payload-zitadel-plugin 0.4.47 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -12
- package/dist/constants.d.ts +2 -2
- package/dist/constants.js +2 -2
- package/dist/constants.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +21 -14
- package/dist/index.js.map +1 -1
- package/dist/strategy.d.ts.map +1 -1
- package/dist/strategy.js +38 -17
- package/dist/strategy.js.map +1 -1
- package/dist/types.d.ts +15 -2
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +10 -10
package/README.md
CHANGED
|
@@ -10,7 +10,7 @@ Thus, the user collection in PayloadCMS becomes just a shadow of the information
|
|
|
10
10
|
## Install
|
|
11
11
|
|
|
12
12
|
```shell
|
|
13
|
-
pnpm add payload-zitadel-plugin@0.
|
|
13
|
+
pnpm add payload-zitadel-plugin@0.5.0
|
|
14
14
|
```
|
|
15
15
|
|
|
16
16
|
## Configuration
|
|
@@ -79,16 +79,33 @@ export default buildConfig({
|
|
|
79
79
|
// if you want to manually control what happens after a successful logout
|
|
80
80
|
// afterLogout: (req) => NextResponse.redirect('...')
|
|
81
81
|
|
|
82
|
-
// following properties are only needed if you want to authenticate clients
|
|
82
|
+
// following properties are only needed if you want to authenticate clients
|
|
83
|
+
// (e.g. a mobile app or a external service) for the API
|
|
83
84
|
// if the users are just visiting the CMS via a browser you can ignore all of them
|
|
84
|
-
// otherwise create in Zitadel a new App->API->JWT and
|
|
85
|
+
// otherwise create in Zitadel a new App->API->JWT and create a new key
|
|
86
|
+
// download the JSON file and put the content in the jwt parameter
|
|
87
|
+
// if not provided it will look for the ZITADEL_API_JWT environment variable
|
|
88
|
+
/*
|
|
89
|
+
api: {
|
|
90
|
+
type: 'jwt'
|
|
91
|
+
jwt: {
|
|
92
|
+
keyId: '123456789123456789',
|
|
93
|
+
key: '-----BEGIN RSA PRIVATE KEY----- ... ----END RSA PRIVATE KEY-----',
|
|
94
|
+
appId: '123456789123456789',
|
|
95
|
+
clientId: '123456789123456789'
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
*/
|
|
99
|
+
|
|
100
|
+
// you can also use basic auth instead of JWT
|
|
101
|
+
// create a new App->API->Basic and save the Client Id and Client Secret
|
|
85
102
|
// if not provided it will look for the ZITADEL_API_CLIENT_ID environment variable
|
|
86
|
-
//
|
|
103
|
+
// make sure you have the ZITADEL_API_JWT environment variable unset as JWT will have priority
|
|
87
104
|
/*
|
|
88
105
|
api: {
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
106
|
+
type: 'basic'
|
|
107
|
+
clientId: '123456789123456789',
|
|
108
|
+
clientSecret: '...'
|
|
92
109
|
}
|
|
93
110
|
*/
|
|
94
111
|
})
|
|
@@ -104,9 +121,11 @@ Optionally you could use an `.env.local` file for parameters:
|
|
|
104
121
|
```dotenv
|
|
105
122
|
ZITADEL_URL=https://idp.zitadel.url
|
|
106
123
|
ZITADEL_CLIENT_ID=123456789123456789
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
124
|
+
# if you use basic auth
|
|
125
|
+
ZITADEL_API_CLIENT_ID: '123456789123456789',
|
|
126
|
+
ZITADEL_API_CLIENT_SECRET: '...',
|
|
127
|
+
# if you use JWT auth
|
|
128
|
+
ZITADEL_API_JWT='{"type":"application","keyId":"123456789123456789","key":"-----BEGIN RSA PRIVATE KEY-----\n ... \n-----END RSA PRIVATE KEY-----\n","appId":"123456789123456789","clientId":"123456789123456789"}'
|
|
110
129
|
```
|
|
111
130
|
|
|
112
131
|
or use the Next.js Config file:
|
|
@@ -121,9 +140,11 @@ export default withPayload({
|
|
|
121
140
|
env: {
|
|
122
141
|
ZITADEL_URL: 'https://idp.zitadel.url',
|
|
123
142
|
ZITADEL_CLIENT_ID: '123456789123456789',
|
|
143
|
+
// if you use basic auth
|
|
124
144
|
ZITADEL_API_CLIENT_ID: '123456789123456789',
|
|
125
|
-
|
|
126
|
-
|
|
145
|
+
ZITADEL_API_CLIENT_SECRET: '...',
|
|
146
|
+
// if you use JWT auth
|
|
147
|
+
ZITADEL_API_JWT='{"type":"application","keyId":"123456789123456789","key":"-----BEGIN RSA PRIVATE KEY-----\n ... \n-----END RSA PRIVATE KEY-----\n","appId":"123456789123456789","clientId":"123456789123456789"}'
|
|
127
148
|
},
|
|
128
149
|
...
|
|
129
150
|
})
|
package/dist/constants.d.ts
CHANGED
|
@@ -97,8 +97,8 @@ export declare const ENDPOINT_PATHS: {
|
|
|
97
97
|
export declare const ERRORS: {
|
|
98
98
|
issuerURL: Error;
|
|
99
99
|
clientId: Error;
|
|
100
|
-
|
|
101
|
-
|
|
100
|
+
apiJWT: Error;
|
|
101
|
+
apiClientSecret: Error;
|
|
102
102
|
};
|
|
103
103
|
export declare const ROLES_KEY = "urn:zitadel:iam:org:project:roles";
|
|
104
104
|
export declare const ROUTES: {
|
package/dist/constants.js
CHANGED
|
@@ -94,8 +94,8 @@ export const ENDPOINT_PATHS = {
|
|
|
94
94
|
export const ERRORS = {
|
|
95
95
|
issuerURL: new Error('ZITADEL-PLUGIN | Error during initialization of the issuer URL: ' + 'issuerURL in plugin configuration not provided or empty and ZITADEL_URL environment variable also not found or empty'),
|
|
96
96
|
clientId: new Error('ZITADEL-PLUGIN | Error during initialization of the client Id: ' + 'clientId in plugin configuration not provided or empty and ZITADEL_CLIENT_ID environment variable also not found or empty'),
|
|
97
|
-
|
|
98
|
-
|
|
97
|
+
apiJWT: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' + 'API JWT auth is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_JWT environment variable was found), ' + 'but ZITADEL_API_JWT environment variable is not correctly formatted'),
|
|
98
|
+
apiClientSecret: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' + 'API basic auth is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' + 'but ZITADEL_API_CLIENT_SECRET environment variable was not found or is empty')
|
|
99
99
|
};
|
|
100
100
|
export const ROLES_KEY = 'urn:zitadel:iam:org:project:roles';
|
|
101
101
|
export const ROUTES = {
|
package/dist/constants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/constants.ts"],"sourcesContent":["import {ResponseCookie} from 'next/dist/compiled/@edge-runtime/cookies/index.js'\nimport type {ZitadelFieldsConfig} from './types.js'\n\nexport const AUTHORIZE_QUERY = {\n response_type: 'code',\n scope: 'openid email profile',\n code_challenge_method: 'S256'\n}\n\nexport const COMPONENTS_PATH = 'payload-zitadel-plugin/components'\n\nconst COOKIE_CONFIG = {\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n secure: process.env.NODE_ENV == 'production'\n} satisfies Pick<ResponseCookie, 'httpOnly' | 'path' | 'sameSite' | 'secure'>\n\nexport const COOKIES = {\n pkce: {\n name: 'zitadel_pkce_code_verifier',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n idToken: {\n name: 'zitadel_id_token',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n logout: {\n name: 'zitadel_logout',\n value: 'true',\n ...COOKIE_CONFIG\n } satisfies ResponseCookie\n}\n\nexport const DEFAULT_CONFIG = {\n fields: {\n id: {\n name: 'idp_id',\n label: {\n de: 'Identifikation im System des Identitätsanbieters',\n en: 'Identifier in the system of the Identity Provider'\n }\n },\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n },\n email: {\n name: 'email',\n label: {de: 'E-Mail', en: 'Email'}\n },\n image: {\n name: 'image',\n label: {de: 'Profilbild-URL', en: 'Profile picture URL'}\n },\n roles: {\n name: 'roles',\n label: {de: 'Rollen', en: 'Roles'},\n labels: {\n singular: {de: 'Rolle', en: 'Role'},\n plural: {de: 'Rollen', en: 'Roles'}\n }\n },\n roleFields: {\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n }\n }\n } satisfies ZitadelFieldsConfig,\n strategyName: 'zitadel',\n label: 'Zitadel'\n}\n\nexport const ENDPOINT_PATHS = {\n authorize: '/oauth/v2/authorize',\n introspect: '/oauth/v2/introspect',\n token: '/oauth/v2/token',\n end_session: '/oidc/v1/end_session'\n}\n\nexport const ERRORS = {\n issuerURL: new Error('ZITADEL-PLUGIN | Error during initialization of the issuer URL: ' +\n 'issuerURL in plugin configuration not provided or empty and ZITADEL_URL environment variable also not found or empty'),\n clientId: new Error('ZITADEL-PLUGIN | Error during initialization of the client Id: ' +\n 'clientId in plugin configuration not provided or empty and ZITADEL_CLIENT_ID environment variable also not found or empty'),\n
|
|
1
|
+
{"version":3,"sources":["../src/constants.ts"],"sourcesContent":["import {ResponseCookie} from 'next/dist/compiled/@edge-runtime/cookies/index.js'\nimport type {ZitadelFieldsConfig} from './types.js'\n\nexport const AUTHORIZE_QUERY = {\n response_type: 'code',\n scope: 'openid email profile',\n code_challenge_method: 'S256'\n}\n\nexport const COMPONENTS_PATH = 'payload-zitadel-plugin/components'\n\nconst COOKIE_CONFIG = {\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n secure: process.env.NODE_ENV == 'production'\n} satisfies Pick<ResponseCookie, 'httpOnly' | 'path' | 'sameSite' | 'secure'>\n\nexport const COOKIES = {\n pkce: {\n name: 'zitadel_pkce_code_verifier',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n idToken: {\n name: 'zitadel_id_token',\n ...COOKIE_CONFIG\n } satisfies Omit<ResponseCookie, 'value'>,\n logout: {\n name: 'zitadel_logout',\n value: 'true',\n ...COOKIE_CONFIG\n } satisfies ResponseCookie\n}\n\nexport const DEFAULT_CONFIG = {\n fields: {\n id: {\n name: 'idp_id',\n label: {\n de: 'Identifikation im System des Identitätsanbieters',\n en: 'Identifier in the system of the Identity Provider'\n }\n },\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n },\n email: {\n name: 'email',\n label: {de: 'E-Mail', en: 'Email'}\n },\n image: {\n name: 'image',\n label: {de: 'Profilbild-URL', en: 'Profile picture URL'}\n },\n roles: {\n name: 'roles',\n label: {de: 'Rollen', en: 'Roles'},\n labels: {\n singular: {de: 'Rolle', en: 'Role'},\n plural: {de: 'Rollen', en: 'Roles'}\n }\n },\n roleFields: {\n name: {\n name: 'name',\n label: {de: 'Name', en: 'Name'}\n }\n }\n } satisfies ZitadelFieldsConfig,\n strategyName: 'zitadel',\n label: 'Zitadel'\n}\n\nexport const ENDPOINT_PATHS = {\n authorize: '/oauth/v2/authorize',\n introspect: '/oauth/v2/introspect',\n token: '/oauth/v2/token',\n end_session: '/oidc/v1/end_session'\n}\n\nexport const ERRORS = {\n issuerURL: new Error('ZITADEL-PLUGIN | Error during initialization of the issuer URL: ' +\n 'issuerURL in plugin configuration not provided or empty and ZITADEL_URL environment variable also not found or empty'),\n clientId: new Error('ZITADEL-PLUGIN | Error during initialization of the client Id: ' +\n 'clientId in plugin configuration not provided or empty and ZITADEL_CLIENT_ID environment variable also not found or empty'),\n apiJWT: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' +\n 'API JWT auth is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_JWT environment variable was found), ' +\n 'but ZITADEL_API_JWT environment variable is not correctly formatted'),\n apiClientSecret: new Error('ZITADEL-PLUGIN | Error during initialization of the API credentials: ' +\n 'API basic auth is enabled (api credentials in plugin configuration not provided, but the ZITADEL_API_CLIENT_ID environment variable was found), ' +\n 'but ZITADEL_API_CLIENT_SECRET environment variable was not found or is empty')\n}\n\nexport const ROLES_KEY = 'urn:zitadel:iam:org:project:roles'\n\nexport const ROUTES = {\n authorize: '/authorize',\n callback: '/callback',\n end_session: '/end_session'\n}\n\n"],"names":["AUTHORIZE_QUERY","response_type","scope","code_challenge_method","COMPONENTS_PATH","COOKIE_CONFIG","httpOnly","path","sameSite","secure","process","env","NODE_ENV","COOKIES","pkce","name","idToken","logout","value","DEFAULT_CONFIG","fields","id","label","de","en","email","image","roles","labels","singular","plural","roleFields","strategyName","ENDPOINT_PATHS","authorize","introspect","token","end_session","ERRORS","issuerURL","Error","clientId","apiJWT","apiClientSecret","ROLES_KEY","ROUTES","callback"],"mappings":"AAGA,OAAO,MAAMA,kBAAkB;IAC3BC,eAAe;IACfC,OAAO;IACPC,uBAAuB;AAC3B,EAAC;AAED,OAAO,MAAMC,kBAAkB,oCAAmC;AAElE,MAAMC,gBAAgB;IAClBC,UAAU;IACVC,MAAM;IACNC,UAAU;IACVC,QAAQC,QAAQC,GAAG,CAACC,QAAQ,IAAI;AACpC;AAEA,OAAO,MAAMC,UAAU;IACnBC,MAAM;QACFC,MAAM;QACN,GAAGV,aAAa;IACpB;IACAW,SAAS;QACLD,MAAM;QACN,GAAGV,aAAa;IACpB;IACAY,QAAQ;QACJF,MAAM;QACNG,OAAO;QACP,GAAGb,aAAa;IACpB;AACJ,EAAC;AAED,OAAO,MAAMc,iBAAiB;IAC1BC,QAAQ;QACJC,IAAI;YACAN,MAAM;YACNO,OAAO;gBACHC,IAAI;gBACJC,IAAI;YACR;QACJ;QACAT,MAAM;YACFA,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAQC,IAAI;YAAM;QAClC;QACAC,OAAO;YACHV,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;QACrC;QACAE,OAAO;YACHX,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAkBC,IAAI;YAAqB;QAC3D;QACAG,OAAO;YACHZ,MAAM;YACNO,OAAO;gBAACC,IAAI;gBAAUC,IAAI;YAAO;YACjCI,QAAQ;gBACJC,UAAU;oBAACN,IAAI;oBAASC,IAAI;gBAAM;gBAClCM,QAAQ;oBAACP,IAAI;oBAAUC,IAAI;gBAAO;YACtC;QACJ;QACAO,YAAY;YACRhB,MAAM;gBACFA,MAAM;gBACNO,OAAO;oBAACC,IAAI;oBAAQC,IAAI;gBAAM;YAClC;QACJ;IACJ;IACAQ,cAAc;IACdV,OAAO;AACX,EAAC;AAED,OAAO,MAAMW,iBAAiB;IAC1BC,WAAW;IACXC,YAAY;IACZC,OAAO;IACPC,aAAa;AACjB,EAAC;AAED,OAAO,MAAMC,SAAS;IAClBC,WAAW,IAAIC,MAAM,qEACjB;IACJC,UAAU,IAAID,MAAM,oEAChB;IACJE,QAAQ,IAAIF,MAAM,0EACd,6IACA;IACJG,iBAAiB,IAAIH,MAAM,0EACvB,qJACA;AACR,EAAC;AAED,OAAO,MAAMI,YAAY,oCAAmC;AAE5D,OAAO,MAAMC,SAAS;IAClBX,WAAW;IACXY,UAAU;IACVT,aAAa;AACjB,EAAC"}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAiC,aAAa,EAAC,MAAM,YAAY,CAAA;AAIxE,eAAO,MAAM,aAAa,EAAE,aA4M3B,CAAA"}
|
package/dist/index.js
CHANGED
|
@@ -15,26 +15,33 @@ export const zitadelPlugin = (config)=>{
|
|
|
15
15
|
if (!clientId) {
|
|
16
16
|
errors.push(ERRORS.clientId);
|
|
17
17
|
}
|
|
18
|
-
if (!api
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
18
|
+
if (!api) {
|
|
19
|
+
if (process.env.ZITADEL_API_JWT) {
|
|
20
|
+
try {
|
|
21
|
+
api = {
|
|
22
|
+
type: 'jwt',
|
|
23
|
+
jwt: JSON.parse(process.env.ZITADEL_API_JWT)
|
|
24
|
+
};
|
|
25
|
+
} catch (e) {
|
|
26
|
+
errors.push(ERRORS.apiJWT);
|
|
27
|
+
}
|
|
28
|
+
} else if (process.env.ZITADEL_API_CLIENT_ID) {
|
|
29
|
+
const clientSecret = process.env.ZITADEL_API_CLIENT_SECRET ?? '';
|
|
30
|
+
if (!clientSecret) {
|
|
31
|
+
errors.push(ERRORS.apiClientSecret);
|
|
32
|
+
}
|
|
33
|
+
api = {
|
|
34
|
+
type: 'basic',
|
|
35
|
+
clientId: process.env.ZITADEL_API_CLIENT_ID,
|
|
36
|
+
clientSecret
|
|
37
|
+
};
|
|
26
38
|
}
|
|
27
|
-
api = {
|
|
28
|
-
clientId: process.env.ZITADEL_API_CLIENT_ID,
|
|
29
|
-
keyId,
|
|
30
|
-
key
|
|
31
|
-
};
|
|
32
39
|
}
|
|
33
40
|
if (errors.length && [
|
|
34
41
|
PHASE_DEVELOPMENT_SERVER,
|
|
35
42
|
PHASE_PRODUCTION_SERVER
|
|
36
43
|
].includes(process.env.NEXT_PHASE ?? '')) {
|
|
37
|
-
console.warn('The following errors
|
|
44
|
+
console.warn('The following errors occurred during initialization of the payload zitadel plugin:');
|
|
38
45
|
for (const error of errors)console.warn(error);
|
|
39
46
|
}
|
|
40
47
|
const fieldsConfig = {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {AvatarComponent, LoginButtonComponent} from './components/index.js'\nimport {COOKIES, DEFAULT_CONFIG, ERRORS, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {translations} from './translations.js'\nimport {ZitadelAvatarProps, ZitadelPlugin} from './types.js'\nimport {defaultRedirect, getAuthSlug, requestRedirect} from './utils/index.js'\nimport {PHASE_DEVELOPMENT_SERVER, PHASE_PRODUCTION_SERVER} from 'next/constants.js'\n\nexport const zitadelPlugin: ZitadelPlugin = (config) => {\n\n let {\n issuerURL = process.env.ZITADEL_URL ?? '',\n clientId = process.env.ZITADEL_CLIENT_ID ?? '',\n fields,\n strategyName = DEFAULT_CONFIG.strategyName,\n api,\n callbacks,\n components\n } = config ?? {}\n\n let errors = []\n\n if (!issuerURL) {\n errors.push(ERRORS.issuerURL)\n }\n\n if (!clientId) {\n errors.push(ERRORS.clientId)\n }\n\n if (!api && process.env.ZITADEL_API_CLIENT_ID) {\n\n const keyId = process.env.ZITADEL_API_KEY_ID ?? ''\n if (!keyId) {\n errors.push(ERRORS.apiKeyId)\n }\n\n const key = process.env.ZITADEL_API_KEY ?? ''\n if (!key) {\n errors.push(ERRORS.apiKey)\n }\n\n api = {\n clientId: process.env.ZITADEL_API_CLIENT_ID,\n keyId,\n key\n }\n\n }\n\n if (errors.length && [PHASE_DEVELOPMENT_SERVER, PHASE_PRODUCTION_SERVER].includes(process.env.NEXT_PHASE ?? '')) {\n console.warn('The following errors accured during initialization of the payload zitadel plugin:')\n for (const error of errors)\n console.warn(error)\n }\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ...fields}\n\n return (incomingConfig) => ({\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...components?.avatar ? {} : {\n avatar: {\n Component: {\n ...AvatarComponent,\n clientProps: {\n imageFieldName: fieldsConfig.image.name\n } satisfies ZitadelAvatarProps\n }\n }\n },\n ...components?.loginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n ...LoginButtonComponent,\n serverProps: {\n label: components?.loginButton?.label ?? DEFAULT_CONFIG.label\n }\n }\n ]\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == getAuthSlug(incomingConfig) ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n strategyName: strategyName,\n issuerURL,\n fields: fieldsConfig,\n api: api ?? false\n })\n ]\n },\n hooks: {\n afterLogout: [async () => (await cookies()).set(COOKIES.logout)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize({\n issuerURL,\n clientId\n })\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback({\n issuerURL,\n clientId,\n fields: fieldsConfig,\n afterLogin: callbacks?.afterLogin ?? defaultRedirect,\n afterLogout: callbacks?.afterLogout ?? defaultRedirect\n })\n },\n {\n path: ROUTES.end_session,\n method: 'get',\n handler: (req) => requestRedirect({req, issuerURL, clientId, invokedBy: 'end_session'})\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n })\n\n}"],"names":["cookies","AvatarComponent","LoginButtonComponent","COOKIES","DEFAULT_CONFIG","ERRORS","ROUTES","authorize","callback","zitadelStrategy","translations","defaultRedirect","getAuthSlug","requestRedirect","PHASE_DEVELOPMENT_SERVER","PHASE_PRODUCTION_SERVER","zitadelPlugin","config","issuerURL","process","env","ZITADEL_URL","clientId","ZITADEL_CLIENT_ID","fields","strategyName","api","callbacks","components","errors","push","ZITADEL_API_CLIENT_ID","keyId","ZITADEL_API_KEY_ID","apiKeyId","key","ZITADEL_API_KEY","apiKey","length","includes","NEXT_PHASE","console","warn","error","fieldsConfig","incomingConfig","admin","avatar","Component","clientProps","imageFieldName","image","name","loginButton","afterLogin","serverProps","label","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","hooks","afterLogout","set","logout","endpoints","path","method","handler","end_session","req","invokedBy","id","type","readOnly","index","unique","required","email","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,eAAe,EAAEC,oBAAoB,QAAO,wBAAuB;AAC3E,SAAQC,OAAO,EAAEC,cAAc,EAAEC,MAAM,EAAEC,MAAM,QAAO,iBAAgB;AACtE,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAC7C,SAAQC,YAAY,QAAO,oBAAmB;AAE9C,SAAQC,eAAe,EAAEC,WAAW,EAAEC,eAAe,QAAO,mBAAkB;AAC9E,SAAQC,wBAAwB,EAAEC,uBAAuB,QAAO,oBAAmB;AAEnF,OAAO,MAAMC,gBAA+B,CAACC;IAEzC,IAAI,EACAC,YAAYC,QAAQC,GAAG,CAACC,WAAW,IAAI,EAAE,EACzCC,WAAWH,QAAQC,GAAG,CAACG,iBAAiB,IAAI,EAAE,EAC9CC,MAAM,EACNC,eAAerB,eAAeqB,YAAY,EAC1CC,GAAG,EACHC,SAAS,EACTC,UAAU,EACb,GAAGX,UAAU,CAAC;IAEf,IAAIY,SAAS,EAAE;IAEf,IAAI,CAACX,WAAW;QACZW,OAAOC,IAAI,CAACzB,OAAOa,SAAS;IAChC;IAEA,IAAI,CAACI,UAAU;QACXO,OAAOC,IAAI,CAACzB,OAAOiB,QAAQ;IAC/B;IAEA,IAAI,CAACI,OAAOP,QAAQC,GAAG,CAACW,qBAAqB,EAAE;QAE3C,MAAMC,QAAQb,QAAQC,GAAG,CAACa,kBAAkB,IAAI;QAChD,IAAI,CAACD,OAAO;YACRH,OAAOC,IAAI,CAACzB,OAAO6B,QAAQ;QAC/B;QAEA,MAAMC,MAAMhB,QAAQC,GAAG,CAACgB,eAAe,IAAI;QAC3C,IAAI,CAACD,KAAK;YACNN,OAAOC,IAAI,CAACzB,OAAOgC,MAAM;QAC7B;QAEAX,MAAM;YACFJ,UAAUH,QAAQC,GAAG,CAACW,qBAAqB;YAC3CC;YACAG;QACJ;IAEJ;IAEA,IAAIN,OAAOS,MAAM,IAAI;QAACxB;QAA0BC;KAAwB,CAACwB,QAAQ,CAACpB,QAAQC,GAAG,CAACoB,UAAU,IAAI,KAAK;QAC7GC,QAAQC,IAAI,CAAC;QACb,KAAK,MAAMC,SAASd,OAChBY,QAAQC,IAAI,CAACC;IACrB;IAEA,MAAMC,eAAe;QAAC,GAAGxC,eAAeoB,MAAM;QAAE,GAAGA,MAAM;IAAA;IAEzD,OAAO,CAACqB,iBAAoB,CAAA;YACxB,GAAGA,cAAc;YACjBC,OAAO;gBACH,GAAGD,eAAeC,KAAK;gBACvB,GAAGlB,YAAYmB,SAAS,CAAC,IAAI;oBACzBA,QAAQ;wBACJC,WAAW;4BACP,GAAG/C,eAAe;4BAClBgD,aAAa;gCACTC,gBAAgBN,aAAaO,KAAK,CAACC,IAAI;4BAC3C;wBACJ;oBACJ;gBACJ,CAAC;gBACD,GAAGxB,YAAYyB,cAAc,CAAC,IAAI;oBAC9BzB,YAAY;wBACR,GAAGiB,eAAeC,KAAK,EAAElB,UAAU;wBACnC0B,YAAY;+BACLT,eAAeC,KAAK,EAAElB,YAAY0B,cAAc,EAAE;4BACrD;gCACI,GAAGpD,oBAAoB;gCACvBqD,aAAa;oCACTC,OAAO5B,YAAYyB,aAAaG,SAASpD,eAAeoD,KAAK;gCACjE;4BACJ;yBACH;oBACL;gBACJ,CAAC;YACL;YACAC,aAAa,AAACZ,CAAAA,eAAeY,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAIlD,YAAYiC,kBAAkB;wBAChDgB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/BvD,gBAAgB;oCACZgB,cAAcA;oCACdP;oCACAM,QAAQoB;oCACRlB,KAAKA,OAAO;gCAChB;6BACH;wBACL;wBACAuC,OAAO;4BACHC,aAAa;gCAAC,UAAY,AAAC,CAAA,MAAMlE,SAAQ,EAAGmE,GAAG,CAAChE,QAAQiE,MAAM;6BAAE;wBACpE;wBACAC,WAAW;4BACP;gCACIC,MAAMhE,OAAOC,SAAS;gCACtBgE,QAAQ;gCACRC,SAASjE,UAAU;oCACfW;oCACAI;gCACJ;4BACJ;4BACA;gCACIgD,MAAMhE,OAAOE,QAAQ;gCACrB+D,QAAQ;gCACRC,SAAShE,SAAS;oCACdU;oCACAI;oCACAE,QAAQoB;oCACRU,YAAY3B,WAAW2B,cAAc3C;oCACrCuD,aAAavC,WAAWuC,eAAevD;gCAC3C;4BACJ;4BACA;gCACI2D,MAAMhE,OAAOmE,WAAW;gCACxBF,QAAQ;gCACRC,SAAS,CAACE,MAAQ7D,gBAAgB;wCAAC6D;wCAAKxD;wCAAWI;wCAAUqD,WAAW;oCAAa;4BACzF;yBACH;wBACDnD,QAAQ;+BACDmC,WAAWnC,MAAM;4BACpB;gCACI,GAAGoB,aAAagC,EAAE;gCAClBC,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGrC,aAAaQ,IAAI;gCACpByB,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAasC,KAAK;gCACrBL,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAaO,KAAK;gCACrB0B,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGlC,aAAauC,KAAK;gCACrBN,MAAM;gCACN/B,OAAO;oCACHgC,UAAU;gCACd;gCACAtD,QAAQ;oCACJ;wCACI,GAAGoB,aAAawC,UAAU,CAAChC,IAAI;wCAC/ByB,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAQ,MAAM;gBACF,GAAGxC,eAAewC,IAAI;gBACtB3E,cAAc;oBACV,GAAGmC,eAAewC,IAAI,EAAE3E,YAAY;oBACpC4E,IAAI;wBACA,GAAGzC,eAAewC,IAAI,EAAE3E,cAAc4E,EAAE;wBACxC,GAAG5E,aAAa4E,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAG1C,eAAewC,IAAI,EAAE3E,cAAc6E,EAAE;wBACxC,GAAG7E,aAAa6E,EAAE;oBACtB;gBACJ;YACJ;QACJ,CAAA;AAEJ,EAAC"}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {AvatarComponent, LoginButtonComponent} from './components/index.js'\nimport {COOKIES, DEFAULT_CONFIG, ERRORS, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {translations} from './translations.js'\nimport {ZitadelAvatarProps, ZitadelJWT, ZitadelPlugin} from './types.js'\nimport {defaultRedirect, getAuthSlug, requestRedirect} from './utils/index.js'\nimport {PHASE_DEVELOPMENT_SERVER, PHASE_PRODUCTION_SERVER} from 'next/constants.js'\n\nexport const zitadelPlugin: ZitadelPlugin = (config) => {\n\n let {\n issuerURL = process.env.ZITADEL_URL ?? '',\n clientId = process.env.ZITADEL_CLIENT_ID ?? '',\n fields,\n strategyName = DEFAULT_CONFIG.strategyName,\n api,\n callbacks,\n components\n } = config ?? {}\n\n let errors = []\n\n if (!issuerURL) {\n errors.push(ERRORS.issuerURL)\n }\n\n if (!clientId) {\n errors.push(ERRORS.clientId)\n }\n\n if (!api) {\n\n if (process.env.ZITADEL_API_JWT) {\n\n try {\n api = {\n type: 'jwt',\n jwt: JSON.parse(process.env.ZITADEL_API_JWT) as ZitadelJWT\n }\n } catch (e) {\n errors.push(ERRORS.apiJWT)\n }\n\n } else if (process.env.ZITADEL_API_CLIENT_ID) {\n\n const clientSecret = process.env.ZITADEL_API_CLIENT_SECRET ?? ''\n if (!clientSecret) {\n errors.push(ERRORS.apiClientSecret)\n }\n\n api = {\n type: 'basic',\n clientId: process.env.ZITADEL_API_CLIENT_ID,\n clientSecret\n }\n\n }\n\n }\n\n if (errors.length && [PHASE_DEVELOPMENT_SERVER, PHASE_PRODUCTION_SERVER].includes(process.env.NEXT_PHASE ?? '')) {\n console.warn('The following errors occurred during initialization of the payload zitadel plugin:')\n for (const error of errors)\n console.warn(error)\n }\n\n const fieldsConfig = {...DEFAULT_CONFIG.fields, ...fields}\n\n return (incomingConfig) => ({\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...components?.avatar ? {} : {\n avatar: {\n Component: {\n ...AvatarComponent,\n clientProps: {\n imageFieldName: fieldsConfig.image.name\n } satisfies ZitadelAvatarProps\n }\n }\n },\n ...components?.loginButton ? {} : {\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin ?? [],\n {\n ...LoginButtonComponent,\n serverProps: {\n label: components?.loginButton?.label ?? DEFAULT_CONFIG.label\n }\n }\n ]\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == getAuthSlug(incomingConfig) ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n strategyName: strategyName,\n issuerURL,\n fields: fieldsConfig,\n api: api ?? false\n })\n ]\n },\n hooks: {\n afterLogout: [async () => (await cookies()).set(COOKIES.logout)]\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize({\n issuerURL,\n clientId\n })\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback({\n issuerURL,\n clientId,\n fields: fieldsConfig,\n afterLogin: callbacks?.afterLogin ?? defaultRedirect,\n afterLogout: callbacks?.afterLogout ?? defaultRedirect\n })\n },\n {\n path: ROUTES.end_session,\n method: 'get',\n handler: (req) => requestRedirect({req, issuerURL, clientId, invokedBy: 'end_session'})\n }\n ],\n fields: [\n ...collection.fields,\n {\n ...fieldsConfig.id,\n type: 'text',\n admin: {\n readOnly: true\n },\n index: true,\n unique: true,\n required: true\n },\n {\n ...fieldsConfig.name,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.email,\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.image,\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n ...fieldsConfig.roles,\n type: 'array',\n admin: {\n readOnly: true\n },\n fields: [\n {\n ...fieldsConfig.roleFields.name,\n type: 'text'\n }\n ]\n }\n ]\n } : {}\n }\n }),\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n })\n\n}"],"names":["cookies","AvatarComponent","LoginButtonComponent","COOKIES","DEFAULT_CONFIG","ERRORS","ROUTES","authorize","callback","zitadelStrategy","translations","defaultRedirect","getAuthSlug","requestRedirect","PHASE_DEVELOPMENT_SERVER","PHASE_PRODUCTION_SERVER","zitadelPlugin","config","issuerURL","process","env","ZITADEL_URL","clientId","ZITADEL_CLIENT_ID","fields","strategyName","api","callbacks","components","errors","push","ZITADEL_API_JWT","type","jwt","JSON","parse","e","apiJWT","ZITADEL_API_CLIENT_ID","clientSecret","ZITADEL_API_CLIENT_SECRET","apiClientSecret","length","includes","NEXT_PHASE","console","warn","error","fieldsConfig","incomingConfig","admin","avatar","Component","clientProps","imageFieldName","image","name","loginButton","afterLogin","serverProps","label","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","hooks","afterLogout","set","logout","endpoints","path","method","handler","end_session","req","invokedBy","id","readOnly","index","unique","required","email","roles","roleFields","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,eAAe,EAAEC,oBAAoB,QAAO,wBAAuB;AAC3E,SAAQC,OAAO,EAAEC,cAAc,EAAEC,MAAM,EAAEC,MAAM,QAAO,iBAAgB;AACtE,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAC7C,SAAQC,YAAY,QAAO,oBAAmB;AAE9C,SAAQC,eAAe,EAAEC,WAAW,EAAEC,eAAe,QAAO,mBAAkB;AAC9E,SAAQC,wBAAwB,EAAEC,uBAAuB,QAAO,oBAAmB;AAEnF,OAAO,MAAMC,gBAA+B,CAACC;IAEzC,IAAI,EACAC,YAAYC,QAAQC,GAAG,CAACC,WAAW,IAAI,EAAE,EACzCC,WAAWH,QAAQC,GAAG,CAACG,iBAAiB,IAAI,EAAE,EAC9CC,MAAM,EACNC,eAAerB,eAAeqB,YAAY,EAC1CC,GAAG,EACHC,SAAS,EACTC,UAAU,EACb,GAAGX,UAAU,CAAC;IAEf,IAAIY,SAAS,EAAE;IAEf,IAAI,CAACX,WAAW;QACZW,OAAOC,IAAI,CAACzB,OAAOa,SAAS;IAChC;IAEA,IAAI,CAACI,UAAU;QACXO,OAAOC,IAAI,CAACzB,OAAOiB,QAAQ;IAC/B;IAEA,IAAI,CAACI,KAAK;QAEN,IAAIP,QAAQC,GAAG,CAACW,eAAe,EAAE;YAE7B,IAAI;gBACAL,MAAM;oBACFM,MAAM;oBACNC,KAAKC,KAAKC,KAAK,CAAChB,QAAQC,GAAG,CAACW,eAAe;gBAC/C;YACJ,EAAE,OAAOK,GAAG;gBACRP,OAAOC,IAAI,CAACzB,OAAOgC,MAAM;YAC7B;QAEJ,OAAO,IAAIlB,QAAQC,GAAG,CAACkB,qBAAqB,EAAE;YAE1C,MAAMC,eAAepB,QAAQC,GAAG,CAACoB,yBAAyB,IAAI;YAC9D,IAAI,CAACD,cAAc;gBACfV,OAAOC,IAAI,CAACzB,OAAOoC,eAAe;YACtC;YAEAf,MAAM;gBACFM,MAAM;gBACNV,UAAUH,QAAQC,GAAG,CAACkB,qBAAqB;gBAC3CC;YACJ;QAEJ;IAEJ;IAEA,IAAIV,OAAOa,MAAM,IAAI;QAAC5B;QAA0BC;KAAwB,CAAC4B,QAAQ,CAACxB,QAAQC,GAAG,CAACwB,UAAU,IAAI,KAAK;QAC7GC,QAAQC,IAAI,CAAC;QACb,KAAK,MAAMC,SAASlB,OAChBgB,QAAQC,IAAI,CAACC;IACrB;IAEA,MAAMC,eAAe;QAAC,GAAG5C,eAAeoB,MAAM;QAAE,GAAGA,MAAM;IAAA;IAEzD,OAAO,CAACyB,iBAAoB,CAAA;YACxB,GAAGA,cAAc;YACjBC,OAAO;gBACH,GAAGD,eAAeC,KAAK;gBACvB,GAAGtB,YAAYuB,SAAS,CAAC,IAAI;oBACzBA,QAAQ;wBACJC,WAAW;4BACP,GAAGnD,eAAe;4BAClBoD,aAAa;gCACTC,gBAAgBN,aAAaO,KAAK,CAACC,IAAI;4BAC3C;wBACJ;oBACJ;gBACJ,CAAC;gBACD,GAAG5B,YAAY6B,cAAc,CAAC,IAAI;oBAC9B7B,YAAY;wBACR,GAAGqB,eAAeC,KAAK,EAAEtB,UAAU;wBACnC8B,YAAY;+BACLT,eAAeC,KAAK,EAAEtB,YAAY8B,cAAc,EAAE;4BACrD;gCACI,GAAGxD,oBAAoB;gCACvByD,aAAa;oCACTC,OAAOhC,YAAY6B,aAAaG,SAASxD,eAAewD,KAAK;gCACjE;4BACJ;yBACH;oBACL;gBACJ,CAAC;YACL;YACAC,aAAa,AAACZ,CAAAA,eAAeY,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAItD,YAAYqC,kBAAkB;wBAChDgB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/B3D,gBAAgB;oCACZgB,cAAcA;oCACdP;oCACAM,QAAQwB;oCACRtB,KAAKA,OAAO;gCAChB;6BACH;wBACL;wBACA2C,OAAO;4BACHC,aAAa;gCAAC,UAAY,AAAC,CAAA,MAAMtE,SAAQ,EAAGuE,GAAG,CAACpE,QAAQqE,MAAM;6BAAE;wBACpE;wBACAC,WAAW;4BACP;gCACIC,MAAMpE,OAAOC,SAAS;gCACtBoE,QAAQ;gCACRC,SAASrE,UAAU;oCACfW;oCACAI;gCACJ;4BACJ;4BACA;gCACIoD,MAAMpE,OAAOE,QAAQ;gCACrBmE,QAAQ;gCACRC,SAASpE,SAAS;oCACdU;oCACAI;oCACAE,QAAQwB;oCACRU,YAAY/B,WAAW+B,cAAc/C;oCACrC2D,aAAa3C,WAAW2C,eAAe3D;gCAC3C;4BACJ;4BACA;gCACI+D,MAAMpE,OAAOuE,WAAW;gCACxBF,QAAQ;gCACRC,SAAS,CAACE,MAAQjE,gBAAgB;wCAACiE;wCAAK5D;wCAAWI;wCAAUyD,WAAW;oCAAa;4BACzF;yBACH;wBACDvD,QAAQ;+BACDuC,WAAWvC,MAAM;4BACpB;gCACI,GAAGwB,aAAagC,EAAE;gCAClBhD,MAAM;gCACNkB,OAAO;oCACH+B,UAAU;gCACd;gCACAC,OAAO;gCACPC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACI,GAAGpC,aAAaQ,IAAI;gCACpBxB,MAAM;gCACNkB,OAAO;oCACH+B,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGjC,aAAaqC,KAAK;gCACrBrD,MAAM;gCACNkB,OAAO;oCACH+B,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGjC,aAAaO,KAAK;gCACrBvB,MAAM;gCACNkB,OAAO;oCACH+B,UAAU;gCACd;4BACJ;4BACA;gCACI,GAAGjC,aAAasC,KAAK;gCACrBtD,MAAM;gCACNkB,OAAO;oCACH+B,UAAU;gCACd;gCACAzD,QAAQ;oCACJ;wCACI,GAAGwB,aAAauC,UAAU,CAAC/B,IAAI;wCAC/BxB,MAAM;oCACV;iCACH;4BACL;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YACAwD,MAAM;gBACF,GAAGvC,eAAeuC,IAAI;gBACtB9E,cAAc;oBACV,GAAGuC,eAAeuC,IAAI,EAAE9E,YAAY;oBACpC+E,IAAI;wBACA,GAAGxC,eAAeuC,IAAI,EAAE9E,cAAc+E,EAAE;wBACxC,GAAG/E,aAAa+E,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAGzC,eAAeuC,IAAI,EAAE9E,cAAcgF,EAAE;wBACxC,GAAGhF,aAAagF,EAAE;oBACtB;gBACJ;YACJ;QACJ,CAAA;AAEJ,EAAC"}
|
package/dist/strategy.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"strategy.d.ts","sourceRoot":"","sources":["../src/strategy.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"strategy.d.ts","sourceRoot":"","sources":["../src/strategy.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAiB,eAAe,EAAC,MAAM,YAAY,CAAA;AAG/D,eAAO,MAAM,eAAe,EAAE,eAkG5B,CAAA"}
|
package/dist/strategy.js
CHANGED
|
@@ -1,12 +1,14 @@
|
|
|
1
|
+
import { createPrivateKey } from 'crypto';
|
|
1
2
|
import { jwtVerify, SignJWT } from 'jose';
|
|
2
3
|
import { cookies } from 'next/headers.js';
|
|
3
|
-
import { COOKIES, ENDPOINT_PATHS } from './constants.js';
|
|
4
|
+
import { COOKIES, ENDPOINT_PATHS, ROLES_KEY } from './constants.js';
|
|
4
5
|
import { getAuthSlug } from './utils/index.js';
|
|
5
6
|
export const zitadelStrategy = ({ strategyName, issuerURL, fields, api })=>({
|
|
6
7
|
name: strategyName,
|
|
7
8
|
authenticate: async ({ headers, payload })=>{
|
|
8
9
|
const authSlug = getAuthSlug(payload.config);
|
|
9
|
-
let
|
|
10
|
+
let idpId;
|
|
11
|
+
let introspection;
|
|
10
12
|
let user = null;
|
|
11
13
|
const cookieStore = await cookies();
|
|
12
14
|
if (api) {
|
|
@@ -16,43 +18,62 @@ export const zitadelStrategy = ({ strategyName, issuerURL, fields, api })=>({
|
|
|
16
18
|
const introspect = await fetch(issuerURL + ENDPOINT_PATHS.introspect, {
|
|
17
19
|
method: 'post',
|
|
18
20
|
headers: {
|
|
19
|
-
'Content-Type': 'application/x-www-form-urlencoded'
|
|
21
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
22
|
+
...api.type == 'basic' ? {
|
|
23
|
+
'Authorization': `Basic ${btoa(`${api.clientId}:${api.clientSecret}`)}`
|
|
24
|
+
} : {}
|
|
20
25
|
},
|
|
21
26
|
body: new URLSearchParams({
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
27
|
+
...api.type == 'jwt' ? {
|
|
28
|
+
client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
|
|
29
|
+
client_assertion: await new SignJWT().setAudience(issuerURL).setExpirationTime('1h').setIssuedAt().setIssuer(api.jwt.clientId).setProtectedHeader({
|
|
30
|
+
alg: 'RS256',
|
|
31
|
+
kid: api.jwt.keyId
|
|
32
|
+
}).setSubject(api.jwt.clientId).sign(createPrivateKey(api.jwt.key))
|
|
33
|
+
} : {},
|
|
34
|
+
token: authHeader.split(' ')[1]
|
|
28
35
|
})
|
|
29
36
|
});
|
|
30
37
|
if (introspect.ok) {
|
|
31
38
|
const data = await introspect.json();
|
|
32
39
|
if (data?.active) {
|
|
33
|
-
|
|
40
|
+
idpId = data.sub;
|
|
41
|
+
introspection = {
|
|
42
|
+
[fields.name.name]: data.name,
|
|
43
|
+
[fields.roles.name]: Object.keys(data[ROLES_KEY] ?? {}).map((key)=>({
|
|
44
|
+
[fields.roleFields.name.name]: key
|
|
45
|
+
}))
|
|
46
|
+
};
|
|
34
47
|
}
|
|
35
48
|
}
|
|
36
49
|
}
|
|
37
50
|
}
|
|
38
51
|
// in case of normal browsing
|
|
39
|
-
if (!
|
|
52
|
+
if (!idpId && cookieStore.has(COOKIES.idToken.name)) {
|
|
40
53
|
const { payload: jwtPayload } = await jwtVerify(cookieStore.get(COOKIES.idToken.name)?.value ?? '', new TextEncoder().encode(payload.secret));
|
|
41
|
-
|
|
54
|
+
idpId = jwtPayload.sub;
|
|
42
55
|
}
|
|
43
56
|
// search for associated user
|
|
44
|
-
if (
|
|
57
|
+
if (idpId) {
|
|
45
58
|
const { docs, totalDocs } = await payload.find({
|
|
46
59
|
collection: authSlug,
|
|
47
60
|
where: {
|
|
48
61
|
[fields.id.name]: {
|
|
49
|
-
equals:
|
|
62
|
+
equals: idpId
|
|
50
63
|
}
|
|
51
64
|
}
|
|
52
65
|
});
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
66
|
+
user = totalDocs ? introspection ? await payload.update({
|
|
67
|
+
collection: authSlug,
|
|
68
|
+
id: docs[0].id,
|
|
69
|
+
data: introspection
|
|
70
|
+
}) : docs[0] : introspection ? await payload.create({
|
|
71
|
+
collection: authSlug,
|
|
72
|
+
data: {
|
|
73
|
+
[fields.id.name]: idpId,
|
|
74
|
+
...introspection
|
|
75
|
+
}
|
|
76
|
+
}) : null;
|
|
56
77
|
}
|
|
57
78
|
return {
|
|
58
79
|
user: user ? {
|
package/dist/strategy.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/strategy.ts"],"sourcesContent":["import {jwtVerify, SignJWT} from 'jose'\nimport {cookies} from 'next/headers.js'\nimport {TypeWithID} from 'payload'\nimport {COOKIES, ENDPOINT_PATHS} from './constants.js'\nimport type {ZitadelIdToken, ZitadelStrategy} from './types.js'\nimport {getAuthSlug} from './utils/index.js'\n\nexport const zitadelStrategy: ZitadelStrategy = ({\n strategyName,\n issuerURL,\n fields,\n api\n }) => ({\n name: strategyName,\n authenticate: async ({headers, payload}) => {\n\n const authSlug = getAuthSlug(payload.config)\n\n let
|
|
1
|
+
{"version":3,"sources":["../src/strategy.ts"],"sourcesContent":["import {createPrivateKey} from 'crypto'\nimport {jwtVerify, SignJWT} from 'jose'\nimport {cookies} from 'next/headers.js'\nimport {TypeWithID} from 'payload'\nimport {COOKIES, ENDPOINT_PATHS, ROLES_KEY} from './constants.js'\nimport type {ZitadelIdToken, ZitadelStrategy} from './types.js'\nimport {getAuthSlug} from './utils/index.js'\n\nexport const zitadelStrategy: ZitadelStrategy = ({\n strategyName,\n issuerURL,\n fields,\n api\n }) => ({\n name: strategyName,\n authenticate: async ({headers, payload}) => {\n\n const authSlug = getAuthSlug(payload.config)\n\n let idpId: string | undefined\n let introspection\n let user: TypeWithID | null = null\n\n const cookieStore = await cookies()\n\n if (api) {\n // in case of API call\n const authHeader = headers.get('Authorization')\n if (authHeader?.includes('Bearer')) {\n const introspect = await fetch(issuerURL + ENDPOINT_PATHS.introspect, {\n method: 'post',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n ...api.type == 'basic' ? {\n 'Authorization': `Basic ${btoa(`${api.clientId}:${api.clientSecret}`)}`\n } : {}\n },\n body: new URLSearchParams({\n ...api.type == 'jwt' ? {\n client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',\n client_assertion: await new SignJWT()\n .setAudience(issuerURL)\n .setExpirationTime('1h')\n .setIssuedAt()\n .setIssuer(api.jwt.clientId)\n .setProtectedHeader({\n alg: 'RS256',\n kid: api.jwt.keyId\n })\n .setSubject(api.jwt.clientId)\n .sign(createPrivateKey(api.jwt.key))\n } : {},\n token: authHeader.split(' ')[1]\n })\n })\n if (introspect.ok) {\n const data = await introspect.json()\n if (data?.active) {\n idpId = data.sub\n introspection = {\n [fields.name.name]: data.name,\n [fields.roles.name]: Object.keys(data[ROLES_KEY] ?? {})\n .map(key => ({[fields.roleFields.name.name]: key}))\n }\n }\n }\n }\n }\n\n // in case of normal browsing\n if (!idpId && cookieStore.has(COOKIES.idToken.name)) {\n const {payload: jwtPayload} = await jwtVerify<ZitadelIdToken>(cookieStore.get(COOKIES.idToken.name)?.value ?? '', new TextEncoder().encode(payload.secret))\n idpId = jwtPayload.sub\n }\n\n // search for associated user\n if (idpId) {\n const {docs, totalDocs} = await payload.find({\n collection: authSlug,\n where: {\n [fields.id.name]: {\n equals: idpId\n }\n }\n })\n user = totalDocs ? (introspection ? await payload.update({\n collection: authSlug,\n id: docs[0].id,\n data: introspection\n }) : docs[0]) : (introspection ? await payload.create({\n collection: authSlug,\n data: {\n [fields.id.name]: idpId,\n ...introspection\n }\n }) : null)\n }\n\n return {\n user: user ? {\n collection: authSlug,\n ...user\n } : null\n }\n\n }\n})"],"names":["createPrivateKey","jwtVerify","SignJWT","cookies","COOKIES","ENDPOINT_PATHS","ROLES_KEY","getAuthSlug","zitadelStrategy","strategyName","issuerURL","fields","api","name","authenticate","headers","payload","authSlug","config","idpId","introspection","user","cookieStore","authHeader","get","includes","introspect","fetch","method","type","btoa","clientId","clientSecret","body","URLSearchParams","client_assertion_type","client_assertion","setAudience","setExpirationTime","setIssuedAt","setIssuer","jwt","setProtectedHeader","alg","kid","keyId","setSubject","sign","key","token","split","ok","data","json","active","sub","roles","Object","keys","map","roleFields","has","idToken","jwtPayload","value","TextEncoder","encode","secret","docs","totalDocs","find","collection","where","id","equals","update","create"],"mappings":"AAAA,SAAQA,gBAAgB,QAAO,SAAQ;AACvC,SAAQC,SAAS,EAAEC,OAAO,QAAO,OAAM;AACvC,SAAQC,OAAO,QAAO,kBAAiB;AAEvC,SAAQC,OAAO,EAAEC,cAAc,EAAEC,SAAS,QAAO,iBAAgB;AAEjE,SAAQC,WAAW,QAAO,mBAAkB;AAE5C,OAAO,MAAMC,kBAAmC,CAAC,EACIC,YAAY,EACZC,SAAS,EACTC,MAAM,EACNC,GAAG,EACN,GAAM,CAAA;QACpDC,MAAMJ;QACNK,cAAc,OAAO,EAACC,OAAO,EAAEC,OAAO,EAAC;YAEnC,MAAMC,WAAWV,YAAYS,QAAQE,MAAM;YAE3C,IAAIC;YACJ,IAAIC;YACJ,IAAIC,OAA0B;YAE9B,MAAMC,cAAc,MAAMnB;YAE1B,IAAIS,KAAK;gBACL,sBAAsB;gBACtB,MAAMW,aAAaR,QAAQS,GAAG,CAAC;gBAC/B,IAAID,YAAYE,SAAS,WAAW;oBAChC,MAAMC,aAAa,MAAMC,MAAMjB,YAAYL,eAAeqB,UAAU,EAAE;wBAClEE,QAAQ;wBACRb,SAAS;4BACL,gBAAgB;4BAChB,GAAGH,IAAIiB,IAAI,IAAI,UAAU;gCACrB,iBAAiB,CAAC,MAAM,EAAEC,KAAK,GAAGlB,IAAImB,QAAQ,CAAC,CAAC,EAAEnB,IAAIoB,YAAY,EAAE,GAAG;4BAC3E,IAAI,CAAC,CAAC;wBACV;wBACAC,MAAM,IAAIC,gBAAgB;4BACtB,GAAGtB,IAAIiB,IAAI,IAAI,QAAQ;gCACnBM,uBAAuB;gCACvBC,kBAAkB,MAAM,IAAIlC,UACvBmC,WAAW,CAAC3B,WACZ4B,iBAAiB,CAAC,MAClBC,WAAW,GACXC,SAAS,CAAC5B,IAAI6B,GAAG,CAACV,QAAQ,EAC1BW,kBAAkB,CAAC;oCAChBC,KAAK;oCACLC,KAAKhC,IAAI6B,GAAG,CAACI,KAAK;gCACtB,GACCC,UAAU,CAAClC,IAAI6B,GAAG,CAACV,QAAQ,EAC3BgB,IAAI,CAAC/C,iBAAiBY,IAAI6B,GAAG,CAACO,GAAG;4BAC1C,IAAI,CAAC,CAAC;4BACNC,OAAO1B,WAAW2B,KAAK,CAAC,IAAI,CAAC,EAAE;wBACnC;oBACJ;oBACA,IAAIxB,WAAWyB,EAAE,EAAE;wBACf,MAAMC,OAAO,MAAM1B,WAAW2B,IAAI;wBAClC,IAAID,MAAME,QAAQ;4BACdnC,QAAQiC,KAAKG,GAAG;4BAChBnC,gBAAgB;gCACZ,CAACT,OAAOE,IAAI,CAACA,IAAI,CAAC,EAAEuC,KAAKvC,IAAI;gCAC7B,CAACF,OAAO6C,KAAK,CAAC3C,IAAI,CAAC,EAAE4C,OAAOC,IAAI,CAACN,IAAI,CAAC9C,UAAU,IAAI,CAAC,GAChDqD,GAAG,CAACX,CAAAA,MAAQ,CAAA;wCAAC,CAACrC,OAAOiD,UAAU,CAAC/C,IAAI,CAACA,IAAI,CAAC,EAAEmC;oCAAG,CAAA;4BACxD;wBACJ;oBACJ;gBACJ;YACJ;YAEA,6BAA6B;YAC7B,IAAI,CAAC7B,SAASG,YAAYuC,GAAG,CAACzD,QAAQ0D,OAAO,CAACjD,IAAI,GAAG;gBACjD,MAAM,EAACG,SAAS+C,UAAU,EAAC,GAAG,MAAM9D,UAA0BqB,YAAYE,GAAG,CAACpB,QAAQ0D,OAAO,CAACjD,IAAI,GAAGmD,SAAS,IAAI,IAAIC,cAAcC,MAAM,CAAClD,QAAQmD,MAAM;gBACzJhD,QAAQ4C,WAAWR,GAAG;YAC1B;YAEA,6BAA6B;YAC7B,IAAIpC,OAAO;gBACP,MAAM,EAACiD,IAAI,EAAEC,SAAS,EAAC,GAAG,MAAMrD,QAAQsD,IAAI,CAAC;oBACzCC,YAAYtD;oBACZuD,OAAO;wBACH,CAAC7D,OAAO8D,EAAE,CAAC5D,IAAI,CAAC,EAAE;4BACd6D,QAAQvD;wBACZ;oBACJ;gBACJ;gBACAE,OAAOgD,YAAajD,gBAAgB,MAAMJ,QAAQ2D,MAAM,CAAC;oBACrDJ,YAAYtD;oBACZwD,IAAIL,IAAI,CAAC,EAAE,CAACK,EAAE;oBACdrB,MAAMhC;gBACV,KAAKgD,IAAI,CAAC,EAAE,GAAKhD,gBAAgB,MAAMJ,QAAQ4D,MAAM,CAAC;oBAClDL,YAAYtD;oBACZmC,MAAM;wBACF,CAACzC,OAAO8D,EAAE,CAAC5D,IAAI,CAAC,EAAEM;wBAClB,GAAGC,aAAa;oBACpB;gBACJ,KAAK;YACT;YAEA,OAAO;gBACHC,MAAMA,OAAO;oBACTkD,YAAYtD;oBACZ,GAAGI,IAAI;gBACX,IAAI;YACR;QAEJ;IACJ,CAAA,EAAE"}
|
package/dist/types.d.ts
CHANGED
|
@@ -50,11 +50,24 @@ export type ZitadelCallbackConfig = {
|
|
|
50
50
|
};
|
|
51
51
|
export type ZitadelBaseHandler<ConfigExtension = {}> = (config: ZitadelBaseConfig & ConfigExtension) => PayloadHandler;
|
|
52
52
|
export type ZitadelCallbackHandler = ZitadelBaseHandler<ZitadelUserConfig & ZitadelCallbackConfig>;
|
|
53
|
-
type
|
|
53
|
+
type ZitadelBasicAuth = {
|
|
54
54
|
clientId: string;
|
|
55
|
-
|
|
55
|
+
clientSecret: string;
|
|
56
|
+
};
|
|
57
|
+
export type ZitadelJWT = {
|
|
58
|
+
type?: 'application';
|
|
56
59
|
keyId: string;
|
|
60
|
+
key: string;
|
|
61
|
+
appId: string;
|
|
62
|
+
clientId: string;
|
|
57
63
|
};
|
|
64
|
+
type ZitadelAPIConfig = ({
|
|
65
|
+
type: 'jwt';
|
|
66
|
+
} & {
|
|
67
|
+
jwt: ZitadelJWT;
|
|
68
|
+
}) | {
|
|
69
|
+
type: 'basic';
|
|
70
|
+
} & ZitadelBasicAuth;
|
|
58
71
|
type ZitadelStrategyConfig = {
|
|
59
72
|
strategyName: string;
|
|
60
73
|
api: ZitadelAPIConfig | false;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAC,MAAM,SAAS,CAAA;AAC9F,OAAO,KAAK,EAAC,UAAU,EAAE,kBAAkB,EAAC,MAAM,0BAA0B,CAAA;AAC5E,OAAO,EAAC,YAAY,EAAC,MAAM,mBAAmB,CAAA;AAE9C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAC/E,CAAC,CAAA;AAEF,KAAK,kBAAkB,GAAG;IACtB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,EAAE,EAAE,kBAAkB,CAAA;IACtB,IAAI,EAAE,kBAAkB,CAAA;IACxB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,GAAG;QACxB,MAAM,EAAE;YACJ,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;YACzC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;SAC1C,CAAA;KACJ,CAAA;IACD,UAAU,EAAE;QACR,IAAI,EAAE,kBAAkB,CAAA;KAC3B,CAAA;CACJ,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,MAAM,EAAE,mBAAmB,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAC;IACvC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,KAAK,cAAc,GAAG,WAAW,GAAG,aAAa,CAAA;AAEjD,KAAK,gBAAgB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI;IACvE,SAAS,EAAE,SAAS,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAA;AAEtE,MAAM,MAAM,qBAAqB,GAAG;IAChC,UAAU,EAAE,cAAc,CAAA;IAC1B,WAAW,EAAE,cAAc,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,eAAe,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,iBAAiB,GAAG,eAAe,KAAK,cAAc,CAAA;AAEtH,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,CAAC,iBAAiB,GAAG,qBAAqB,CAAC,CAAA;AAElG,KAAK,gBAAgB,GAAG;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAC,MAAM,SAAS,CAAA;AAC9F,OAAO,KAAK,EAAC,UAAU,EAAE,kBAAkB,EAAC,MAAM,0BAA0B,CAAA;AAC5E,OAAO,EAAC,YAAY,EAAC,MAAM,mBAAmB,CAAA;AAE9C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,mCAAmC,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAC/E,CAAC,CAAA;AAEF,KAAK,kBAAkB,GAAG;IACtB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAC9B,EAAE,EAAE,kBAAkB,CAAA;IACtB,IAAI,EAAE,kBAAkB,CAAA;IACxB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,CAAA;IACzB,KAAK,EAAE,kBAAkB,GAAG;QACxB,MAAM,EAAE;YACJ,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;YACzC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;SAC1C,CAAA;KACJ,CAAA;IACD,UAAU,EAAE;QACR,IAAI,EAAE,kBAAkB,CAAA;KAC3B,CAAA;CACJ,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,MAAM,EAAE,mBAAmB,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAC;IACvC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,KAAK,cAAc,GAAG,WAAW,GAAG,aAAa,CAAA;AAEjD,KAAK,gBAAgB,CAAC,SAAS,SAAS,cAAc,GAAG,cAAc,IAAI;IACvE,SAAS,EAAE,SAAS,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAA;AAEtE,MAAM,MAAM,qBAAqB,GAAG;IAChC,UAAU,EAAE,cAAc,CAAA;IAC1B,WAAW,EAAE,cAAc,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,eAAe,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,iBAAiB,GAAG,eAAe,KAAK,cAAc,CAAA;AAEtH,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,CAAC,iBAAiB,GAAG,qBAAqB,CAAC,CAAA;AAElG,KAAK,gBAAgB,GAAG;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG;IACrB,IAAI,CAAC,EAAE,aAAa,CAAA;IACpB,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,gBAAgB,GAAG,CAAC;IACrB,IAAI,EAAE,KAAK,CAAA;CACd,GAAG;IACA,GAAG,EAAE,UAAU,CAAA;CAClB,CAAC,GAAG;IACD,IAAI,EAAE,OAAO,CAAA;CAChB,GAAG,gBAAgB,CAAA;AAEpB,KAAK,qBAAqB,GAAG;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,GAAG,EAAE,gBAAgB,GAAG,KAAK,CAAA;CAChC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,GAAG,iBAAiB,GAAG,qBAAqB,KAAK,YAAY,CAAA;AAEvI,KAAK,mBAAmB,GAAG;IACvB,OAAO,EAAE,IAAI,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC7B,cAAc,EAAE,MAAM,CAAA;CACzB,CAAA;AAED,KAAK,wBAAwB,GAAG;IAC5B,OAAO,EAAE,IAAI,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG,IAAI,CAAC,wBAAwB,EAAE,SAAS,CAAC,GAAG;IAC5F,IAAI,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,EAAE,kBAAkB,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAA;CACvF,CAAA;AAED,KAAK,uBAAuB,GAAG;IAC3B,MAAM,EAAE,mBAAmB,CAAA;IAC3B,WAAW,EAAE,wBAAwB,CAAA;CACxC,CAAA;AAED,KAAK,mBAAmB,GACpB,OAAO,CAAC,iBAAiB,CAAC,GACxB,OAAO,CAAC,iBAAiB,CAAC,GAC1B,OAAO,CAAC,qBAAqB,CAAC,GAC9B,OAAO,CAAC;IACV,SAAS,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAA;IACzC,UAAU,EAAE,OAAO,CAAC,uBAAuB,CAAC,CAAA;CAC/C,CAAC,CAAA;AAEF,MAAM,MAAM,aAAa,GAAG,CAAC,MAAM,CAAC,EAAE,mBAAmB,KAAK,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAA;AAExF,KAAK,6BAA6B,GAAG;IACjC,aAAa,EAAE,MAAM,CAAA;CACxB,CAAA;AAGD,KAAK,mBAAmB,GACpB,CAAC,gBAAgB,CAAC,WAAW,CAAC,GAAG,6BAA6B,CAAC,GAC7D,CAAC,gBAAgB,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC,6BAA6B,CAAC,CAAC,CAAA;AAEhF,KAAK,oBAAoB,GAAG;IACxB,GAAG,EAAE,cAAc,CAAA;CACtB,GAAG,iBAAiB,GAAG,mBAAmB,CAAA;AAE3C,MAAM,MAAM,qBAAqB,GAAG,CAAC,MAAM,EAAE,oBAAoB,KAAK,QAAQ,CAAA"}
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/types.ts"],"sourcesContent":["import type {AuthStrategy, Config, PayloadHandler, PayloadRequest, ServerProps} from 'payload'\nimport type {I18nClient, NestedKeysStripped} from '@payloadcms/translations'\nimport {translations} from './translations.js'\n\nexport type ZitadelIdToken = Partial<{\n sub: string\n name: string\n email: string\n picture: string\n 'urn:zitadel:iam:org:project:roles'?: Record<string, Record<string, string>>\n}>\n\ntype ZitadelFieldConfig = {\n hidden?: boolean\n name: string\n label: string | Record<string, string>\n}\n\nexport type ZitadelFieldsConfig = {\n id: ZitadelFieldConfig\n name: ZitadelFieldConfig\n email: ZitadelFieldConfig\n image: ZitadelFieldConfig\n roles: ZitadelFieldConfig & {\n labels: {\n singular: string | Record<string, string>\n plural: string | Record<string, string>\n }\n }\n roleFields: {\n name: ZitadelFieldConfig\n }\n}\n\ntype ZitadelBaseConfig = {\n issuerURL: string\n clientId: string\n}\n\ntype ZitadelUserConfig = {\n fields: ZitadelFieldsConfig\n}\n\nexport type ZitadelCallbackQuery = Partial<{\n code: string | null,\n state: string | null,\n}>\n\ntype ZitadelInvoker = 'authorize' | 'end_session'\n\ntype ZitadelInvokedBy<InvokedBy extends ZitadelInvoker = ZitadelInvoker> = {\n invokedBy: InvokedBy\n}\n\nexport type ZitadelCallbackState = Record<any, any> & ZitadelInvokedBy\n\nexport type ZitadelCallbackConfig = {\n afterLogin: PayloadHandler\n afterLogout: PayloadHandler\n}\n\nexport type ZitadelBaseHandler<ConfigExtension = {}> = (config: ZitadelBaseConfig & ConfigExtension) => PayloadHandler\n\nexport type ZitadelCallbackHandler = ZitadelBaseHandler<ZitadelUserConfig & ZitadelCallbackConfig>\n\ntype
|
|
1
|
+
{"version":3,"sources":["../src/types.ts"],"sourcesContent":["import type {AuthStrategy, Config, PayloadHandler, PayloadRequest, ServerProps} from 'payload'\nimport type {I18nClient, NestedKeysStripped} from '@payloadcms/translations'\nimport {translations} from './translations.js'\n\nexport type ZitadelIdToken = Partial<{\n sub: string\n name: string\n email: string\n picture: string\n 'urn:zitadel:iam:org:project:roles'?: Record<string, Record<string, string>>\n}>\n\ntype ZitadelFieldConfig = {\n hidden?: boolean\n name: string\n label: string | Record<string, string>\n}\n\nexport type ZitadelFieldsConfig = {\n id: ZitadelFieldConfig\n name: ZitadelFieldConfig\n email: ZitadelFieldConfig\n image: ZitadelFieldConfig\n roles: ZitadelFieldConfig & {\n labels: {\n singular: string | Record<string, string>\n plural: string | Record<string, string>\n }\n }\n roleFields: {\n name: ZitadelFieldConfig\n }\n}\n\ntype ZitadelBaseConfig = {\n issuerURL: string\n clientId: string\n}\n\ntype ZitadelUserConfig = {\n fields: ZitadelFieldsConfig\n}\n\nexport type ZitadelCallbackQuery = Partial<{\n code: string | null,\n state: string | null,\n}>\n\ntype ZitadelInvoker = 'authorize' | 'end_session'\n\ntype ZitadelInvokedBy<InvokedBy extends ZitadelInvoker = ZitadelInvoker> = {\n invokedBy: InvokedBy\n}\n\nexport type ZitadelCallbackState = Record<any, any> & ZitadelInvokedBy\n\nexport type ZitadelCallbackConfig = {\n afterLogin: PayloadHandler\n afterLogout: PayloadHandler\n}\n\nexport type ZitadelBaseHandler<ConfigExtension = {}> = (config: ZitadelBaseConfig & ConfigExtension) => PayloadHandler\n\nexport type ZitadelCallbackHandler = ZitadelBaseHandler<ZitadelUserConfig & ZitadelCallbackConfig>\n\ntype ZitadelBasicAuth = {\n clientId: string\n clientSecret: string\n}\n\nexport type ZitadelJWT = {\n type?: 'application'\n keyId: string\n key: string\n appId: string\n clientId: string\n}\n\ntype ZitadelAPIConfig = ({\n type: 'jwt'\n} & {\n jwt: ZitadelJWT\n}) | {\n type: 'basic'\n} & ZitadelBasicAuth\n\ntype ZitadelStrategyConfig = {\n strategyName: string\n api: ZitadelAPIConfig | false\n}\n\nexport type ZitadelStrategy = (config: Omit<ZitadelBaseConfig, 'clientId'> & ZitadelUserConfig & ZitadelStrategyConfig) => AuthStrategy\n\ntype ZitadelAvatarConfig = {\n disable: true\n}\n\nexport type ZitadelAvatarProps = {\n imageFieldName: string\n}\n\ntype ZitadelLoginButtonConfig = {\n disable: true\n label: string\n}\n\nexport type ZitadelLoginButtonProps = ServerProps & Omit<ZitadelLoginButtonConfig, 'disable'> & {\n i18n: I18nClient<typeof translations.en, NestedKeysStripped<typeof translations.en>>\n}\n\ntype ZitadelComponentsConfig = {\n avatar: ZitadelAvatarConfig\n loginButton: ZitadelLoginButtonConfig\n}\n\ntype ZitadelPluginConfig =\n Partial<ZitadelBaseConfig>\n & Partial<ZitadelUserConfig>\n & Partial<ZitadelStrategyConfig>\n & Partial<{\n callbacks: Partial<ZitadelCallbackConfig>\n components: Partial<ZitadelComponentsConfig>\n}>\n\nexport type ZitadelPlugin = (config?: ZitadelPluginConfig) => (config: Config) => Config\n\ntype ZitadelAuthorizeRequestConfig = {\n codeChallenge: string\n}\n\n\ntype ZitadelRequestState =\n (ZitadelInvokedBy<'authorize'> & ZitadelAuthorizeRequestConfig)\n | (ZitadelInvokedBy<'end_session'> & Partial<ZitadelAuthorizeRequestConfig>)\n\ntype ZitadelRequestConfig = {\n req: PayloadRequest\n} & ZitadelBaseConfig & ZitadelRequestState\n\nexport type ZitadelRequestHandler = (config: ZitadelRequestConfig) => Response\n\n\n"],"names":[],"mappings":"AA2IA,WAA8E"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "payload-zitadel-plugin",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.0",
|
|
4
4
|
"description": "plugin for Payload CMS, which enables authentication via Zitadel IdP",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
@@ -36,26 +36,26 @@
|
|
|
36
36
|
"dist"
|
|
37
37
|
],
|
|
38
38
|
"dependencies": {
|
|
39
|
-
"@payloadcms/next": "^3.59.
|
|
40
|
-
"@payloadcms/translations": "^3.59.
|
|
41
|
-
"@payloadcms/ui": "^3.59.
|
|
39
|
+
"@payloadcms/next": "^3.59.1",
|
|
40
|
+
"@payloadcms/translations": "^3.59.1",
|
|
41
|
+
"@payloadcms/ui": "^3.59.1",
|
|
42
42
|
"jose": "^6.1.0",
|
|
43
|
-
"next": "^15.5.
|
|
44
|
-
"payload": "^3.59.
|
|
43
|
+
"next": "^15.5.5",
|
|
44
|
+
"payload": "^3.59.1",
|
|
45
45
|
"react": "^19.2.0",
|
|
46
46
|
"react-dom": "^19.2.0"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
49
|
"@swc/cli": "^0.7.8",
|
|
50
|
-
"@swc/core": "^1.13.
|
|
51
|
-
"@types/node": "^24.7.
|
|
50
|
+
"@swc/core": "^1.13.5",
|
|
51
|
+
"@types/node": "^24.7.2",
|
|
52
52
|
"@types/react": "^19.2.2",
|
|
53
|
-
"@types/react-dom": "^19.2.
|
|
53
|
+
"@types/react-dom": "^19.2.2",
|
|
54
54
|
"rimraf": "^6.0.1",
|
|
55
55
|
"typescript": "^5.9.3"
|
|
56
56
|
},
|
|
57
57
|
"engines": {
|
|
58
|
-
"node": "^24.
|
|
58
|
+
"node": "^24.10.0"
|
|
59
59
|
},
|
|
60
60
|
"exports": {
|
|
61
61
|
".": {
|