payload-zitadel-plugin 0.4.0 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +30 -22
- package/dist/constants.d.ts +6 -0
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +6 -0
- package/dist/constants.js.map +1 -1
- package/dist/handlers/callback.d.ts.map +1 -1
- package/dist/handlers/callback.js +0 -1
- package/dist/handlers/callback.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +24 -2
- package/dist/index.js.map +1 -1
- package/dist/types.d.ts +2 -2
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/dist/utils/redirects.d.ts.map +1 -1
- package/dist/utils/redirects.js +2 -6
- package/dist/utils/redirects.js.map +1 -1
- package/package.json +6 -6
package/README.md
CHANGED
@@ -2,22 +2,24 @@
|
|
2
2
|
|
3
3
|
[](https://npmjs.org/package/payload-zitadel-plugin)
|
4
4
|
|
5
|
-
plugin for [Payload CMS](https://payloadcms.com), which enables authentication via Zitadel IdP
|
5
|
+
a plugin for [Payload CMS](https://payloadcms.com) (v3), which enables authentication via Zitadel IdP
|
6
6
|
|
7
7
|
The default use case is to fully replace PayloadCMS Auth with Zitadel.
|
8
8
|
Thus, the user collection in PayloadCMS becomes just a shadow of the information in Zitadel.
|
9
9
|
|
10
|
-
:boom: :boom: :boom: works :100: with PayloadCMS version :three: :boom: :boom: :boom:
|
11
|
-
|
12
10
|
## Install
|
13
11
|
|
14
12
|
```shell
|
15
|
-
pnpm add payload-zitadel-plugin@0.4.
|
13
|
+
pnpm add payload-zitadel-plugin@0.4.1
|
16
14
|
```
|
17
15
|
|
18
16
|
## Configuration
|
19
17
|
|
20
|
-
Initialize the plugin in Payload
|
18
|
+
Initialize the plugin in the Payload config file. Change the parameters to connect to your Zitadel instance.
|
19
|
+
|
20
|
+
The cleanest way to use this plugin is just to set the `ZITADEL_URL` and `ZITADEL_CLIENT_ID` environment variables,
|
21
|
+
set up the `next.config.ts` as described down below and then add `zitadelPlugin()` without further configuration to the
|
22
|
+
plugin list.
|
21
23
|
|
22
24
|
#### payload.config.ts
|
23
25
|
|
@@ -31,14 +33,16 @@ export default buildConfig({
|
|
31
33
|
plugins: [
|
32
34
|
zitadelPlugin({
|
33
35
|
// URL of your Zitadel instance
|
34
|
-
|
36
|
+
// if not provided, it will look for the ZITADEL_URL environment variable
|
37
|
+
// issuerUrl: 'https://idp.zitadel.url',
|
35
38
|
|
36
39
|
// in Zitadel create a new App->Web->PKCE in your project, then copy the Client ID
|
37
40
|
// DO NOT FORGET to add '{http://localhost with development mode on or https://your-domain.tld}/api/users/callback'
|
38
41
|
// to the allowed redirect URIs and ALSO to the post logout redirect URIs
|
39
|
-
|
42
|
+
// if not provided, it will look for the ZITADEL_CLIENT_ID environment variable
|
43
|
+
// clientId: '123456789012345678@project_name',
|
40
44
|
|
41
|
-
// change field names, field labels and
|
45
|
+
// change field names, field labels and also hide them if wanted
|
42
46
|
/*
|
43
47
|
fieldConfig: {
|
44
48
|
image: {
|
@@ -69,20 +73,22 @@ export default buildConfig({
|
|
69
73
|
}
|
70
74
|
*/
|
71
75
|
|
72
|
-
// if you want to manually control what
|
76
|
+
// if you want to manually control what happens after a successful login
|
73
77
|
// afterLogin: (req) => NextResponse.redirect('...')
|
74
78
|
|
75
|
-
// if you want to manually control what
|
79
|
+
// if you want to manually control what happens after a successful logout
|
76
80
|
// afterLogout: (req) => NextResponse.redirect('...')
|
77
81
|
|
78
82
|
// following properties are only needed if you want to authenticate clients (e.g. a mobile app) for the API
|
79
|
-
// if the users are just
|
83
|
+
// if the users are just visiting the CMS via a browser you can ignore all of them
|
80
84
|
// otherwise create in Zitadel a new App->API->JWT and copy the Client ID, Key ID and the Key itself
|
85
|
+
// if not provided it will look for the ZITADEL_API_CLIENT_ID environment variable
|
86
|
+
// if ZITADEL_API_CLIENT_ID was found it will look for ZITADEL_API_KEY_ID and ZITADEL_API_KEY
|
81
87
|
/*
|
82
88
|
api: {
|
83
|
-
clientId:
|
84
|
-
keyId:
|
85
|
-
key:
|
89
|
+
clientId: '123456789123456789@project_name'
|
90
|
+
keyId: '123456789012345678'
|
91
|
+
key: '-----BEGIN RSA PRIVATE KEY----- ... ----END RSA PRIVATE KEY-----'
|
86
92
|
}
|
87
93
|
*/
|
88
94
|
})
|
@@ -129,9 +135,11 @@ export default withPayload(nextConfig)
|
|
129
135
|
If you want to use the Zitadel profile picture as the avatar in PayloadCMS (`disableAvatar != true`),
|
130
136
|
you have to manually add the asset URL to the Next.js config file.
|
131
137
|
|
132
|
-
Also if you want to automatically redirect to Zitadel without asking the user to click on the login button,
|
138
|
+
Also, if you want to automatically redirect to Zitadel without asking the user to click on the login button,
|
133
139
|
you have to add the redirect manually to the Next.js config file.
|
134
140
|
|
141
|
+
For a proper logout you also have to add the `end_session` redirect.
|
142
|
+
|
135
143
|
#### next.config.js
|
136
144
|
|
137
145
|
```typescript
|
@@ -144,9 +152,9 @@ const nextConfig = {
|
|
144
152
|
images: {
|
145
153
|
remotePatterns: [
|
146
154
|
{
|
147
|
-
//protocol: new URL(process.env.ZITADEL_URL).protocol,
|
155
|
+
// protocol: new URL(process.env.ZITADEL_URL).protocol,
|
148
156
|
hostname: new URL(process.env.ZITADEL_URL).hostname,
|
149
|
-
//port: new URL(process.env.ZITADEL_URL).port,
|
157
|
+
// port: new URL(process.env.ZITADEL_URL).port,
|
150
158
|
pathname: '/assets/**'
|
151
159
|
}
|
152
160
|
]
|
@@ -156,6 +164,8 @@ const nextConfig = {
|
|
156
164
|
return [
|
157
165
|
// for proper logout
|
158
166
|
{
|
167
|
+
// all paths, that do not start with 'api'
|
168
|
+
// it is important to ignore the Payload API routes!
|
159
169
|
source: '/:path((?!api).*)',
|
160
170
|
destination: '/api/users/end_session?redirect=/:path*',
|
161
171
|
has: [
|
@@ -168,16 +178,14 @@ const nextConfig = {
|
|
168
178
|
},
|
169
179
|
// optional: enable auto-redirect to Zitadel login page if not logged in
|
170
180
|
{
|
171
|
-
|
181
|
+
// all paths that start with 'admin' or 'profile'
|
182
|
+
// you could replace 'profile' with 'app' or some other protected route
|
183
|
+
source: '/:path((?:admin|profile).*)',
|
172
184
|
destination: '/api/users/authorize?redirect=/:path*',
|
173
185
|
missing: [
|
174
186
|
{
|
175
187
|
type: 'cookie',
|
176
188
|
key: 'zitadel_id_token'
|
177
|
-
},
|
178
|
-
{
|
179
|
-
type: 'cookie',
|
180
|
-
key: 'zitadel_logout'
|
181
189
|
}
|
182
190
|
],
|
183
191
|
permanent: false
|
package/dist/constants.d.ts
CHANGED
@@ -94,6 +94,12 @@ export declare const ENDPOINT_PATHS: {
|
|
94
94
|
token: string;
|
95
95
|
end_session: string;
|
96
96
|
};
|
97
|
+
export declare const ERRORS: {
|
98
|
+
issuerURL: Error;
|
99
|
+
clientId: Error;
|
100
|
+
apiKeyId: Error;
|
101
|
+
apiKey: Error;
|
102
|
+
};
|
97
103
|
export declare const ROLES_KEY = "urn:zitadel:iam:org:project:roles";
|
98
104
|
export declare const ROUTES: {
|
99
105
|
authorize: string;
|
package/dist/constants.d.ts.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,eAAe;;;;CAI3B,CAAA;AAED,eAAO,MAAM,eAAe,sCAAsC,CAAA;AASlE,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;CAcnB,CAAA;AAED,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsC1B,CAAA;AAED,eAAO,MAAM,cAAc;;;;;CAK1B,CAAA;AAED,eAAO,MAAM,SAAS,sCAAsC,CAAA;AAE5D,eAAO,MAAM,MAAM;;;;CAIlB,CAAA"}
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,eAAe;;;;CAI3B,CAAA;AAED,eAAO,MAAM,eAAe,sCAAsC,CAAA;AASlE,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;CAcnB,CAAA;AAED,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsC1B,CAAA;AAED,eAAO,MAAM,cAAc;;;;;CAK1B,CAAA;AAED,eAAO,MAAM,MAAM;;;;;CAWlB,CAAA;AAED,eAAO,MAAM,SAAS,sCAAsC,CAAA;AAE5D,eAAO,MAAM,MAAM;;;;CAIlB,CAAA"}
|
package/dist/constants.js
CHANGED
@@ -91,6 +91,12 @@ export const ENDPOINT_PATHS = {
|
|
91
91
|
token: '/oauth/v2/token',
|
92
92
|
end_session: '/oidc/v1/end_session'
|
93
93
|
};
|
94
|
+
export const ERRORS = {
|
95
|
+
issuerURL: new Error('ZITADEL-PLUGIN | Error during initialization of the issuer URL: ' + 'issuerURL in plugin configuration not provided or empty and ZITADEL_URL environment variable also not found or empty'),
|
96
|
+
clientId: new Error('ZITADEL-PLUGIN | Error during initialization of the client Id: ' + 'clientId in plugin configuration not provided or empty and ZITADEL_CLIENT_ID environment variable also not found or empty'),
|
97
|
+
apiKeyId: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' + 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' + 'but ZITADEL_API_KEY_ID environment variable was not found or is empty'),
|
98
|
+
apiKey: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' + 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' + 'but ZITADEL_API_KEY environment variable was not found or is empty')
|
99
|
+
};
|
94
100
|
export const ROLES_KEY = 'urn:zitadel:iam:org:project:roles';
|
95
101
|
export const ROUTES = {
|
96
102
|
authorize: '/authorize',
|
package/dist/constants.js.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"sources":["../src/constants.ts"],"sourcesContent":["import {ResponseCookie} from 'next/dist/compiled/@edge-runtime/cookies/index.js'\nimport type {ZitadelFieldsConfig} from './types.js'\n\nexport const AUTHORIZE_QUERY = {\n response_type: 'code',\n scope: 'openid email profile',\n code_challenge_method: 'S256'\n}\n\nexport const COMPONENTS_PATH = 'payload-zitadel-plugin/components'\n\nconst COOKIE_CONFIG = {\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n secure: process.env.NODE_ENV == 'production'\n} satisfies Pick<ResponseCookie, 'httpOnly' | 'path' | 'sameSite' | 'secure'>\n\nexport const COOKIES = {\n pkce: {\n name: 'zitadel_pkce_code_verifier',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n idToken: {\n name: 'zitadel_id_token',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n logout: {\n name: 'zitadel_logout',\n value: 'true',\n ...COOKIE_CONFIG\n } satisfies ResponseCookie\n}\n\nexport const DEFAULT_CONFIG = {\n fields: {\n id: {\n name: 'idp_id',\n label: {\n de: 'Identifikation im System des Identitätsanbieters',\n en: 'Identifier in the system of the Identity Provider'\n }\n },\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n },\n email: {\n name: 'email',\n label: {de: 'E-Mail', en: 'Email'}\n },\n image: {\n name: 'image',\n label: {de: 'Profilbild-URL', en: 'Profile picture URL'}\n },\n roles: {\n name: 'roles',\n label: {de: 'Rollen', en: 'Roles'},\n labels: {\n singular: {de: 'Rolle', en: 'Role'},\n plural: {de: 'Rollen', en: 'Roles'}\n }\n },\n roleFields: {\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n }\n }\n } satisfies ZitadelFieldsConfig,\n strategyName: 'zitadel',\n label: 'Zitadel'\n}\n\nexport const ENDPOINT_PATHS = {\n authorize: '/oauth/v2/authorize',\n introspect: '/oauth/v2/introspect',\n token: '/oauth/v2/token',\n end_session: '/oidc/v1/end_session'\n}\n\nexport const ROLES_KEY = 'urn:zitadel:iam:org:project:roles'\n\nexport const ROUTES = {\n authorize: '/authorize',\n callback: '/callback',\n end_session: '/end_session'\n}\n\n"],"names":["AUTHORIZE_QUERY","response_type","scope","code_challenge_method","COMPONENTS_PATH","COOKIE_CONFIG","httpOnly","path","sameSite","secure","process","env","NODE_ENV","COOKIES","pkce","name","idToken","logout","value","DEFAULT_CONFIG","fields","id","label","de","en","email","image","roles","labels","singular","plural","roleFields","strategyName","ENDPOINT_PATHS","authorize","introspect","token","end_session","ROLES_KEY","ROUTES","callback"],"mappings":"AAGA,OAAO,MAAMA,kBAAkB;IAC3BC,eAAe;IACfC,OAAO;IACPC,uBAAuB;AAC3B,EAAC;AAED,OAAO,MAAMC,kBAAkB,oCAAmC;AAElE,MAAMC,gBAAgB;IAClBC,UAAU;IACVC,MAAM;IACNC,UAAU;IACVC,QAAQC,QAAQC,GAAG,CAACC,QAAQ,IAAI;AACpC;AAEA,OAAO,MAAMC,UAAU;IACnBC,MAAM;QACFC,MAAM;QACN,GAAGV,aAAa;IACpB;IACAW,SAAS;QACLD,MAAM;QACN,GAAGV,aAAa;IACpB;IACAY,QAAQ;QACJF,MAAM;QACNG,OAAO;QACP,GAAGb,aAAa;IACpB;AACJ,EAAC;AAED,OAAO,MAAMc,iBAAiB;IAC1BC,QAAQ;QACJC,IAAI;YACAN,MAAM;YACNO,OAAO;gBACHC,IAAI;gBACJC,IAAI;YACR;QACJ;QACAT,MAAM;YACFA,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAQC,IAAI;YAAM;QAClC;QACAC,OAAO;YACHV,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;QACrC;QACAE,OAAO;YACHX,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAkBC,IAAI;YAAqB;QAC3D;QACAG,OAAO;YACHZ,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;YACjCI,QAAQ;gBACJC,UAAU;oBAACN,IAAI;oBAASC,IAAI;gBAAM;gBAClCM,QAAQ;oBAACP,IAAI;oBAAUC,IAAI;gBAAO;YACtC;QACJ;QACAO,YAAY;YACRhB,MAAM;gBACFA,MAAM;gBACNO,OAAO;oBAACC,IAAI;oBAAQC,IAAI;gBAAM;YAClC;QACJ;IACJ;IACAQ,cAAc;IACdV,OAAO;AACX,EAAC;AAED,OAAO,MAAMW,iBAAiB;IAC1BC,WAAW;IACXC,YAAY;IACZC,OAAO;IACPC,aAAa;AACjB,EAAC;AAED,OAAO,MAAMC,YAAY,oCAAmC;AAE5D,OAAO,MAAMC,SAAS;
|
1
|
+
{"version":3,"sources":["../src/constants.ts"],"sourcesContent":["import {ResponseCookie} from 'next/dist/compiled/@edge-runtime/cookies/index.js'\nimport type {ZitadelFieldsConfig} from './types.js'\n\nexport const AUTHORIZE_QUERY = {\n response_type: 'code',\n scope: 'openid email profile',\n code_challenge_method: 'S256'\n}\n\nexport const COMPONENTS_PATH = 'payload-zitadel-plugin/components'\n\nconst COOKIE_CONFIG = {\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n secure: process.env.NODE_ENV == 'production'\n} satisfies Pick<ResponseCookie, 'httpOnly' | 'path' | 'sameSite' | 'secure'>\n\nexport const COOKIES = {\n pkce: {\n name: 'zitadel_pkce_code_verifier',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n idToken: {\n name: 'zitadel_id_token',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n logout: {\n name: 'zitadel_logout',\n value: 'true',\n ...COOKIE_CONFIG\n } satisfies ResponseCookie\n}\n\nexport const DEFAULT_CONFIG = {\n fields: {\n id: {\n name: 'idp_id',\n label: {\n de: 'Identifikation im System des Identitätsanbieters',\n en: 'Identifier in the system of the Identity Provider'\n }\n },\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n },\n email: {\n name: 'email',\n label: {de: 'E-Mail', en: 'Email'}\n },\n image: {\n name: 'image',\n label: {de: 'Profilbild-URL', en: 'Profile picture URL'}\n },\n roles: {\n name: 'roles',\n label: {de: 'Rollen', en: 'Roles'},\n labels: {\n singular: {de: 'Rolle', en: 'Role'},\n plural: {de: 'Rollen', en: 'Roles'}\n }\n },\n roleFields: {\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n }\n }\n } satisfies ZitadelFieldsConfig,\n strategyName: 'zitadel',\n label: 'Zitadel'\n}\n\nexport const ENDPOINT_PATHS = {\n authorize: '/oauth/v2/authorize',\n introspect: '/oauth/v2/introspect',\n token: '/oauth/v2/token',\n end_session: '/oidc/v1/end_session'\n}\n\nexport const ERRORS = {\n issuerURL: new Error('ZITADEL-PLUGIN | Error during initialization of the issuer URL: ' +\n 'issuerURL in plugin configuration not provided or empty and ZITADEL_URL environment variable also not found or empty'),\n clientId: new Error('ZITADEL-PLUGIN | Error during initialization of the client Id: ' +\n 'clientId in plugin configuration not provided or empty and ZITADEL_CLIENT_ID environment variable also not found or empty'),\n apiKeyId: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' +\n 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' +\n 'but ZITADEL_API_KEY_ID environment variable was not found or is empty'),\n apiKey: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' +\n 'API is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' +\n 'but ZITADEL_API_KEY environment variable was not found or is empty')\n}\n\nexport const ROLES_KEY = 'urn:zitadel:iam:org:project:roles'\n\nexport const ROUTES = {\n authorize: '/authorize',\n callback: '/callback',\n end_session: '/end_session'\n}\n\n"],"names":["AUTHORIZE_QUERY","response_type","scope","code_challenge_method","COMPONENTS_PATH","COOKIE_CONFIG","httpOnly","path","sameSite","secure","process","env","NODE_ENV","COOKIES","pkce","name","idToken","logout","value","DEFAULT_CONFIG","fields","id","label","de","en","email","image","roles","labels","singular","plural","roleFields","strategyName","ENDPOINT_PATHS","authorize","introspect","token","end_session","ERRORS","issuerURL","Error","clientId","apiKeyId","apiKey","ROLES_KEY","ROUTES","callback"],"mappings":"AAGA,OAAO,MAAMA,kBAAkB;IAC3BC,eAAe;IACfC,OAAO;IACPC,uBAAuB;AAC3B,EAAC;AAED,OAAO,MAAMC,kBAAkB,oCAAmC;AAElE,MAAMC,gBAAgB;IAClBC,UAAU;IACVC,MAAM;IACNC,UAAU;IACVC,QAAQC,QAAQC,GAAG,CAACC,QAAQ,IAAI;AACpC;AAEA,OAAO,MAAMC,UAAU;IACnBC,MAAM;QACFC,MAAM;QACN,GAAGV,aAAa;IACpB;IACAW,SAAS;QACLD,MAAM;QACN,GAAGV,aAAa;IACpB;IACAY,QAAQ;QACJF,MAAM;QACNG,OAAO;QACP,GAAGb,aAAa;IACpB;AACJ,EAAC;AAED,OAAO,MAAMc,iBAAiB;IAC1BC,QAAQ;QACJC,IAAI;YACAN,MAAM;YACNO,OAAO;gBACHC,IAAI;gBACJC,IAAI;YACR;QACJ;QACAT,MAAM;YACFA,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAQC,IAAI;YAAM;QAClC;QACAC,OAAO;YACHV,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;QACrC;QACAE,OAAO;YACHX,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAkBC,IAAI;YAAqB;QAC3D;QACAG,OAAO;YACHZ,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;YACjCI,QAAQ;gBACJC,UAAU;oBAACN,IAAI;oBAASC,IAAI;gBAAM;gBAClCM,QAAQ;oBAACP,IAAI;oBAAUC,IAAI;gBAAO;YACtC;QACJ;QACAO,YAAY;YACRhB,MAAM;gBACFA,MAAM;gBACNO,OAAO;oBAACC,IAAI;oBAAQC,IAAI;gBAAM;YAClC;QACJ;IACJ;IACAQ,cAAc;IACdV,OAAO;AACX,EAAC;AAED,OAAO,MAAMW,iBAAiB;IAC1BC,WAAW;IACXC,YAAY;IACZC,OAAO;IACPC,aAAa;AACjB,EAAC;AAED,OAAO,MAAMC,SAAS;IAClBC,WAAW,IAAIC,MAAM,qEACjB;IACJC,UAAU,IAAID,MAAM,oEAChB;IACJE,UAAU,IAAIF,MAAM,0EAChB,0IACA;IACJG,QAAQ,IAAIH,MAAM,0EACd,0IACA;AACR,EAAC;AAED,OAAO,MAAMI,YAAY,oCAAmC;AAE5D,OAAO,MAAMC,SAAS;IAClBX,WAAW;IACXY,UAAU;IACVT,aAAa;AACjB,EAAC"}
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,sBAAsB,EAAuC,MAAM,aAAa,CAAA;AAGxF,eAAO,MAAM,QAAQ,EAAE,
|
1
|
+
{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,sBAAsB,EAAuC,MAAM,aAAa,CAAA;AAGxF,eAAO,MAAM,QAAQ,EAAE,sBAiLtB,CAAA"}
|
@@ -7,7 +7,6 @@ export const callback = ({ issuerURL, clientId, fields, afterLogin, afterLogout
|
|
7
7
|
const { config, secret } = payload;
|
8
8
|
const { code } = query;
|
9
9
|
const state = getState(req);
|
10
|
-
console.log('callback with state:', JSON.stringify(state));
|
11
10
|
const cookieStore = await cookies();
|
12
11
|
if (state.invokedBy == 'end_session') {
|
13
12
|
[
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {SignJWT, decodeJwt} from 'jose'\nimport {cookies} from 'next/headers.js'\nimport {COOKIES, ENDPOINT_PATHS, ROLES_KEY, ROUTES} from '../constants.js'\nimport {ZitadelCallbackHandler, ZitadelCallbackQuery, ZitadelIdToken} from '../types.js'\nimport {getAuthBaseURL, getAuthSlug, getState} from '../utils/index.js'\n\nexport const callback: ZitadelCallbackHandler = ({\n issuerURL,\n clientId,\n fields,\n afterLogin,\n afterLogout\n }) => async (req) => {\n\n const {payload, query} = req\n\n const {config, secret} = payload\n\n const {code} = query as ZitadelCallbackQuery\n\n const state = getState(req)\n\n
|
1
|
+
{"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {SignJWT, decodeJwt} from 'jose'\nimport {cookies} from 'next/headers.js'\nimport {COOKIES, ENDPOINT_PATHS, ROLES_KEY, ROUTES} from '../constants.js'\nimport {ZitadelCallbackHandler, ZitadelCallbackQuery, ZitadelIdToken} from '../types.js'\nimport {getAuthBaseURL, getAuthSlug, getState} from '../utils/index.js'\n\nexport const callback: ZitadelCallbackHandler = ({\n issuerURL,\n clientId,\n fields,\n afterLogin,\n afterLogout\n }) => async (req) => {\n\n const {payload, query} = req\n\n const {config, secret} = payload\n\n const {code} = query as ZitadelCallbackQuery\n\n const state = getState(req)\n\n const cookieStore = await cookies()\n\n if (state.invokedBy == 'end_session') {\n\n [COOKIES.logout, COOKIES.idToken].forEach(cookie => cookieStore.delete(cookie))\n\n return afterLogout(req)\n\n }\n\n const codeVerifier = cookieStore.get(COOKIES.pkce.name)?.value\n\n if (!code) {\n return Response.json({\n status: 'error',\n message: 'no code provided to verify'\n })\n }\n\n if (!codeVerifier) {\n return Response.json({\n status: 'error',\n message: 'code verifier not found (associated http-only cookie is empty)'\n })\n }\n\n const tokenQueryData = {\n grant_type: 'authorization_code',\n code,\n redirect_uri: getAuthBaseURL(config) + ROUTES.callback,\n client_id: clientId,\n code_verifier: codeVerifier\n }\n\n const tokenEndpoint = issuerURL + ENDPOINT_PATHS.token\n\n const tokenResponse = await fetch(new URL(tokenEndpoint), {\n method: 'POST',\n body: new URLSearchParams(tokenQueryData)\n })\n\n if (!tokenResponse.ok) {\n return Response.json({\n status: 'error',\n message: 'error while communicating with token endpoint',\n details: {\n tokenEndpoint,\n tokenQuery: tokenQueryData,\n tokenResponseCode: `${tokenResponse.status} - ${tokenResponse.statusText}`\n }\n })\n }\n\n const tokenJson = await tokenResponse.json()\n\n const {id_token: idToken} = tokenJson\n\n if (!idToken) {\n return Response.json({\n status: 'error',\n message: 'token could not be retrieved from this response',\n details: {\n responseData: tokenJson\n }\n })\n }\n\n let decodedIdToken\n\n try {\n\n decodedIdToken = decodeJwt<ZitadelIdToken>(idToken)\n\n } catch (e) {\n\n return Response.json({\n status: 'error',\n message: `error during decoding: ${JSON.stringify(e)}`,\n details: {\n idToken\n }\n })\n\n }\n\n const idpId = decodedIdToken.sub\n\n const userData = {\n [fields.name.name]: decodedIdToken.name,\n [fields.email.name]: decodedIdToken.email,\n [fields.image.name]: decodedIdToken.picture,\n [fields.roles.name]: Object.keys(decodedIdToken[ROLES_KEY] ?? {})\n .map(key => ({[fields.roleFields.name.name]: key}))\n }\n\n if (!idpId) {\n return Response.json({\n status: 'error',\n message: 'token is not complete (id not found)',\n details: {\n idToken,\n decodedIdToken,\n idpId\n }\n })\n }\n\n try {\n\n const authSlug = getAuthSlug(config)\n\n const {docs, totalDocs} = await payload.find({\n collection: authSlug,\n where: {\n [fields.id.name]: {\n equals: idpId\n }\n }\n })\n\n if (totalDocs) {\n await payload.update({\n collection: authSlug,\n id: docs[0].id,\n data: userData\n })\n } else {\n await payload.create({\n collection: authSlug,\n data: {\n [fields.id.name]: idpId,\n ...userData\n }\n })\n }\n\n } catch (e) {\n\n return Response.json({\n status: 'error',\n message: `error while creating/updating user: ${JSON.stringify(e)}`,\n details: {\n idpId\n }\n })\n\n }\n\n cookieStore.delete(COOKIES.pkce)\n\n cookieStore.set({\n ...COOKIES.idToken,\n value: await new SignJWT(decodedIdToken)\n .setProtectedHeader({alg: 'HS256'})\n .setIssuedAt()\n .sign(new TextEncoder().encode(secret)),\n maxAge: 900\n })\n\n return afterLogin(req)\n\n}"],"names":["SignJWT","decodeJwt","cookies","COOKIES","ENDPOINT_PATHS","ROLES_KEY","ROUTES","getAuthBaseURL","getAuthSlug","getState","callback","issuerURL","clientId","fields","afterLogin","afterLogout","req","payload","query","config","secret","code","state","cookieStore","invokedBy","logout","idToken","forEach","cookie","delete","codeVerifier","get","pkce","name","value","Response","json","status","message","tokenQueryData","grant_type","redirect_uri","client_id","code_verifier","tokenEndpoint","token","tokenResponse","fetch","URL","method","body","URLSearchParams","ok","details","tokenQuery","tokenResponseCode","statusText","tokenJson","id_token","responseData","decodedIdToken","e","JSON","stringify","idpId","sub","userData","email","image","picture","roles","Object","keys","map","key","roleFields","authSlug","docs","totalDocs","find","collection","where","id","equals","update","data","create","set","setProtectedHeader","alg","setIssuedAt","sign","TextEncoder","encode","maxAge"],"mappings":"AAAA,SAAQA,OAAO,EAAEC,SAAS,QAAO,OAAM;AACvC,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,EAAEC,cAAc,EAAEC,SAAS,EAAEC,MAAM,QAAO,kBAAiB;AAE1E,SAAQC,cAAc,EAAEC,WAAW,EAAEC,QAAQ,QAAO,oBAAmB;AAEvE,OAAO,MAAMC,WAAmC,CAAC,EACIC,SAAS,EACTC,QAAQ,EACRC,MAAM,EACNC,UAAU,EACVC,WAAW,EACd,GAAK,OAAOC;QAE1D,MAAM,EAACC,OAAO,EAAEC,KAAK,EAAC,GAAGF;QAEzB,MAAM,EAACG,MAAM,EAAEC,MAAM,EAAC,GAAGH;QAEzB,MAAM,EAACI,IAAI,EAAC,GAAGH;QAEf,MAAMI,QAAQb,SAASO;QAEvB,MAAMO,cAAc,MAAMrB;QAE1B,IAAIoB,MAAME,SAAS,IAAI,eAAe;YAElC;gBAACrB,QAAQsB,MAAM;gBAAEtB,QAAQuB,OAAO;aAAC,CAACC,OAAO,CAACC,CAAAA,SAAUL,YAAYM,MAAM,CAACD;YAEvE,OAAOb,YAAYC;QAEvB;QAEA,MAAMc,eAAeP,YAAYQ,GAAG,CAAC5B,QAAQ6B,IAAI,CAACC,IAAI,GAAGC;QAEzD,IAAI,CAACb,MAAM;YACP,OAAOc,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;YACb;QACJ;QAEA,IAAI,CAACR,cAAc;YACf,OAAOK,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;YACb;QACJ;QAEA,MAAMC,iBAAiB;YACnBC,YAAY;YACZnB;YACAoB,cAAclC,eAAeY,UAAUb,OAAOI,QAAQ;YACtDgC,WAAW9B;YACX+B,eAAeb;QACnB;QAEA,MAAMc,gBAAgBjC,YAAYP,eAAeyC,KAAK;QAEtD,MAAMC,gBAAgB,MAAMC,MAAM,IAAIC,IAAIJ,gBAAgB;YACtDK,QAAQ;YACRC,MAAM,IAAIC,gBAAgBZ;QAC9B;QAEA,IAAI,CAACO,cAAcM,EAAE,EAAE;YACnB,OAAOjB,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACLT;oBACAU,YAAYf;oBACZgB,mBAAmB,GAAGT,cAAcT,MAAM,CAAC,GAAG,EAAES,cAAcU,UAAU,EAAE;gBAC9E;YACJ;QACJ;QAEA,MAAMC,YAAY,MAAMX,cAAcV,IAAI;QAE1C,MAAM,EAACsB,UAAUhC,OAAO,EAAC,GAAG+B;QAE5B,IAAI,CAAC/B,SAAS;YACV,OAAOS,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACLM,cAAcF;gBAClB;YACJ;QACJ;QAEA,IAAIG;QAEJ,IAAI;YAEAA,iBAAiB3D,UAA0ByB;QAE/C,EAAE,OAAOmC,GAAG;YAER,OAAO1B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS,CAAC,uBAAuB,EAAEwB,KAAKC,SAAS,CAACF,IAAI;gBACtDR,SAAS;oBACL3B;gBACJ;YACJ;QAEJ;QAEA,MAAMsC,QAAQJ,eAAeK,GAAG;QAEhC,MAAMC,WAAW;YACb,CAACrD,OAAOoB,IAAI,CAACA,IAAI,CAAC,EAAE2B,eAAe3B,IAAI;YACvC,CAACpB,OAAOsD,KAAK,CAAClC,IAAI,CAAC,EAAE2B,eAAeO,KAAK;YACzC,CAACtD,OAAOuD,KAAK,CAACnC,IAAI,CAAC,EAAE2B,eAAeS,OAAO;YAC3C,CAACxD,OAAOyD,KAAK,CAACrC,IAAI,CAAC,EAAEsC,OAAOC,IAAI,CAACZ,cAAc,CAACvD,UAAU,IAAI,CAAC,GAC1DoE,GAAG,CAACC,CAAAA,MAAQ,CAAA;oBAAC,CAAC7D,OAAO8D,UAAU,CAAC1C,IAAI,CAACA,IAAI,CAAC,EAAEyC;gBAAG,CAAA;QACxD;QAEA,IAAI,CAACV,OAAO;YACR,OAAO7B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS;gBACTe,SAAS;oBACL3B;oBACAkC;oBACAI;gBACJ;YACJ;QACJ;QAEA,IAAI;YAEA,MAAMY,WAAWpE,YAAYW;YAE7B,MAAM,EAAC0D,IAAI,EAAEC,SAAS,EAAC,GAAG,MAAM7D,QAAQ8D,IAAI,CAAC;gBACzCC,YAAYJ;gBACZK,OAAO;oBACH,CAACpE,OAAOqE,EAAE,CAACjD,IAAI,CAAC,EAAE;wBACdkD,QAAQnB;oBACZ;gBACJ;YACJ;YAEA,IAAIc,WAAW;gBACX,MAAM7D,QAAQmE,MAAM,CAAC;oBACjBJ,YAAYJ;oBACZM,IAAIL,IAAI,CAAC,EAAE,CAACK,EAAE;oBACdG,MAAMnB;gBACV;YACJ,OAAO;gBACH,MAAMjD,QAAQqE,MAAM,CAAC;oBACjBN,YAAYJ;oBACZS,MAAM;wBACF,CAACxE,OAAOqE,EAAE,CAACjD,IAAI,CAAC,EAAE+B;wBAClB,GAAGE,QAAQ;oBACf;gBACJ;YACJ;QAEJ,EAAE,OAAOL,GAAG;YAER,OAAO1B,SAASC,IAAI,CAAC;gBACjBC,QAAQ;gBACRC,SAAS,CAAC,oCAAoC,EAAEwB,KAAKC,SAAS,CAACF,IAAI;gBACnER,SAAS;oBACLW;gBACJ;YACJ;QAEJ;QAEAzC,YAAYM,MAAM,CAAC1B,QAAQ6B,IAAI;QAE/BT,YAAYgE,GAAG,CAAC;YACZ,GAAGpF,QAAQuB,OAAO;YAClBQ,OAAO,MAAM,IAAIlC,QAAQ4D,gBACpB4B,kBAAkB,CAAC;gBAACC,KAAK;YAAO,GAChCC,WAAW,GACXC,IAAI,CAAC,IAAIC,cAAcC,MAAM,CAACzE;YACnC0E,QAAQ;QACZ;QAEA,OAAOhF,WAAWE;IAEtB,EAAC"}
|
package/dist/index.d.ts.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAqB,aAAa,EAAC,MAAM,YAAY,CAAA;AAG5D,eAAO,MAAM,aAAa,EAAE,
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAqB,aAAa,EAAC,MAAM,YAAY,CAAA;AAG5D,eAAO,MAAM,aAAa,EAAE,aA0L3B,CAAA"}
|
package/dist/index.js
CHANGED
@@ -1,11 +1,33 @@
|
|
1
1
|
import { cookies } from 'next/headers.js';
|
2
2
|
import { AvatarComponent, LoginButtonComponent } from './components/index.js';
|
3
|
-
import { COOKIES, DEFAULT_CONFIG, ROUTES } from './constants.js';
|
3
|
+
import { COOKIES, DEFAULT_CONFIG, ERRORS, ROUTES } from './constants.js';
|
4
4
|
import { authorize, callback } from './handlers/index.js';
|
5
5
|
import { zitadelStrategy } from './strategy.js';
|
6
6
|
import { translations } from './translations.js';
|
7
7
|
import { defaultRedirect, getAuthSlug, requestRedirect } from './utils/index.js';
|
8
|
-
export const zitadelPlugin = (
|
8
|
+
export const zitadelPlugin = (config)=>{
|
9
|
+
let { issuerURL = process.env.ZITADEL_URL, clientId = process.env.ZITADEL_CLIENT_ID, fields, strategyName = DEFAULT_CONFIG.strategyName, api, callbacks, components } = config ?? {};
|
10
|
+
if (!issuerURL) {
|
11
|
+
throw ERRORS.issuerURL;
|
12
|
+
}
|
13
|
+
if (!clientId) {
|
14
|
+
throw ERRORS.clientId;
|
15
|
+
}
|
16
|
+
if (!api && process.env.ZITADEL_API_CLIENT_ID) {
|
17
|
+
const keyId = process.env.ZITADEL_API_KEY_ID;
|
18
|
+
if (!keyId) {
|
19
|
+
throw ERRORS.apiKeyId;
|
20
|
+
}
|
21
|
+
const key = process.env.ZITADEL_API_KEY;
|
22
|
+
if (!key) {
|
23
|
+
throw ERRORS.apiKey;
|
24
|
+
}
|
25
|
+
api = {
|
26
|
+
clientId: process.env.ZITADEL_API_CLIENT_ID,
|
27
|
+
keyId,
|
28
|
+
key
|
29
|
+
};
|
30
|
+
}
|
9
31
|
const fieldsConfig = {
|
10
32
|
...DEFAULT_CONFIG.fields,
|
11
33
|
...fields
|
package/dist/index.js.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {AvatarComponent, LoginButtonComponent} from './components/index.js'\nimport {COOKIES, DEFAULT_CONFIG, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {translations} from './translations.js'\nimport {ZitadelAvatarProps, ZitadelPlugin} from './types.js'\nimport {defaultRedirect, getAuthSlug, requestRedirect} from './utils/index.js'\n\nexport const zitadelPlugin: ZitadelPlugin = ({\n issuerURL,\n clientId,\n fields,\n strategyName = DEFAULT_CONFIG.strategyName,\n api,\n callbacks,\n components\n }) => {\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ...fields}\n\n return (incomingConfig) => ({\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...components?.avatar ? {} : {\n avatar: {\n Component: {\n ...AvatarComponent,\n clientProps: {\n imageFieldName: fieldsConfig.image.name\n } satisfies ZitadelAvatarProps\n }\n }\n },\n ...components?.loginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n ...LoginButtonComponent,\n serverProps: {\n label: components?.loginButton?.label ?? DEFAULT_CONFIG.label\n }\n }\n ]\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == getAuthSlug(incomingConfig) ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n strategyName: strategyName,\n issuerURL,\n fields: fieldsConfig,\n api: api ?? false\n })\n ]\n },\n hooks: {\n afterLogout: [async () => (await cookies()).set(COOKIES.logout)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize({\n issuerURL,\n clientId\n })\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback({\n issuerURL,\n clientId,\n fields: fieldsConfig,\n afterLogin: callbacks?.afterLogin ?? defaultRedirect,\n afterLogout: callbacks?.afterLogout ?? defaultRedirect\n })\n },\n {\n path: ROUTES.end_session,\n method: 'get',\n handler: (req) => requestRedirect({req, issuerURL, clientId, invokedBy: 'end_session'})\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n })\n\n}"],"names":["cookies","AvatarComponent","LoginButtonComponent","COOKIES","DEFAULT_CONFIG","ROUTES","authorize","callback","zitadelStrategy","translations","defaultRedirect","getAuthSlug","requestRedirect","zitadelPlugin","issuerURL","clientId","fields","strategyName","api","callbacks","components","fieldsConfig","incomingConfig","admin","avatar","Component","clientProps","imageFieldName","image","name","loginButton","afterLogin","serverProps","label","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","hooks","afterLogout","set","logout","endpoints","path","method","handler","end_session","req","invokedBy","id","type","readOnly","index","unique","required","email","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,eAAe,EAAEC,oBAAoB,QAAO,wBAAuB;AAC3E,SAAQC,OAAO,EAAEC,cAAc,EAAEC,MAAM,QAAO,iBAAgB;AAC9D,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAC7C,SAAQC,YAAY,QAAO,oBAAmB;AAE9C,SAAQC,eAAe,EAAEC,WAAW,EAAEC,eAAe,QAAO,mBAAkB;AAE9E,OAAO,MAAMC,gBAA+B,CAAC,EACIC,SAAS,EACTC,QAAQ,EACRC,MAAM,EACNC,eAAeb,eAAea,YAAY,EAC1CC,GAAG,EACHC,SAAS,EACTC,UAAU,EACb;IAE1C,MAAMC,eAAe;QAAC,GAAGjB,eAAeY,MAAM;QAAE,GAAGA,MAAM;IAAA;IAEzD,OAAO,CAACM,iBAAoB,CAAA;YACxB,GAAGA,cAAc;YACjBC,OAAO;gBACH,GAAGD,eAAeC,KAAK;gBACvB,GAAGH,YAAYI,SAAS,CAAC,IAAI;oBACzBA,QAAQ;wBACJC,WAAW;4BACP,GAAGxB,eAAe;4BAClByB,aAAa;gCACTC,gBAAgBN,aAAaO,KAAK,CAACC,IAAI;4BAC3C;wBACJ;oBACJ;gBACJ,CAAC;gBACD,GAAGT,YAAYU,cAAc,CAAC,IAAI;oBAC9BV,YAAY;wBACR,GAAGE,eAAeC,KAAK,EAAEH,UAAU;wBACnCW,YAAY;+BACLT,eAAeC,KAAK,EAAEH,YAAYW,cAAc,EAAE;4BACrD;gCACI,GAAG7B,oBAAoB;gCACvB8B,aAAa;oCACTC,OAAOb,YAAYU,aAAaG,SAAS7B,eAAe6B,KAAK;gCACjE;4BACJ;yBACH;oBACL;gBACJ,CAAC;YACL;YACAC,aAAa,AAACZ,CAAAA,eAAeY,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAI5B,YAAYW,kBAAkB;wBAChDgB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/BjC,gBAAgB;oCACZS,cAAcA;oCACdH;oCACAE,QAAQK;oCACRH,KAAKA,OAAO;gCAChB;6BACH;wBACL;wBACAwB,OAAO;4BACHC,aAAa;gCAAC,UAAY,AAAC,CAAA,MAAM3C,SAAQ,EAAG4C,GAAG,CAACzC,QAAQ0C,MAAM;6BAAE;wBACpE;wBACAC,WAAW;4BACP;gCACIC,MAAM1C,OAAOC,SAAS;gCACtB0C,QAAQ;gCACRC,SAAS3C,UAAU;oCACfQ;oCACAC;gCACJ;4BACJ;4BACA;gCACIgC,MAAM1C,OAAOE,QAAQ;gCACrByC,QAAQ;gCACRC,SAAS1C,SAAS;oCACdO;oCACAC;oCACAC,QAAQK;oCACRU,YAAYZ,WAAWY,cAAcrB;oCACrCiC,aAAaxB,WAAWwB,eAAejC;gCAC3C;4BACJ;4BACA;gCACIqC,MAAM1C,OAAO6C,WAAW;gCACxBF,QAAQ;gCACRC,SAAS,CAACE,MAAQvC,gBAAgB;wCAACuC;wCAAKrC;wCAAWC;wCAAUqC,WAAW;oCAAa;4BACzF;yBACH;wBACDpC,QAAQ;+BACDoB,WAAWpB,MAAM;4BACpB;gCACI,GAAGK,aAAagC,EAAE;gCAClBC,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGrC,aAAaQ,IAAI;gCACpByB,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAasC,KAAK;gCACrBL,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAaO,KAAK;gCACrB0B,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAauC,KAAK;gCACrBN,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAvC,QAAQ;oCACJ;wCACI,GAAGK,aAAawC,UAAU,CAAChC,IAAI;wCAC/ByB,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAQ,MAAM;gBACF,GAAGxC,eAAewC,IAAI;gBACtBrD,cAAc;oBACV,GAAGa,eAAewC,IAAI,EAAErD,YAAY;oBACpCsD,IAAI;wBACA,GAAGzC,eAAewC,IAAI,EAAErD,cAAcsD,EAAE;wBACxC,GAAGtD,aAAasD,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAG1C,eAAewC,IAAI,EAAErD,cAAcuD,EAAE;wBACxC,GAAGvD,aAAauD,EAAE;oBACtB;gBACJ;YACJ;QACJ,CAAA;AAEJ,EAAC"}
|
1
|
+
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {AvatarComponent, LoginButtonComponent} from './components/index.js'\nimport {COOKIES, DEFAULT_CONFIG, ERRORS, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {translations} from './translations.js'\nimport {ZitadelAvatarProps, ZitadelPlugin} from './types.js'\nimport {defaultRedirect, getAuthSlug, requestRedirect} from './utils/index.js'\n\nexport const zitadelPlugin: ZitadelPlugin = (config) => {\n\n let {\n issuerURL = process.env.ZITADEL_URL,\n clientId = process.env.ZITADEL_CLIENT_ID,\n fields,\n strategyName = DEFAULT_CONFIG.strategyName,\n api,\n callbacks,\n components\n } = config ?? {}\n\n if (!issuerURL) {\n throw ERRORS.issuerURL\n }\n\n if (!clientId) {\n throw ERRORS.clientId\n }\n\n if (!api && process.env.ZITADEL_API_CLIENT_ID) {\n\n const keyId = process.env.ZITADEL_API_KEY_ID\n if (!keyId) {\n throw ERRORS.apiKeyId\n }\n\n const key = process.env.ZITADEL_API_KEY\n if (!key) {\n throw ERRORS.apiKey\n }\n\n api = {\n clientId: process.env.ZITADEL_API_CLIENT_ID,\n keyId,\n key\n }\n\n }\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ...fields}\n\n return (incomingConfig) => ({\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...components?.avatar ? {} : {\n avatar: {\n Component: {\n ...AvatarComponent,\n clientProps: {\n imageFieldName: fieldsConfig.image.name\n } satisfies ZitadelAvatarProps\n }\n }\n },\n ...components?.loginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n ...LoginButtonComponent,\n serverProps: {\n label: components?.loginButton?.label ?? DEFAULT_CONFIG.label\n }\n }\n ]\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == getAuthSlug(incomingConfig) ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n strategyName: strategyName,\n issuerURL,\n fields: fieldsConfig,\n api: api ?? false\n })\n ]\n },\n hooks: {\n afterLogout: [async () => (await cookies()).set(COOKIES.logout)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize({\n issuerURL,\n clientId\n })\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback({\n issuerURL,\n clientId,\n fields: fieldsConfig,\n afterLogin: callbacks?.afterLogin ?? defaultRedirect,\n afterLogout: callbacks?.afterLogout ?? defaultRedirect\n })\n },\n {\n path: ROUTES.end_session,\n method: 'get',\n handler: (req) => requestRedirect({req, issuerURL, clientId, invokedBy: 'end_session'})\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n })\n\n}"],"names":["cookies","AvatarComponent","LoginButtonComponent","COOKIES","DEFAULT_CONFIG","ERRORS","ROUTES","authorize","callback","zitadelStrategy","translations","defaultRedirect","getAuthSlug","requestRedirect","zitadelPlugin","config","issuerURL","process","env","ZITADEL_URL","clientId","ZITADEL_CLIENT_ID","fields","strategyName","api","callbacks","components","ZITADEL_API_CLIENT_ID","keyId","ZITADEL_API_KEY_ID","apiKeyId","key","ZITADEL_API_KEY","apiKey","fieldsConfig","incomingConfig","admin","avatar","Component","clientProps","imageFieldName","image","name","loginButton","afterLogin","serverProps","label","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","hooks","afterLogout","set","logout","endpoints","path","method","handler","end_session","req","invokedBy","id","type","readOnly","index","unique","required","email","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,eAAe,EAAEC,oBAAoB,QAAO,wBAAuB;AAC3E,SAAQC,OAAO,EAAEC,cAAc,EAAEC,MAAM,EAAEC,MAAM,QAAO,iBAAgB;AACtE,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAC7C,SAAQC,YAAY,QAAO,oBAAmB;AAE9C,SAAQC,eAAe,EAAEC,WAAW,EAAEC,eAAe,QAAO,mBAAkB;AAE9E,OAAO,MAAMC,gBAA+B,CAACC;IAEzC,IAAI,EACAC,YAAYC,QAAQC,GAAG,CAACC,WAAW,EACnCC,WAAWH,QAAQC,GAAG,CAACG,iBAAiB,EACxCC,MAAM,EACNC,eAAenB,eAAemB,YAAY,EAC1CC,GAAG,EACHC,SAAS,EACTC,UAAU,EACb,GAAGX,UAAU,CAAC;IAEf,IAAI,CAACC,WAAW;QACZ,MAAMX,OAAOW,SAAS;IAC1B;IAEA,IAAI,CAACI,UAAU;QACX,MAAMf,OAAOe,QAAQ;IACzB;IAEA,IAAI,CAACI,OAAOP,QAAQC,GAAG,CAACS,qBAAqB,EAAE;QAE3C,MAAMC,QAAQX,QAAQC,GAAG,CAACW,kBAAkB;QAC5C,IAAI,CAACD,OAAO;YACR,MAAMvB,OAAOyB,QAAQ;QACzB;QAEA,MAAMC,MAAMd,QAAQC,GAAG,CAACc,eAAe;QACvC,IAAI,CAACD,KAAK;YACN,MAAM1B,OAAO4B,MAAM;QACvB;QAEAT,MAAM;YACFJ,UAAUH,QAAQC,GAAG,CAACS,qBAAqB;YAC3CC;YACAG;QACJ;IAEJ;IAEA,MAAMG,eAAe;QAAC,GAAG9B,eAAekB,MAAM;QAAE,GAAGA,MAAM;IAAA;IAEzD,OAAO,CAACa,iBAAoB,CAAA;YACxB,GAAGA,cAAc;YACjBC,OAAO;gBACH,GAAGD,eAAeC,KAAK;gBACvB,GAAGV,YAAYW,SAAS,CAAC,IAAI;oBACzBA,QAAQ;wBACJC,WAAW;4BACP,GAAGrC,eAAe;4BAClBsC,aAAa;gCACTC,gBAAgBN,aAAaO,KAAK,CAACC,IAAI;4BAC3C;wBACJ;oBACJ;gBACJ,CAAC;gBACD,GAAGhB,YAAYiB,cAAc,CAAC,IAAI;oBAC9BjB,YAAY;wBACR,GAAGS,eAAeC,KAAK,EAAEV,UAAU;wBACnCkB,YAAY;+BACLT,eAAeC,KAAK,EAAEV,YAAYkB,cAAc,EAAE;4BACrD;gCACI,GAAG1C,oBAAoB;gCACvB2C,aAAa;oCACTC,OAAOpB,YAAYiB,aAAaG,SAAS1C,eAAe0C,KAAK;gCACjE;4BACJ;yBACH;oBACL;gBACJ,CAAC;YACL;YACAC,aAAa,AAACZ,CAAAA,eAAeY,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAIxC,YAAYuB,kBAAkB;wBAChDgB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/B7C,gBAAgB;oCACZc,cAAcA;oCACdP;oCACAM,QAAQY;oCACRV,KAAKA,OAAO;gCAChB;6BACH;wBACL;wBACA+B,OAAO;4BACHC,aAAa;gCAAC,UAAY,AAAC,CAAA,MAAMxD,SAAQ,EAAGyD,GAAG,CAACtD,QAAQuD,MAAM;6BAAE;wBACpE;wBACAC,WAAW;4BACP;gCACIC,MAAMtD,OAAOC,SAAS;gCACtBsD,QAAQ;gCACRC,SAASvD,UAAU;oCACfS;oCACAI;gCACJ;4BACJ;4BACA;gCACIwC,MAAMtD,OAAOE,QAAQ;gCACrBqD,QAAQ;gCACRC,SAAStD,SAAS;oCACdQ;oCACAI;oCACAE,QAAQY;oCACRU,YAAYnB,WAAWmB,cAAcjC;oCACrC6C,aAAa/B,WAAW+B,eAAe7C;gCAC3C;4BACJ;4BACA;gCACIiD,MAAMtD,OAAOyD,WAAW;gCACxBF,QAAQ;gCACRC,SAAS,CAACE,MAAQnD,gBAAgB;wCAACmD;wCAAKhD;wCAAWI;wCAAU6C,WAAW;oCAAa;4BACzF;yBACH;wBACD3C,QAAQ;+BACD2B,WAAW3B,MAAM;4BACpB;gCACI,GAAGY,aAAagC,EAAE;gCAClBC,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGrC,aAAaQ,IAAI;gCACpByB,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAasC,KAAK;gCACrBL,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAaO,KAAK;gCACrB0B,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAauC,KAAK;gCACrBN,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACA9C,QAAQ;oCACJ;wCACI,GAAGY,aAAawC,UAAU,CAAChC,IAAI;wCAC/ByB,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAQ,MAAM;gBACF,GAAGxC,eAAewC,IAAI;gBACtBjE,cAAc;oBACV,GAAGyB,eAAewC,IAAI,EAAEjE,YAAY;oBACpCkE,IAAI;wBACA,GAAGzC,eAAewC,IAAI,EAAEjE,cAAckE,EAAE;wBACxC,GAAGlE,aAAakE,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAG1C,eAAewC,IAAI,EAAEjE,cAAcmE,EAAE;wBACxC,GAAGnE,aAAamE,EAAE;oBACtB;gBACJ;YACJ;QACJ,CAAA;AAEJ,EAAC"}
|
package/dist/types.d.ts
CHANGED
@@ -77,11 +77,11 @@ type ZitadelComponentsConfig = {
|
|
77
77
|
avatar: ZitadelAvatarConfig;
|
78
78
|
loginButton: ZitadelLoginButtonConfig;
|
79
79
|
};
|
80
|
-
type ZitadelPluginConfig = ZitadelBaseConfig & Partial<ZitadelUserConfig> & Partial<ZitadelStrategyConfig> & Partial<{
|
80
|
+
type ZitadelPluginConfig = Partial<ZitadelBaseConfig> & Partial<ZitadelUserConfig> & Partial<ZitadelStrategyConfig> & Partial<{
|
81
81
|
callbacks: Partial<ZitadelCallbackConfig>;
|
82
82
|
components: Partial<ZitadelComponentsConfig>;
|
83
83
|
}>;
|
84
|
-
export type ZitadelPlugin = (config
|
84
|
+
export type ZitadelPlugin = (config?: ZitadelPluginConfig) => (config: Config) => Config;
|
85
85
|
type ZitadelAuthorizeRequestConfig = {
|
86
86
|
codeChallenge: string;
|
87
87
|
};
|
package/dist/types.d.ts.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAC,MAAM,SAAS,CAAA;AAC9F,OAAO,KAAK,EAAC,UAAU,EAAE,kBAAkB,EAAC,MAAM,0BAA0B,CAAA;AAC5E,OAAO,EAAC,YAAY,EAAC,MAAM,mBAAmB,CAAA;AAE9C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAC/E,CAAC,CAAA;AAEF,KAAK,kBAAkB,GAAG;IACtB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,EAAE,EAAE,kBAAkB,CAAA;IACtB,IAAI,EAAE,kBAAkB,CAAA;IACxB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,GAAG;QACxB,MAAM,EAAE;YACJ,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;YACzC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;SAC1C,CAAA;KACJ,CAAA;IACD,UAAU,EAAE;QACR,IAAI,EAAE,kBAAkB,CAAA;KAC3B,CAAA;CACJ,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,MAAM,EAAE,mBAAmB,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAC;IACvC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,KAAK,cAAc,GAAG,WAAW,GAAG,aAAa,CAAA;AAEjD,KAAK,gBAAgB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI;IACvE,SAAS,EAAE,SAAS,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAA;AAEtE,MAAM,MAAM,qBAAqB,GAAG;IAChC,UAAU,EAAE,cAAc,CAAA;IAC1B,WAAW,EAAE,cAAc,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,eAAe,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,iBAAiB,GAAG,eAAe,KAAK,cAAc,CAAA;AAEtH,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,CAAC,iBAAiB,GAAG,qBAAqB,CAAC,CAAA;AAElG,KAAK,gBAAgB,GAAG;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,KAAK,qBAAqB,GAAG;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,GAAG,EAAE,gBAAgB,GAAG,KAAK,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAAG,iBAAiB,GAAG,qBAAqB,KAAK,YAAY,CAAA;AAEvI,KAAK,mBAAmB,GAAG;IACvB,OAAO,EAAE,IAAI,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC7B,cAAc,EAAE,MAAM,CAAA;CACzB,CAAA;AAED,KAAK,wBAAwB,GAAG;IAC5B,OAAO,EAAE,IAAI,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG,IAAI,CAAC,wBAAwB,EAAE,SAAS,CAAC,GAAG;IAC5F,IAAI,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,EAAE,kBAAkB,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAA;CACvF,CAAA;AAED,KAAK,uBAAuB,GAAG;IAC3B,MAAM,EAAE,mBAAmB,CAAA;IAC3B,WAAW,EAAE,wBAAwB,CAAA;CACxC,CAAA;AAED,KAAK,mBAAmB,GACpB,iBAAiB,
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAC,MAAM,SAAS,CAAA;AAC9F,OAAO,KAAK,EAAC,UAAU,EAAE,kBAAkB,EAAC,MAAM,0BAA0B,CAAA;AAC5E,OAAO,EAAC,YAAY,EAAC,MAAM,mBAAmB,CAAA;AAE9C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAC/E,CAAC,CAAA;AAEF,KAAK,kBAAkB,GAAG;IACtB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,EAAE,EAAE,kBAAkB,CAAA;IACtB,IAAI,EAAE,kBAAkB,CAAA;IACxB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,GAAG;QACxB,MAAM,EAAE;YACJ,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;YACzC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;SAC1C,CAAA;KACJ,CAAA;IACD,UAAU,EAAE;QACR,IAAI,EAAE,kBAAkB,CAAA;KAC3B,CAAA;CACJ,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,MAAM,EAAE,mBAAmB,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAC;IACvC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,KAAK,cAAc,GAAG,WAAW,GAAG,aAAa,CAAA;AAEjD,KAAK,gBAAgB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI;IACvE,SAAS,EAAE,SAAS,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAA;AAEtE,MAAM,MAAM,qBAAqB,GAAG;IAChC,UAAU,EAAE,cAAc,CAAA;IAC1B,WAAW,EAAE,cAAc,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,eAAe,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,iBAAiB,GAAG,eAAe,KAAK,cAAc,CAAA;AAEtH,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,CAAC,iBAAiB,GAAG,qBAAqB,CAAC,CAAA;AAElG,KAAK,gBAAgB,GAAG;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,KAAK,qBAAqB,GAAG;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,GAAG,EAAE,gBAAgB,GAAG,KAAK,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAAG,iBAAiB,GAAG,qBAAqB,KAAK,YAAY,CAAA;AAEvI,KAAK,mBAAmB,GAAG;IACvB,OAAO,EAAE,IAAI,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC7B,cAAc,EAAE,MAAM,CAAA;CACzB,CAAA;AAED,KAAK,wBAAwB,GAAG;IAC5B,OAAO,EAAE,IAAI,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG,IAAI,CAAC,wBAAwB,EAAE,SAAS,CAAC,GAAG;IAC5F,IAAI,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,EAAE,kBAAkB,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAA;CACvF,CAAA;AAED,KAAK,uBAAuB,GAAG;IAC3B,MAAM,EAAE,mBAAmB,CAAA;IAC3B,WAAW,EAAE,wBAAwB,CAAA;CACxC,CAAA;AAED,KAAK,mBAAmB,GACpB,OAAO,CAAC,iBAAiB,CAAC,GACxB,OAAO,CAAC,iBAAiB,CAAC,GAC1B,OAAO,CAAC,qBAAqB,CAAC,GAC9B,OAAO,CAAC;IACV,SAAS,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAA;IACzC,UAAU,EAAE,OAAO,CAAC,uBAAuB,CAAC,CAAA;CAC/C,CAAC,CAAA;AAEF,MAAM,MAAM,aAAa,GAAG,CAAC,MAAM,CAAC,EAAE,mBAAmB,KAAK,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAA;AAExF,KAAK,6BAA6B,GAAG;IACjC,aAAa,EAAE,MAAM,CAAA;CACxB,CAAA;AAGD,KAAK,mBAAmB,GACpB,CAAC,gBAAgB,CAAC,WAAW,CAAC,GAAG,6BAA6B,CAAC,GAC7D,CAAC,gBAAgB,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC,6BAA6B,CAAC,CAAC,CAAA;AAEhF,KAAK,oBAAoB,GAAG;IACxB,GAAG,EAAE,cAAc,CAAA;CACtB,GAAG,iBAAiB,GAAG,mBAAmB,CAAA;AAE3C,MAAM,MAAM,qBAAqB,GAAG,CAAC,MAAM,EAAE,oBAAoB,KAAK,QAAQ,CAAA"}
|
package/dist/types.js.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"sources":["../src/types.ts"],"sourcesContent":["import type {AuthStrategy, Config, PayloadHandler, PayloadRequest, ServerProps} from 'payload'\nimport type {I18nClient, NestedKeysStripped} from '@payloadcms/translations'\nimport {translations} from './translations.js'\n\nexport type ZitadelIdToken = Partial<{\n sub: string\n name: string\n email: string\n picture: string\n 'urn:zitadel:iam:org:project:roles'?: Record<string, Record<string, string>>\n}>\n\ntype ZitadelFieldConfig = {\n hidden?: boolean\n name: string\n label: string | Record<string, string>\n}\n\nexport type ZitadelFieldsConfig = {\n id: ZitadelFieldConfig\n name: ZitadelFieldConfig\n email: ZitadelFieldConfig\n image: ZitadelFieldConfig\n roles: ZitadelFieldConfig & {\n labels: {\n singular: string | Record<string, string>\n plural: string | Record<string, string>\n }\n }\n roleFields: {\n name: ZitadelFieldConfig\n }\n}\n\ntype ZitadelBaseConfig = {\n issuerURL: string\n clientId: string\n}\n\ntype ZitadelUserConfig = {\n fields: ZitadelFieldsConfig\n}\n\nexport type ZitadelCallbackQuery = Partial<{\n code: string | null,\n state: string | null,\n}>\n\ntype ZitadelInvoker = 'authorize' | 'end_session'\n\ntype ZitadelInvokedBy<InvokedBy extends ZitadelInvoker = ZitadelInvoker> = {\n invokedBy: InvokedBy\n}\n\nexport type ZitadelCallbackState = Record<any, any> & ZitadelInvokedBy\n\nexport type ZitadelCallbackConfig = {\n afterLogin: PayloadHandler\n afterLogout: PayloadHandler\n}\n\nexport type ZitadelBaseHandler<ConfigExtension = {}> = (config: ZitadelBaseConfig & ConfigExtension) => PayloadHandler\n\nexport type ZitadelCallbackHandler = ZitadelBaseHandler<ZitadelUserConfig & ZitadelCallbackConfig>\n\ntype ZitadelAPIConfig = {\n clientId: string\n key: string\n keyId: string\n}\n\ntype ZitadelStrategyConfig = {\n strategyName: string\n api: ZitadelAPIConfig | false\n}\n\nexport type ZitadelStrategy = (config: Omit<ZitadelBaseConfig, 'clientId'> & ZitadelUserConfig & ZitadelStrategyConfig) => AuthStrategy\n\ntype ZitadelAvatarConfig = {\n disable: true\n}\n\nexport type ZitadelAvatarProps = {\n imageFieldName: string\n}\n\ntype ZitadelLoginButtonConfig = {\n disable: true\n label: string\n}\n\nexport type ZitadelLoginButtonProps = ServerProps & Omit<ZitadelLoginButtonConfig, 'disable'> & {\n i18n: I18nClient<typeof translations.en, NestedKeysStripped<typeof translations.en>>\n}\n\ntype ZitadelComponentsConfig = {\n avatar: ZitadelAvatarConfig\n loginButton: ZitadelLoginButtonConfig\n}\n\ntype ZitadelPluginConfig =\n ZitadelBaseConfig
|
1
|
+
{"version":3,"sources":["../src/types.ts"],"sourcesContent":["import type {AuthStrategy, Config, PayloadHandler, PayloadRequest, ServerProps} from 'payload'\nimport type {I18nClient, NestedKeysStripped} from '@payloadcms/translations'\nimport {translations} from './translations.js'\n\nexport type ZitadelIdToken = Partial<{\n sub: string\n name: string\n email: string\n picture: string\n 'urn:zitadel:iam:org:project:roles'?: Record<string, Record<string, string>>\n}>\n\ntype ZitadelFieldConfig = {\n hidden?: boolean\n name: string\n label: string | Record<string, string>\n}\n\nexport type ZitadelFieldsConfig = {\n id: ZitadelFieldConfig\n name: ZitadelFieldConfig\n email: ZitadelFieldConfig\n image: ZitadelFieldConfig\n roles: ZitadelFieldConfig & {\n labels: {\n singular: string | Record<string, string>\n plural: string | Record<string, string>\n }\n }\n roleFields: {\n name: ZitadelFieldConfig\n }\n}\n\ntype ZitadelBaseConfig = {\n issuerURL: string\n clientId: string\n}\n\ntype ZitadelUserConfig = {\n fields: ZitadelFieldsConfig\n}\n\nexport type ZitadelCallbackQuery = Partial<{\n code: string | null,\n state: string | null,\n}>\n\ntype ZitadelInvoker = 'authorize' | 'end_session'\n\ntype ZitadelInvokedBy<InvokedBy extends ZitadelInvoker = ZitadelInvoker> = {\n invokedBy: InvokedBy\n}\n\nexport type ZitadelCallbackState = Record<any, any> & ZitadelInvokedBy\n\nexport type ZitadelCallbackConfig = {\n afterLogin: PayloadHandler\n afterLogout: PayloadHandler\n}\n\nexport type ZitadelBaseHandler<ConfigExtension = {}> = (config: ZitadelBaseConfig & ConfigExtension) => PayloadHandler\n\nexport type ZitadelCallbackHandler = ZitadelBaseHandler<ZitadelUserConfig & ZitadelCallbackConfig>\n\ntype ZitadelAPIConfig = {\n clientId: string\n key: string\n keyId: string\n}\n\ntype ZitadelStrategyConfig = {\n strategyName: string\n api: ZitadelAPIConfig | false\n}\n\nexport type ZitadelStrategy = (config: Omit<ZitadelBaseConfig, 'clientId'> & ZitadelUserConfig & ZitadelStrategyConfig) => AuthStrategy\n\ntype ZitadelAvatarConfig = {\n disable: true\n}\n\nexport type ZitadelAvatarProps = {\n imageFieldName: string\n}\n\ntype ZitadelLoginButtonConfig = {\n disable: true\n label: string\n}\n\nexport type ZitadelLoginButtonProps = ServerProps & Omit<ZitadelLoginButtonConfig, 'disable'> & {\n i18n: I18nClient<typeof translations.en, NestedKeysStripped<typeof translations.en>>\n}\n\ntype ZitadelComponentsConfig = {\n avatar: ZitadelAvatarConfig\n loginButton: ZitadelLoginButtonConfig\n}\n\ntype ZitadelPluginConfig =\n Partial<ZitadelBaseConfig>\n & Partial<ZitadelUserConfig>\n & Partial<ZitadelStrategyConfig>\n & Partial<{\n callbacks: Partial<ZitadelCallbackConfig>\n components: Partial<ZitadelComponentsConfig>\n}>\n\nexport type ZitadelPlugin = (config?: ZitadelPluginConfig) => (config: Config) => Config\n\ntype ZitadelAuthorizeRequestConfig = {\n codeChallenge: string\n}\n\n\ntype ZitadelRequestState =\n (ZitadelInvokedBy<'authorize'> & ZitadelAuthorizeRequestConfig)\n | (ZitadelInvokedBy<'end_session'> & Partial<ZitadelAuthorizeRequestConfig>)\n\ntype ZitadelRequestConfig = {\n req: PayloadRequest\n} & ZitadelBaseConfig & ZitadelRequestState\n\nexport type ZitadelRequestHandler = (config: ZitadelRequestConfig) => Response\n\n\n"],"names":[],"mappings":"AA4HA,WAA8E"}
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"redirects.d.ts","sourceRoot":"","sources":["../../src/utils/redirects.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAGtC,OAAO,EAAC,qBAAqB,EAAC,MAAM,aAAa,CAAA;AAIjD,eAAO,MAAM,eAAe,EAAE,cAC0D,CAAA;AAExF,eAAO,MAAM,eAAe,EAAE,
|
1
|
+
{"version":3,"file":"redirects.d.ts","sourceRoot":"","sources":["../../src/utils/redirects.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAGtC,OAAO,EAAC,qBAAqB,EAAC,MAAM,aAAa,CAAA;AAIjD,eAAO,MAAM,eAAe,EAAE,cAC0D,CAAA;AAExF,eAAO,MAAM,eAAe,EAAE,qBASrB,CAAA"}
|
package/dist/utils/redirects.js
CHANGED
@@ -3,8 +3,7 @@ import { AUTHORIZE_QUERY, ENDPOINT_PATHS, ROUTES } from '../constants.js';
|
|
3
3
|
import { createState, getState } from './state.js';
|
4
4
|
import { getAuthBaseURL } from './urls.js';
|
5
5
|
export const defaultRedirect = (req)=>NextResponse.redirect(req.payload.config.serverURL + (getState(req).redirect ?? ''));
|
6
|
-
export const requestRedirect = ({ req, issuerURL, clientId, invokedBy, codeChallenge })=>{
|
7
|
-
const redirectURL = `${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({
|
6
|
+
export const requestRedirect = ({ req, issuerURL, clientId, invokedBy, codeChallenge })=>NextResponse.redirect(`${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({
|
8
7
|
client_id: clientId,
|
9
8
|
[`${invokedBy == 'authorize' ? '' : 'post_logout_'}redirect_uri`]: getAuthBaseURL(req.payload.config) + ROUTES.callback,
|
10
9
|
state: createState(req, invokedBy),
|
@@ -12,9 +11,6 @@ export const requestRedirect = ({ req, issuerURL, clientId, invokedBy, codeChall
|
|
12
11
|
code_challenge: codeChallenge,
|
13
12
|
...AUTHORIZE_QUERY
|
14
13
|
} : {}
|
15
|
-
})}
|
16
|
-
console.log('requesting redirect to:', redirectURL);
|
17
|
-
return NextResponse.redirect(redirectURL);
|
18
|
-
};
|
14
|
+
})}`);
|
19
15
|
|
20
16
|
//# sourceMappingURL=redirects.js.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"sources":["../../src/utils/redirects.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {AUTHORIZE_QUERY, ENDPOINT_PATHS, ROUTES} from '../constants.js'\nimport {ZitadelRequestHandler} from '../types.js'\nimport {createState, getState} from './state.js'\nimport {getAuthBaseURL} from './urls.js'\n\nexport const defaultRedirect: PayloadHandler = (req) =>\n NextResponse.redirect(req.payload.config.serverURL + (getState(req).redirect ?? ''))\n\nexport const requestRedirect: ZitadelRequestHandler = ({req, issuerURL, clientId, invokedBy, codeChallenge})
|
1
|
+
{"version":3,"sources":["../../src/utils/redirects.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {AUTHORIZE_QUERY, ENDPOINT_PATHS, ROUTES} from '../constants.js'\nimport {ZitadelRequestHandler} from '../types.js'\nimport {createState, getState} from './state.js'\nimport {getAuthBaseURL} from './urls.js'\n\nexport const defaultRedirect: PayloadHandler = (req) =>\n NextResponse.redirect(req.payload.config.serverURL + (getState(req).redirect ?? ''))\n\nexport const requestRedirect: ZitadelRequestHandler = ({req, issuerURL, clientId, invokedBy, codeChallenge}) =>\n NextResponse.redirect(`${issuerURL}${ENDPOINT_PATHS[invokedBy]}?${new URLSearchParams({\n client_id: clientId,\n [`${invokedBy == 'authorize' ? '' : 'post_logout_'}redirect_uri`]: getAuthBaseURL(req.payload.config) + ROUTES.callback,\n state: createState(req, invokedBy),\n ...invokedBy == 'authorize' ? {\n code_challenge: codeChallenge,\n ...AUTHORIZE_QUERY\n } : {}\n })}`)"],"names":["NextResponse","AUTHORIZE_QUERY","ENDPOINT_PATHS","ROUTES","createState","getState","getAuthBaseURL","defaultRedirect","req","redirect","payload","config","serverURL","requestRedirect","issuerURL","clientId","invokedBy","codeChallenge","URLSearchParams","client_id","callback","state","code_challenge"],"mappings":"AACA,SAAQA,YAAY,QAAO,iBAAgB;AAC3C,SAAQC,eAAe,EAAEC,cAAc,EAAEC,MAAM,QAAO,kBAAiB;AAEvE,SAAQC,WAAW,EAAEC,QAAQ,QAAO,aAAY;AAChD,SAAQC,cAAc,QAAO,YAAW;AAExC,OAAO,MAAMC,kBAAkC,CAACC,MAC5CR,aAAaS,QAAQ,CAACD,IAAIE,OAAO,CAACC,MAAM,CAACC,SAAS,GAAIP,CAAAA,SAASG,KAAKC,QAAQ,IAAI,EAAC,GAAG;AAExF,OAAO,MAAMI,kBAAyC,CAAC,EAACL,GAAG,EAAEM,SAAS,EAAEC,QAAQ,EAAEC,SAAS,EAAEC,aAAa,EAAC,GACvGjB,aAAaS,QAAQ,CAAC,GAAGK,YAAYZ,cAAc,CAACc,UAAU,CAAC,CAAC,EAAE,IAAIE,gBAAgB;QAClFC,WAAWJ;QACX,CAAC,GAAGC,aAAa,cAAc,KAAK,eAAe,YAAY,CAAC,CAAC,EAAEV,eAAeE,IAAIE,OAAO,CAACC,MAAM,IAAIR,OAAOiB,QAAQ;QACvHC,OAAOjB,YAAYI,KAAKQ;QACxB,GAAGA,aAAa,cAAc;YAC1BM,gBAAgBL;YAChB,GAAGhB,eAAe;QACtB,IAAI,CAAC,CAAC;IACV,IAAI,EAAC"}
|
package/package.json
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
{
|
2
2
|
"name": "payload-zitadel-plugin",
|
3
|
-
"version": "0.4.
|
3
|
+
"version": "0.4.2",
|
4
4
|
"description": "plugin for Payload CMS, which enables authentication via Zitadel IdP",
|
5
5
|
"type": "module",
|
6
6
|
"license": "MIT",
|
@@ -36,18 +36,18 @@
|
|
36
36
|
"dist"
|
37
37
|
],
|
38
38
|
"dependencies": {
|
39
|
-
"@payloadcms/next": "^3.
|
40
|
-
"@payloadcms/translations": "^3.
|
41
|
-
"@payloadcms/ui": "^3.
|
39
|
+
"@payloadcms/next": "^3.12.0",
|
40
|
+
"@payloadcms/translations": "^3.12.0",
|
41
|
+
"@payloadcms/ui": "^3.12.0",
|
42
42
|
"jose": "^5.9.6",
|
43
43
|
"next": "^15.1.3",
|
44
|
-
"payload": "^3.
|
44
|
+
"payload": "^3.12.0",
|
45
45
|
"react": "^19.0.0",
|
46
46
|
"react-dom": "^19.0.0"
|
47
47
|
},
|
48
48
|
"devDependencies": {
|
49
49
|
"@swc/cli": "^0.5.2",
|
50
|
-
"@swc/core": "^1.10.
|
50
|
+
"@swc/core": "^1.10.4",
|
51
51
|
"@types/node": "^22.10.2",
|
52
52
|
"@types/react": "^19.0.2",
|
53
53
|
"@types/react-dom": "^19.0.2",
|