfig) => ({\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...components?.avatar ? {} : {\n avatar: {\n Component: {\n ...AvatarComponent,\n clientProps: {\n imageFieldName: fieldsConfig.image.name\n } satisfies ZitadelAvatarProps\n }\n }\n },\n ...components?.loginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n ...LoginButtonComponent,\n serverProps: {\n label: components?.loginButton?.label ?? DEFAULT_CONFIG.label\n }\n }\n ]\n }\n }\n },\n collections: (incomingConfig.collections \|\| []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == getAuthSlug(incomingConfig) ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n strategyName: strategyName,\n issuerURL,\n fields: fieldsConfig,\n api: api ?? false\n })\n ]\n },\n hooks: {\n afterLogout: [async () => (await cookies()).set(COOKIES.logout)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize({\n issuerURL,\n clientId\n })\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback({\n issuerURL,\n clientId,\n fields: fieldsConfig,\n afterLogin: callbacks?.afterLogin ?? defaultRedirect,\n afterLogout: callbacks?.afterLogout ?? defaultRedirect\n })\n },\n {\n path: ROUTES.end_session,\n method: 'get',\n handler: (req) => requestRedirect({req, issuerURL, clientId, invokedBy: 'end_session'})\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n })\n\n}"],"names":["cookies","AvatarComponent","LoginButtonComponent","COOKIES","DEFAULT_CONFIG","ERRORS","ROUTES","authorize","callback","zitadelStrategy","translations","defaultRedirect","getAuthSlug","requestRedirect","zitadelPlugin","config","issuerURL","process","env","ZITADEL_URL","clientId","ZITADEL_CLIENT_ID","fields","strategyName","api","callbacks","components","ZITADEL_API_CLIENT_ID","keyId","ZITADEL_API_KEY_ID","apiKeyId","key","ZITADEL_API_KEY","apiKey","fieldsConfig","incomingConfig","admin","avatar","Component","clientProps","imageFieldName","image","name","loginButton","afterLogin","serverProps","label","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","hooks","afterLogout","set","logout","endpoints","path","method","handler","end_session","req","invokedBy","id","type","readOnly","index","unique","required","email","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,eAAe,EAAEC,oBAAoB,QAAO,wBAAuB;AAC3E,SAAQC,OAAO,EAAEC,cAAc,EAAEC,MAAM,EAAEC,MAAM,QAAO,iBAAgB;AACtE,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAC7C,SAAQC,YAAY,QAAO,oBAAmB;AAE9C,SAAQC,eAAe,EAAEC,WAAW,EAAEC,eAAe,QAAO,mBAAkB;AAE9E,OAAO,MAAMC,gBAA+B,CAACC;IAEzC,IAAI,EACAC,YAAYC,QAAQC,GAAG,CAACC,WAAW,EACnCC,WAAWH,QAAQC,GAAG,CAACG,iBAAiB,EACxCC,MAAM,EACNC,eAAenB,eAAemB,YAAY,EAC1CC,GAAG,EACHC,SAAS,EACTC,UAAU,EACb,GAAGX,UAAU,CAAC;IAEf,IAAI,CAACC,WAAW;QACZ,MAAMX,OAAOW,SAAS;IAC1B;IAEA,IAAI,CAACI,UAAU;QACX,MAAMf,OAAOe,QAAQ;IACzB;IAEA,IAAI,CAACI,OAAOP,QAAQC,GAAG,CAACS,qBAAqB,EAAE;QAE3C,MAAMC,QAAQX,QAAQC,GAAG,CAACW,kBAAkB;QAC5C,IAAI,CAACD,OAAO;YACR,MAAMvB,OAAOyB,QAAQ;QACzB;QAEA,MAAMC,MAAMd,QAAQC,GAAG,CAACc,eAAe;QACvC,IAAI,CAACD,KAAK;YACN,MAAM1B,OAAO4B,MAAM;QACvB;QAEAT,MAAM;YACFJ,UAAUH,QAAQC,GAAG,CAACS,qBAAqB;YAC3CC;YACAG;QACJ;IAEJ;IAEA,MAAMG,eAAe;QAAC,GAAG9B,eAAekB,MAAM;QAAE,GAAGA,MAAM;IAAA;IAEzD,OAAO,CAACa,iBAAoB,CAAA;YACxB,GAAGA,cAAc;YACjBC,OAAO;gBACH,GAAGD,eAAeC,KAAK;gBACvB,GAAGV,YAAYW,SAAS,CAAC,IAAI;oBACzBA,QAAQ;wBACJC,WAAW;4BACP,GAAGrC,eAAe;4BAClBsC,aAAa;gCACTC,gBAAgBN,aAAaO,KAAK,CAACC,IAAI;4BAC3C;wBACJ;oBACJ;gBACJ,CAAC;gBACD,GAAGhB,YAAYiB,cAAc,CAAC,IAAI;oBAC9BjB,YAAY;wBACR,GAAGS,eAAeC,KAAK,EAAEV,UAAU;wBACnCkB,YAAY;+BACLT,eAAeC,KAAK,EAAEV,YAAYkB,cAAc,EAAE;4BACrD;gCACI,GAAG1C,oBAAoB;gCACvB2C,aAAa;oCACTC,OAAOpB,YAAYiB,aAAaG,SAAS1C,eAAe0C,KAAK;gCACjE;4BACJ;yBACH;oBACL;gBACJ,CAAC;YACL;YACAC,aAAa,AAACZ,CAAAA,eAAeY,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAIxC,YAAYuB,kBAAkB;wBAChDgB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/B7C,gBAAgB;oCACZc,cAAcA;oCACdP;oCACAM,QAAQY;oCACRV,KAAKA,OAAO;gCAChB;6BACH;wBACL;wBACA+B,OAAO;4BACHC,aAAa;gCAAC,UAAY,AAAC,CAAA,MAAMxD,SAAQ,EAAGyD,GAAG,CAACtD,QAAQuD,MAAM;6BAAE;wBACpE;wBACAC,WAAW;4BACP;gCACIC,MAAMtD,OAAOC,SAAS;gCACtBsD,QAAQ;gCACRC,SAASvD,UAAU;oCACfS;oCACAI;gCACJ;4BACJ;4BACA;gCACIwC,MAAMtD,OAAOE,QAAQ;gCACrBqD,QAAQ;gCACRC,SAAStD,SAAS;oCACdQ;oCACAI;oCACAE,QAAQY;oCACRU,YAAYnB,WAAWmB,cAAcjC;oCACrC6C,aAAa/B,WAAW+B,eAAe7C;gCAC3C;4BACJ;4BACA;gCACIiD,MAAMtD,OAAOyD,WAAW;gCACxBF,QAAQ;gCACRC,SAAS,CAACE,MAAQnD,gBAAgB;wCAACmD;wCAAKhD;wCAAWI;wCAAU6C,WAAW;oCAAa;4BACzF;yBACH;wBACD3C,QAAQ;+BACD2B,WAAW3B,MAAM;4BACpB;gCACI,GAAGY,aAAagC,EAAE;gCAClBC,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGrC,aAAaQ,IAAI;gCACpByB,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAasC,KAAK;gCACrBL,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAaO,KAAK;gCACrB0B,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAauC,KAAK;gCACrBN,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACA9C,QAAQ;oCACJ;wCACI,GAAGY,aAAawC,UAAU,CAAChC,IAAI;wCAC/ByB,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAQ,MAAM;gBACF,GAAGxC,eAAewC,IAAI;gBACtBjE,cAAc;oBACV,GAAGyB,eAAewC,IAAI,EAAEjE,YAAY;oBACpCkE,IAAI;wBACA,GAAGzC,eAAewC,IAAI,EAAEjE,cAAckE,EAAE;wBACxC,GAAGlE,aAAakE,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAG1C,eAAewC,IAAI,EAAEjE,cAAcmE,EAAE;wBACxC,GAAGnE,aAAamE,EAAE;oBACtB;gBACJ;YACJ;QACJ,CAAA;AAEJ,EAAC"}

package/dist/types.d.ts CHANGED Viewed

@@ -77,11 +77,11 @@ type ZitadelComponentsConfig = {
     avatar: ZitadelAvatarConfig;
     loginButton: ZitadelLoginButtonConfig;
 };
-type ZitadelPluginConfig = ZitadelBaseConfig & Partial<ZitadelUserConfig> & Partial<ZitadelStrategyConfig> & Partial<{
+type ZitadelPluginConfig = Partial<ZitadelBaseConfig> & Partial<ZitadelUserConfig> & Partial<ZitadelStrategyConfig> & Partial<{
     callbacks: Partial<ZitadelCallbackConfig>;
     components: Partial<ZitadelComponentsConfig>;
 }>;
-export type ZitadelPlugin = (config: ZitadelPluginConfig) => (config: Config) => Config;
+export type ZitadelPlugin = (config?: ZitadelPluginConfig) => (config: Config) => Config;
 type ZitadelAuthorizeRequestConfig = {
     codeChallenge: string;
 };

package/dist/types.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAC,MAAM,SAAS,CAAA;AAC9F,OAAO,KAAK,EAAC,UAAU,EAAE,kBAAkB,EAAC,MAAM,0BAA0B,CAAA;AAC5E,OAAO,EAAC,YAAY,EAAC,MAAM,mBAAmB,CAAA;AAE9C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAC/E,CAAC,CAAA;AAEF,KAAK,kBAAkB,GAAG;IACtB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,EAAE,EAAE,kBAAkB,CAAA;IACtB,IAAI,EAAE,kBAAkB,CAAA;IACxB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,GAAG;QACxB,MAAM,EAAE;YACJ,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;YACzC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;SAC1C,CAAA;KACJ,CAAA;IACD,UAAU,EAAE;QACR,IAAI,EAAE,kBAAkB,CAAA;KAC3B,CAAA;CACJ,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,MAAM,EAAE,mBAAmB,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAC;IACvC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,KAAK,cAAc,GAAG,WAAW,GAAG,aAAa,CAAA;AAEjD,KAAK,gBAAgB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI;IACvE,SAAS,EAAE,SAAS,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAA;AAEtE,MAAM,MAAM,qBAAqB,GAAG;IAChC,UAAU,EAAE,cAAc,CAAA;IAC1B,WAAW,EAAE,cAAc,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,eAAe,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,iBAAiB,GAAG,eAAe,KAAK,cAAc,CAAA;AAEtH,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,CAAC,iBAAiB,GAAG,qBAAqB,CAAC,CAAA;AAElG,KAAK,gBAAgB,GAAG;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,KAAK,qBAAqB,GAAG;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,GAAG,EAAE,gBAAgB,GAAG,KAAK,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAAG,iBAAiB,GAAG,qBAAqB,KAAK,YAAY,CAAA;AAEvI,KAAK,mBAAmB,GAAG;IACvB,OAAO,EAAE,IAAI,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC7B,cAAc,EAAE,MAAM,CAAA;CACzB,CAAA;AAED,KAAK,wBAAwB,GAAG;IAC5B,OAAO,EAAE,IAAI,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG,IAAI,CAAC,wBAAwB,EAAE,SAAS,CAAC,GAAG;IAC5F,IAAI,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,EAAE,kBAAkB,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAA;CACvF,CAAA;AAED,KAAK,uBAAuB,GAAG;IAC3B,MAAM,EAAE,mBAAmB,CAAA;IAC3B,WAAW,EAAE,wBAAwB,CAAA;CACxC,CAAA;AAED,KAAK,mBAAmB,GACpB,iBAAiB,~~GACf~~,OAAO,CAAC,iBAAiB,CAAC,GAC1B,OAAO,CAAC,qBAAqB,CAAC,GAC9B,OAAO,CAAC;IACV,SAAS,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAA;IACzC,UAAU,EAAE,OAAO,CAAC,uBAAuB,CAAC,CAAA;CAC/C,CAAC,CAAA;AAEF,MAAM,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,mBAAmB,KAAK,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAA;~~AAEvF~~,KAAK,6BAA6B,GAAG;IACjC,aAAa,EAAE,MAAM,CAAA;CACxB,CAAA;AAGD,KAAK,mBAAmB,GACpB,CAAC,gBAAgB,CAAC,WAAW,CAAC,GAAG,6BAA6B,CAAC,GAC7D,CAAC,gBAAgB,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC,6BAA6B,CAAC,CAAC,CAAA;AAEhF,KAAK,oBAAoB,GAAG;IACxB,GAAG,EAAE,cAAc,CAAA;CACtB,GAAG,iBAAiB,GAAG,mBAAmB,CAAA;AAE3C,MAAM,MAAM,qBAAqB,GAAG,CAAC,MAAM,EAAE,oBAAoB,KAAK,QAAQ,CAAA"}
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAC,MAAM,SAAS,CAAA;AAC9F,OAAO,KAAK,EAAC,UAAU,EAAE,kBAAkB,EAAC,MAAM,0BAA0B,CAAA;AAC5E,OAAO,EAAC,YAAY,EAAC,MAAM,mBAAmB,CAAA;AAE9C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAC/E,CAAC,CAAA;AAEF,KAAK,kBAAkB,GAAG;IACtB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,EAAE,EAAE,kBAAkB,CAAA;IACtB,IAAI,EAAE,kBAAkB,CAAA;IACxB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,GAAG;QACxB,MAAM,EAAE;YACJ,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;YACzC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;SAC1C,CAAA;KACJ,CAAA;IACD,UAAU,EAAE;QACR,IAAI,EAAE,kBAAkB,CAAA;KAC3B,CAAA;CACJ,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,MAAM,EAAE,mBAAmB,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAC;IACvC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,KAAK,cAAc,GAAG,WAAW,GAAG,aAAa,CAAA;AAEjD,KAAK,gBAAgB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI;IACvE,SAAS,EAAE,SAAS,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAA;AAEtE,MAAM,MAAM,qBAAqB,GAAG;IAChC,UAAU,EAAE,cAAc,CAAA;IAC1B,WAAW,EAAE,cAAc,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,eAAe,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,iBAAiB,GAAG,eAAe,KAAK,cAAc,CAAA;AAEtH,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,CAAC,iBAAiB,GAAG,qBAAqB,CAAC,CAAA;AAElG,KAAK,gBAAgB,GAAG;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,KAAK,qBAAqB,GAAG;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,GAAG,EAAE,gBAAgB,GAAG,KAAK,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAAG,iBAAiB,GAAG,qBAAqB,KAAK,YAAY,CAAA;AAEvI,KAAK,mBAAmB,GAAG;IACvB,OAAO,EAAE,IAAI,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC7B,cAAc,EAAE,MAAM,CAAA;CACzB,CAAA;AAED,KAAK,wBAAwB,GAAG;IAC5B,OAAO,EAAE,IAAI,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG,IAAI,CAAC,wBAAwB,EAAE,SAAS,CAAC,GAAG;IAC5F,IAAI,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,EAAE,kBAAkB,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAA;CACvF,CAAA;AAED,KAAK,uBAAuB,GAAG;IAC3B,MAAM,EAAE,mBAAmB,CAAA;IAC3B,WAAW,EAAE,wBAAwB,CAAA;CACxC,CAAA;AAED,KAAK,mBAAmB,GACpB,OAAO,CAAC,iBAAiB,CAAC,GACxB,OAAO,CAAC,iBAAiB,CAAC,GAC1B,OAAO,CAAC,qBAAqB,CAAC,GAC9B,OAAO,CAAC;IACV,SAAS,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAA;IACzC,UAAU,EAAE,OAAO,CAAC,uBAAuB,CAAC,CAAA;CAC/C,CAAC,CAAA;AAEF,MAAM,MAAM,aAAa,GAAG,CAAC,MAAM,CAAC,EAAE,mBAAmB,KAAK,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAA;AAExF,KAAK,6BAA6B,GAAG;IACjC,aAAa,EAAE,MAAM,CAAA;CACxB,CAAA;AAGD,KAAK,mBAAmB,GACpB,CAAC,gBAAgB,CAAC,WAAW,CAAC,GAAG,6BAA6B,CAAC,GAC7D,CAAC,gBAAgB,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC,6BAA6B,CAAC,CAAC,CAAA;AAEhF,KAAK,oBAAoB,GAAG;IACxB,GAAG,EAAE,cAAc,CAAA;CACtB,GAAG,iBAAiB,GAAG,mBAAmB,CAAA;AAE3C,MAAM,MAAM,qBAAqB,GAAG,CAAC,MAAM,EAAE,oBAAoB,KAAK,QAAQ,CAAA"}

package/dist/types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/types.ts"],"sourcesContent":["import type {AuthStrategy, Config, PayloadHandler, PayloadRequest, ServerProps} from 'payload'\nimport type {I18nClient, NestedKeysStripped} from '@payloadcms/translations'\nimport {translations} from './translations.js'\n\nexport type ZitadelIdToken = Partial<{\n sub: string\n name: string\n email: string\n picture: string\n 'urn:zitadel:iam:org:project:roles'?: Record<string, Record<string, string>>\n}>\n\ntype ZitadelFieldConfig = {\n hidden?: boolean\n name: string\n label: string \| Record<string, string>\n}\n\nexport type ZitadelFieldsConfig = {\n id: ZitadelFieldConfig\n name: ZitadelFieldConfig\n email: ZitadelFieldConfig\n image: ZitadelFieldConfig\n roles: ZitadelFieldConfig & {\n labels: {\n singular: string \| Record<string, string>\n plural: string \| Record<string, string>\n }\n }\n roleFields: {\n name: ZitadelFieldConfig\n }\n}\n\ntype ZitadelBaseConfig = {\n issuerURL: string\n clientId: string\n}\n\ntype ZitadelUserConfig = {\n fields: ZitadelFieldsConfig\n}\n\nexport type ZitadelCallbackQuery = Partial<{\n code: string \| null,\n state: string \| null,\n}>\n\ntype ZitadelInvoker = 'authorize' \| 'end_session'\n\ntype ZitadelInvokedBy<InvokedBy extends ZitadelInvoker = ZitadelInvoker> = {\n invokedBy: InvokedBy\n}\n\nexport type ZitadelCallbackState = Record<any, any> & ZitadelInvokedBy\n\nexport type ZitadelCallbackConfig = {\n afterLogin: PayloadHandler\n afterLogout: PayloadHandler\n}\n\nexport type ZitadelBaseHandler<ConfigExtension = {}> = (config: ZitadelBaseConfig & ConfigExtension) => PayloadHandler\n\nexport type ZitadelCallbackHandler = ZitadelBaseHandler<ZitadelUserConfig & ZitadelCallbackConfig>\n\ntype ZitadelAPIConfig = {\n clientId: string\n key: string\n keyId: string\n}\n\ntype ZitadelStrategyConfig = {\n strategyName: string\n api: ZitadelAPIConfig \| false\n}\n\nexport type ZitadelStrategy = (config: Omit<ZitadelBaseConfig, 'clientId'> & ZitadelUserConfig & ZitadelStrategyConfig) => AuthStrategy\n\ntype ZitadelAvatarConfig = {\n disable: true\n}\n\nexport type ZitadelAvatarProps = {\n imageFieldName: string\n}\n\ntype ZitadelLoginButtonConfig = {\n disable: true\n label: string\n}\n\nexport type ZitadelLoginButtonProps = ServerProps & Omit<ZitadelLoginButtonConfig, 'disable'> & {\n i18n: I18nClient<typeof translations.en, NestedKeysStripped<typeof translations.en>>\n}\n\ntype ZitadelComponentsConfig = {\n avatar: ZitadelAvatarConfig\n loginButton: ZitadelLoginButtonConfig\n}\n\ntype ZitadelPluginConfig =\n ZitadelBaseConfig\n & Partial<ZitadelUserConfig>\n & Partial<ZitadelStrategyConfig>\n & Partial<{\n callbacks: Partial<ZitadelCallbackConfig>\n components: Partial<ZitadelComponentsConfig>\n}>\n\nexport type ZitadelPlugin = (config: ZitadelPluginConfig) => (config: Config) => Config\n\ntype ZitadelAuthorizeRequestConfig = {\n codeChallenge: string\n}\n\n\ntype ZitadelRequestState =\n (ZitadelInvokedBy<'authorize'> & ZitadelAuthorizeRequestConfig)\n \| (ZitadelInvokedBy<'end_session'> & Partial<ZitadelAuthorizeRequestConfig>)\n\ntype ZitadelRequestConfig = {\n req: PayloadRequest\n} & ZitadelBaseConfig & ZitadelRequestState\n\nexport type ZitadelRequestHandler = (config: ZitadelRequestConfig) => Response\n\n\n"],"names":[],"mappings":"AA4HA,WAA8E"}
1	+ {"version":3,"sources":["../src/types.ts"],"sourcesContent":["import type {AuthStrategy, Config, PayloadHandler, PayloadRequest, ServerProps} from 'payload'\nimport type {I18nClient, NestedKeysStripped} from '@payloadcms/translations'\nimport {translations} from './translations.js'\n\nexport type ZitadelIdToken = Partial<{\n sub: string\n name: string\n email: string\n picture: string\n 'urn:zitadel:iam:org:project:roles'?: Record<string, Record<string, string>>\n}>\n\ntype ZitadelFieldConfig = {\n hidden?: boolean\n name: string\n label: string \| Record<string, string>\n}\n\nexport type ZitadelFieldsConfig = {\n id: ZitadelFieldConfig\n name: ZitadelFieldConfig\n email: ZitadelFieldConfig\n image: ZitadelFieldConfig\n roles: ZitadelFieldConfig & {\n labels: {\n singular: string \| Record<string, string>\n plural: string \| Record<string, string>\n }\n }\n roleFields: {\n name: ZitadelFieldConfig\n }\n}\n\ntype ZitadelBaseConfig = {\n issuerURL: string\n clientId: string\n}\n\ntype ZitadelUserConfig = {\n fields: ZitadelFieldsConfig\n}\n\nexport type ZitadelCallbackQuery = Partial<{\n code: string \| null,\n state: string \| null,\n}>\n\ntype ZitadelInvoker = 'authorize' \| 'end_session'\n\ntype ZitadelInvokedBy<InvokedBy extends ZitadelInvoker = ZitadelInvoker> = {\n invokedBy: InvokedBy\n}\n\nexport type ZitadelCallbackState = Record<any, any> & ZitadelInvokedBy\n\nexport type ZitadelCallbackConfig = {\n afterLogin: PayloadHandler\n afterLogout: PayloadHandler\n}\n\nexport type ZitadelBaseHandler<ConfigExtension = {}> = (config: ZitadelBaseConfig & ConfigExtension) => PayloadHandler\n\nexport type ZitadelCallbackHandler = ZitadelBaseHandler<ZitadelUserConfig & ZitadelCallbackConfig>\n\ntype ZitadelAPIConfig = {\n clientId: string\n key: string\n keyId: string\n}\n\ntype ZitadelStrategyConfig = {\n strategyName: string\n api: ZitadelAPIConfig \| false\n}\n\nexport type ZitadelStrategy = (config: Omit<ZitadelBaseConfig, 'clientId'> & ZitadelUserConfig & ZitadelStrategyConfig) => AuthStrategy\n\ntype ZitadelAvatarConfig = {\n disable: true\n}\n\nexport type ZitadelAvatarProps = {\n imageFieldName: string\n}\n\ntype ZitadelLoginButtonConfig = {\n disable: true\n label: string\n}\n\nexport type ZitadelLoginButtonProps = ServerProps & Omit<ZitadelLoginButtonConfig, 'disable'> & {\n i18n: I18nClient<typeof translations.en, NestedKeysStripped<typeof translations.en>>\n}\n\ntype ZitadelComponentsConfig = {\n avatar: ZitadelAvatarConfig\n loginButton: ZitadelLoginButtonConfig\n}\n\ntype ZitadelPluginConfig =\n Partial<ZitadelBaseConfig>\n & Partial<ZitadelUserConfig>\n & Partial<ZitadelStrategyConfig>\n & Partial<{\n callbacks: Partial<ZitadelCallbackConfig>\n components: Partial<ZitadelComponentsConfig>\n}>\n\nexport type ZitadelPlugin = (config?: ZitadelPluginConfig) => (config: Config) => Config\n\ntype ZitadelAuthorizeRequestConfig = {\n codeChallenge: string\n}\n\n\ntype ZitadelRequestState =\n (ZitadelInvokedBy<'authorize'> & ZitadelAuthorizeRequestConfig)\n \| (ZitadelInvokedBy<'end_session'> & Partial<ZitadelAuthorizeRequestConfig>)\n\ntype ZitadelRequestConfig = {\n req: PayloadRequest\n} & ZitadelBaseConfig & ZitadelRequestState\n\nexport type ZitadelRequestHandler = (config: ZitadelRequestConfig) => Response\n\n\n"],"names":[],"mappings":"AA4HA,WAA8E"}

package/dist/utils/redirects.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"redirects.d.ts","sourceRoot":"","sources":["../../src/utils/redirects.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAGtC,OAAO,EAAC,qBAAqB,EAAC,MAAM,aAAa,CAAA;AAIjD,eAAO,MAAM,eAAe,EAAE,cAC0D,CAAA;AAExF,eAAO,MAAM,eAAe,EAAE,~~qBAgB7B~~,CAAA"}
1	+ {"version":3,"file":"redirects.d.ts","sourceRoot":"","sources":["../../src/utils/redirects.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAGtC,OAAO,EAAC,qBAAqB,EAAC,MAAM,aAAa,CAAA;AAIjD,eAAO,MAAM,eAAe,EAAE,cAC0D,CAAA;AAExF,eAAO,MAAM,eAAe,EAAE,qBASrB,CAAA"}

package/dist/utils/redirects.js CHANGED Viewed

@@ -3,8 +3,7 @@ import { AUTHORIZE_QUERY, ENDPOINT_PATHS, ROUTES } from '../constants.js';
 import { createState, getState } from './state.js';
 import { getAuthBaseURL } from './urls.js';
 export const defaultRedirect = (req)=>NextResponse.redirect(req.payload.config.serverURL + (getState(req).redirect ?? ''));
-export const requestRedirect = ({ req, issuerURL, clientId, invokedBy, codeChallenge })=>{
-    const redirectURL = `${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({
+export const requestRedirect = ({ req, issuerURL, clientId, invokedBy, codeChallenge })=>NextResponse.redirect(`${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({
         client_id: clientId,
         [`${invokedBy == 'authorize' ? '' : 'post_logout_'}redirect_uri`]: getAuthBaseURL(req.payload.config) + ROUTES.callback,
         state: createState(req, invokedBy),
@@ -12,9 +11,6 @@ export const requestRedirect = ({ req, issuerURL, clientId, invokedBy, codeChall
             code_challenge: codeChallenge,
             ...AUTHORIZE_QUERY
         } : {}
-    })}`;
-    console.log('requesting redirect to:', redirectURL);
-    return NextResponse.redirect(redirectURL);
-};
+    })}`);
 //# sourceMappingURL=redirects.js.map

package/dist/utils/redirects.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/utils/redirects.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {AUTHORIZE_QUERY, ENDPOINT_PATHS, ROUTES} from '../constants.js'\nimport {ZitadelRequestHandler} from '../types.js'\nimport {createState, getState} from './state.js'\nimport {getAuthBaseURL} from './urls.js'\n\nexport const defaultRedirect: PayloadHandler = (req) =>\n NextResponse.redirect(req.payload.config.serverURL + (getState(req).redirect ?? ''))\n\nexport const requestRedirect: ZitadelRequestHandler = ({req, issuerURL, clientId, invokedBy, codeChallenge}) ~~=> {\~~n\n ~~const redirectURL =~~ `${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({\n client_id: clientId,\n [`${invokedBy == 'authorize' ? '' : 'post_logout_'}redirect_uri`]: getAuthBaseURL(req.payload.config) + ROUTES.callback,\n state: createState(req, invokedBy),\n ...invokedBy == 'authorize' ? {\n code_challenge: codeChallenge,\n ...AUTHORIZE_QUERY\n } : {}\n })}~~`\n\n console.log('requesting redirect to:', redirectURL~~)~~\n\n return NextResponse.redirect(redirectURL)\n\n}~~"],"names":["NextResponse","AUTHORIZE_QUERY","ENDPOINT_PATHS","ROUTES","createState","getState","getAuthBaseURL","defaultRedirect","req","redirect","payload","config","serverURL","requestRedirect","issuerURL","clientId","invokedBy","codeChallenge","~~redirectURL","~~URLSearchParams","client_id","callback","state","code_challenge"~~,"console","log"~~],"mappings":"AACA,SAAQA,YAAY,QAAO,iBAAgB;AAC3C,SAAQC,eAAe,EAAEC,cAAc,EAAEC,MAAM,QAAO,kBAAiB;AAEvE,SAAQC,WAAW,EAAEC,QAAQ,QAAO,aAAY;AAChD,SAAQC,cAAc,QAAO,YAAW;AAExC,OAAO,MAAMC,kBAAkC,CAACC,MAC5CR,aAAaS,QAAQ,CAACD,IAAIE,OAAO,CAACC,MAAM,CAACC,SAAS,GAAIP,CAAAA,SAASG,KAAKC,QAAQ,IAAI,EAAC,GAAG;AAExF,OAAO,MAAMI,kBAAyC,CAAC,EAACL,GAAG,EAAEM,SAAS,EAAEC,QAAQ,EAAEC,SAAS,EAAEC,aAAa,EAAC~~;IAEvG~~,~~MAAMC~~,~~cAAc~~,~~GAAGJ~~,YAAYZ,cAAc,CAACc,UAAU,CAAC,CAAC,EAAE,~~IAAIG~~,gBAAgB;~~QAChFC~~,~~WAAWL~~;QACX,CAAC,GAAGC,aAAa,cAAc,KAAK,eAAe,YAAY,CAAC,CAAC,EAAEV,eAAeE,IAAIE,OAAO,CAACC,MAAM,IAAIR,~~OAAOkB~~,QAAQ;QACvHC,~~OAAOlB~~,YAAYI,KAAKQ;QACxB,GAAGA,aAAa,cAAc;~~YAC1BO~~,~~gBAAgBN~~;YAChB,GAAGhB,eAAe;QACtB,IAAI,CAAC,CAAC;IACV,IAAI~~;IAEJuB~~,~~QAAQC,GAAG,CAAC,2BAA2BP;IAEvC,OAAOlB,aAAaS,QAAQ,CAACS;AAEjC,~~EAAC"}
1	+ {"version":3,"sources":["../../src/utils/redirects.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {AUTHORIZE_QUERY, ENDPOINT_PATHS, ROUTES} from '../constants.js'\nimport {ZitadelRequestHandler} from '../types.js'\nimport {createState, getState} from './state.js'\nimport {getAuthBaseURL} from './urls.js'\n\nexport const defaultRedirect: PayloadHandler = (req) =>\n NextResponse.redirect(req.payload.config.serverURL + (getState(req).redirect ?? ''))\n\nexport const requestRedirect: ZitadelRequestHandler = ({req, issuerURL, clientId, invokedBy, codeChallenge}) =>\n NextResponse.redirect(`${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({\n client_id: clientId,\n [`${invokedBy == 'authorize' ? '' : 'post_logout_'}redirect_uri`]: getAuthBaseURL(req.payload.config) + ROUTES.callback,\n state: createState(req, invokedBy),\n ...invokedBy == 'authorize' ? {\n code_challenge: codeChallenge,\n ...AUTHORIZE_QUERY\n } : {}\n })}`)"],"names":["NextResponse","AUTHORIZE_QUERY","ENDPOINT_PATHS","ROUTES","createState","getState","getAuthBaseURL","defaultRedirect","req","redirect","payload","config","serverURL","requestRedirect","issuerURL","clientId","invokedBy","codeChallenge","URLSearchParams","client_id","callback","state","code_challenge"],"mappings":"AACA,SAAQA,YAAY,QAAO,iBAAgB;AAC3C,SAAQC,eAAe,EAAEC,cAAc,EAAEC,MAAM,QAAO,kBAAiB;AAEvE,SAAQC,WAAW,EAAEC,QAAQ,QAAO,aAAY;AAChD,SAAQC,cAAc,QAAO,YAAW;AAExC,OAAO,MAAMC,kBAAkC,CAACC,MAC5CR,aAAaS,QAAQ,CAACD,IAAIE,OAAO,CAACC,MAAM,CAACC,SAAS,GAAIP,CAAAA,SAASG,KAAKC,QAAQ,IAAI,EAAC,GAAG;AAExF,OAAO,MAAMI,kBAAyC,CAAC,EAACL,GAAG,EAAEM,SAAS,EAAEC,QAAQ,EAAEC,SAAS,EAAEC,aAAa,EAAC,GACvGjB,aAAaS,QAAQ,CAAC,GAAGK,YAAYZ,cAAc,CAACc,UAAU,CAAC,CAAC,EAAE,IAAIE,gBAAgB;QAClFC,WAAWJ;QACX,CAAC,GAAGC,aAAa,cAAc,KAAK,eAAe,YAAY,CAAC,CAAC,EAAEV,eAAeE,IAAIE,OAAO,CAACC,MAAM,IAAIR,OAAOiB,QAAQ;QACvHC,OAAOjB,YAAYI,KAAKQ;QACxB,GAAGA,aAAa,cAAc;YAC1BM,gBAAgBL;YAChB,GAAGhB,eAAe;QACtB,IAAI,CAAC,CAAC;IACV,IAAI,EAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "payload-zitadel-plugin",
-  "version": "0.4.0",
+  "version": "0.4.2",
   "description": "plugin for Payload CMS, which enables authentication via Zitadel IdP",
   "type": "module",
   "license": "MIT",
@@ -36,18 +36,18 @@
     "dist"
   ],
   "dependencies": {
-    "@payloadcms/next": "^3.11.0",
-    "@payloadcms/translations": "^3.11.0",
-    "@payloadcms/ui": "^3.11.0",
+    "@payloadcms/next": "^3.12.0",
+    "@payloadcms/translations": "^3.12.0",
+    "@payloadcms/ui": "^3.12.0",
     "jose": "^5.9.6",
     "next": "^15.1.3",
-    "payload": "^3.11.0",
+    "payload": "^3.12.0",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"
   },
   "devDependencies": {
     "@swc/cli": "^0.5.2",
-    "@swc/core": "^1.10.3",
+    "@swc/core": "^1.10.4",
     "@types/node": "^22.10.2",
     "@types/react": "^19.0.2",
     "@types/react-dom": "^19.0.2",