@propelauth/nextjs
Advanced tools
Comparing version 0.0.118 to 0.0.119
@@ -23,2 +23,30 @@ import React from 'react'; | ||
} | ||
type InternalPasswordLoginMethod = { | ||
login_method: 'password'; | ||
}; | ||
type InternalMagicLinkLoginMethod = { | ||
login_method: 'magic_link'; | ||
}; | ||
type InternalSocialSsoLoginMethod = { | ||
login_method: 'social_sso'; | ||
provider: SocialLoginProvider; | ||
}; | ||
type InternalEmailConfirmationLinkLoginMethod = { | ||
login_method: 'email_confirmation_link'; | ||
}; | ||
type InternalSamlSsoLoginMethod = { | ||
login_method: 'saml_sso'; | ||
provider: SamlLoginProvider; | ||
org_id: string; | ||
}; | ||
type InternalImpersonationLoginMethod = { | ||
login_method: 'impersonation'; | ||
}; | ||
type InternalGeneratedFromBackendApiLoginMethod = { | ||
login_method: 'generated_from_backend_api'; | ||
}; | ||
type InternalUnknownLoginMethod = { | ||
login_method: 'unknown'; | ||
}; | ||
type InternalLoginMethod = InternalPasswordLoginMethod | InternalMagicLinkLoginMethod | InternalSocialSsoLoginMethod | InternalEmailConfirmationLinkLoginMethod | InternalSamlSsoLoginMethod | InternalImpersonationLoginMethod | InternalGeneratedFromBackendApiLoginMethod | InternalUnknownLoginMethod; | ||
type PasswordLoginMethod = { | ||
@@ -55,2 +83,3 @@ loginMethod: 'password'; | ||
userId: string; | ||
activeOrgId?: string; | ||
orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo; | ||
@@ -69,3 +98,5 @@ email: string; | ||
[key: string]: unknown; | ||
}, loginMethod?: LoginMethod); | ||
}, activeOrgId?: string, loginMethod?: LoginMethod); | ||
getActiveOrg(): OrgMemberInfo | undefined; | ||
getActiveOrgId(): string | undefined; | ||
getOrg(orgId: string): OrgMemberInfo | undefined; | ||
@@ -76,2 +107,3 @@ getOrgByName(orgName: string): OrgMemberInfo | undefined; | ||
static fromJSON(json: string): UserFromToken; | ||
static fromJwtPayload(payload: InternalUser): UserFromToken; | ||
} | ||
@@ -103,2 +135,30 @@ type OrgIdToOrgMemberInfo = { | ||
} | ||
type InternalOrgMemberInfo = { | ||
org_id: string; | ||
org_name: string; | ||
org_metadata: { | ||
[key: string]: any; | ||
}; | ||
url_safe_org_name: string; | ||
user_role: string; | ||
inherited_user_roles_plus_current_role: string[]; | ||
user_permissions: string[]; | ||
}; | ||
type InternalUser = { | ||
user_id: string; | ||
org_member_info?: InternalOrgMemberInfo; | ||
org_id_to_org_member_info?: { | ||
[org_id: string]: InternalOrgMemberInfo; | ||
}; | ||
email: string; | ||
first_name?: string; | ||
last_name?: string; | ||
username?: string; | ||
properties?: { | ||
[key: string]: unknown; | ||
}; | ||
login_method?: InternalLoginMethod; | ||
legacy_user_id?: string; | ||
impersonatorUserId?: string; | ||
}; | ||
@@ -115,2 +175,3 @@ declare class User { | ||
orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo; | ||
activeOrgId?: string; | ||
mfaEnabled: boolean; | ||
@@ -126,3 +187,3 @@ canCreateOrgs: boolean; | ||
impersonatorUserId?: string; | ||
constructor({ userId, email, emailConfirmed, hasPassword, username, firstName, lastName, pictureUrl, orgIdToOrgMemberInfo, mfaEnabled, canCreateOrgs, updatePasswordRequired, createdAt, lastActiveAt, legacyUserId, properties, impersonatorUserId, }: { | ||
constructor({ userId, email, emailConfirmed, hasPassword, username, firstName, lastName, pictureUrl, orgIdToOrgMemberInfo, activeOrgId, mfaEnabled, canCreateOrgs, updatePasswordRequired, createdAt, lastActiveAt, legacyUserId, properties, impersonatorUserId, }: { | ||
userId: string; | ||
@@ -137,2 +198,3 @@ email: string; | ||
orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo; | ||
activeOrgId?: string; | ||
mfaEnabled: boolean; | ||
@@ -149,2 +211,4 @@ canCreateOrgs: boolean; | ||
}); | ||
getActiveOrg(): OrgMemberInfo | undefined; | ||
getActiveOrgId(): string | undefined; | ||
getOrg(orgId: string): OrgMemberInfo | undefined; | ||
@@ -160,2 +224,3 @@ getOrgByName(orgName: string): OrgMemberInfo | undefined; | ||
accessToken: never; | ||
setActiveOrg: never; | ||
}; | ||
@@ -167,2 +232,3 @@ type UseUserLoggedIn = { | ||
accessToken: string; | ||
setActiveOrg: (orgId: string) => Promise<User | undefined>; | ||
}; | ||
@@ -174,2 +240,3 @@ type UseUserNotLoggedIn = { | ||
accessToken: undefined; | ||
setActiveOrg: never; | ||
}; | ||
@@ -176,0 +243,0 @@ type UseUser = UseUserLoading | UseUserLoggedIn | UseUserNotLoggedIn; |
@@ -85,6 +85,32 @@ "use client"; | ||
// src/loginMethod.ts | ||
function toLoginMethod(snake_case) { | ||
if (!snake_case) { | ||
return { loginMethod: "unknown" }; | ||
} | ||
switch (snake_case.login_method) { | ||
case "password": | ||
return { loginMethod: "password" }; | ||
case "magic_link": | ||
return { loginMethod: "magic_link" }; | ||
case "social_sso": | ||
return { loginMethod: "social_sso", provider: snake_case.provider }; | ||
case "email_confirmation_link": | ||
return { loginMethod: "email_confirmation_link" }; | ||
case "saml_sso": | ||
return { loginMethod: "saml_sso", provider: snake_case.provider, orgId: snake_case.org_id }; | ||
case "impersonation": | ||
return { loginMethod: "impersonation" }; | ||
case "generated_from_backend_api": | ||
return { loginMethod: "generated_from_backend_api" }; | ||
default: | ||
return { loginMethod: "unknown" }; | ||
} | ||
} | ||
// src/user.ts | ||
var UserFromToken = class { | ||
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) { | ||
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) { | ||
this.userId = userId; | ||
this.activeOrgId = activeOrgId; | ||
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo; | ||
@@ -100,2 +126,11 @@ this.email = email; | ||
} | ||
getActiveOrg() { | ||
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) { | ||
return void 0; | ||
} | ||
return this.orgIdToOrgMemberInfo[this.activeOrgId]; | ||
} | ||
getActiveOrgId() { | ||
return this.activeOrgId; | ||
} | ||
getOrg(orgId) { | ||
@@ -145,5 +180,31 @@ if (!this.orgIdToOrgMemberInfo) { | ||
obj.properties, | ||
obj.activeOrgId, | ||
obj.loginMethod | ||
); | ||
} | ||
static fromJwtPayload(payload) { | ||
let activeOrgId; | ||
let orgIdToOrgMemberInfo; | ||
if (payload.org_member_info) { | ||
activeOrgId = payload.org_member_info.org_id; | ||
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info }); | ||
} else { | ||
activeOrgId = void 0; | ||
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info); | ||
} | ||
const loginMethod = toLoginMethod(payload.login_method); | ||
return new UserFromToken( | ||
payload.user_id, | ||
payload.email, | ||
orgIdToOrgMemberInfo, | ||
payload.first_name, | ||
payload.last_name, | ||
payload.username, | ||
payload.legacy_user_id, | ||
payload.impersonatorUserId, | ||
payload.properties, | ||
activeOrgId, | ||
loginMethod | ||
); | ||
} | ||
}; | ||
@@ -298,2 +359,3 @@ var OrgMemberInfo = class { | ||
orgIdToOrgMemberInfo, | ||
activeOrgId, | ||
mfaEnabled, | ||
@@ -317,2 +379,3 @@ canCreateOrgs, | ||
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo; | ||
this.activeOrgId = activeOrgId; | ||
this.mfaEnabled = mfaEnabled; | ||
@@ -327,2 +390,11 @@ this.canCreateOrgs = canCreateOrgs; | ||
} | ||
getActiveOrg() { | ||
if (!this.activeOrgId) { | ||
return void 0; | ||
} | ||
return this.getOrg(this.activeOrgId); | ||
} | ||
getActiveOrgId() { | ||
return this.activeOrgId; | ||
} | ||
getOrg(orgId) { | ||
@@ -366,3 +438,4 @@ var _a; | ||
user: void 0, | ||
accessToken: void 0 | ||
accessToken: void 0, | ||
setActiveOrg: void 0 | ||
}; | ||
@@ -374,3 +447,4 @@ } else if (userAndAccessToken.user) { | ||
user: userAndAccessToken.user, | ||
accessToken: userAndAccessToken.accessToken | ||
accessToken: userAndAccessToken.accessToken, | ||
setActiveOrg: context.setActiveOrg | ||
}; | ||
@@ -382,3 +456,4 @@ } else { | ||
user: void 0, | ||
accessToken: void 0 | ||
accessToken: void 0, | ||
setActiveOrg: void 0 | ||
}; | ||
@@ -570,3 +645,3 @@ } | ||
const redirectToSetupSAMLPage = (orgId, opts) => redirectTo(getSetupSAMLPageUrl(orgId, opts)); | ||
const refreshAuthInfo = () => __async(void 0, null, function* () { | ||
const refreshAuthInfo = (0, import_react2.useCallback)(() => __async(void 0, null, function* () { | ||
const action = yield apiGetUserInfo(); | ||
@@ -579,3 +654,15 @@ if (action.error) { | ||
} | ||
}); | ||
}), [dispatch]); | ||
const setActiveOrg = (0, import_react2.useCallback)( | ||
(orgId) => __async(void 0, null, function* () { | ||
const action = yield apiPostSetActiveOrg(orgId); | ||
if (action.error === "not_in_org") { | ||
return void 0; | ||
} else { | ||
dispatch(action); | ||
return action.user; | ||
} | ||
}), | ||
[dispatch] | ||
); | ||
const value = { | ||
@@ -597,3 +684,4 @@ loading: authState.loading, | ||
getSetupSAMLPageUrl, | ||
refreshAuthInfo | ||
refreshAuthInfo, | ||
setActiveOrg | ||
}; | ||
@@ -613,3 +701,3 @@ return /* @__PURE__ */ import_react2.default.createElement(AuthContext.Provider, { value }, props.children); | ||
if (userInfoResponse.ok) { | ||
const { userinfo, accessToken, impersonatorUserId } = yield userInfoResponse.json(); | ||
const { userinfo, accessToken, impersonatorUserId, activeOrgId } = yield userInfoResponse.json(); | ||
const user = new User({ | ||
@@ -625,2 +713,3 @@ userId: userinfo.user_id, | ||
orgIdToOrgMemberInfo: toOrgIdToOrgMemberInfo(userinfo.org_id_to_org_info), | ||
activeOrgId, | ||
mfaEnabled: userinfo.mfa_enabled, | ||
@@ -647,2 +736,47 @@ canCreateOrgs: userinfo.can_create_orgs, | ||
} | ||
function apiPostSetActiveOrg(orgId) { | ||
return __async(this, null, function* () { | ||
try { | ||
const queryParams = new URLSearchParams({ active_org_id: orgId }).toString(); | ||
const url = `/api/auth/set-active-org?${queryParams}`; | ||
const userInfoResponse = yield fetch(url, { | ||
method: "POST", | ||
headers: { | ||
"Content-Type": "application/json" | ||
}, | ||
credentials: "include" | ||
}); | ||
if (userInfoResponse.ok) { | ||
const { userinfo, accessToken, impersonatorUserId, activeOrgId } = yield userInfoResponse.json(); | ||
const user = new User({ | ||
userId: userinfo.user_id, | ||
email: userinfo.email, | ||
emailConfirmed: userinfo.email_confirmed, | ||
hasPassword: userinfo.has_password, | ||
username: userinfo.username, | ||
firstName: userinfo.first_name, | ||
lastName: userinfo.last_name, | ||
pictureUrl: userinfo.picture_url, | ||
orgIdToOrgMemberInfo: toOrgIdToOrgMemberInfo(userinfo.org_id_to_org_info), | ||
activeOrgId, | ||
mfaEnabled: userinfo.mfa_enabled, | ||
canCreateOrgs: userinfo.can_create_orgs, | ||
updatePasswordRequired: userinfo.update_password_required, | ||
createdAt: userinfo.created_at, | ||
lastActiveAt: userinfo.last_active_at, | ||
properties: userinfo.properties, | ||
impersonatorUserId | ||
}); | ||
return { user, accessToken, error: void 0 }; | ||
} else if (userInfoResponse.status === 401) { | ||
return { error: "not_in_org" }; | ||
} else { | ||
console.info("Failed to set active org", userInfoResponse); | ||
} | ||
} catch (e) { | ||
console.info("Failed to set active org", e); | ||
} | ||
throw new Error("Failed to set active org"); | ||
}); | ||
} | ||
var encodeBase64 = (str) => { | ||
@@ -649,0 +783,0 @@ const encode = window ? window.btoa : btoa; |
@@ -34,2 +34,30 @@ import { NextRequest } from 'next/server.js'; | ||
} | ||
type InternalPasswordLoginMethod = { | ||
login_method: 'password'; | ||
}; | ||
type InternalMagicLinkLoginMethod = { | ||
login_method: 'magic_link'; | ||
}; | ||
type InternalSocialSsoLoginMethod = { | ||
login_method: 'social_sso'; | ||
provider: SocialLoginProvider; | ||
}; | ||
type InternalEmailConfirmationLinkLoginMethod = { | ||
login_method: 'email_confirmation_link'; | ||
}; | ||
type InternalSamlSsoLoginMethod = { | ||
login_method: 'saml_sso'; | ||
provider: SamlLoginProvider; | ||
org_id: string; | ||
}; | ||
type InternalImpersonationLoginMethod = { | ||
login_method: 'impersonation'; | ||
}; | ||
type InternalGeneratedFromBackendApiLoginMethod = { | ||
login_method: 'generated_from_backend_api'; | ||
}; | ||
type InternalUnknownLoginMethod = { | ||
login_method: 'unknown'; | ||
}; | ||
type InternalLoginMethod = InternalPasswordLoginMethod | InternalMagicLinkLoginMethod | InternalSocialSsoLoginMethod | InternalEmailConfirmationLinkLoginMethod | InternalSamlSsoLoginMethod | InternalImpersonationLoginMethod | InternalGeneratedFromBackendApiLoginMethod | InternalUnknownLoginMethod; | ||
type PasswordLoginMethod = { | ||
@@ -66,2 +94,3 @@ loginMethod: 'password'; | ||
userId: string; | ||
activeOrgId?: string; | ||
orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo; | ||
@@ -80,3 +109,5 @@ email: string; | ||
[key: string]: unknown; | ||
}, loginMethod?: LoginMethod); | ||
}, activeOrgId?: string, loginMethod?: LoginMethod); | ||
getActiveOrg(): OrgMemberInfo | undefined; | ||
getActiveOrgId(): string | undefined; | ||
getOrg(orgId: string): OrgMemberInfo | undefined; | ||
@@ -87,2 +118,3 @@ getOrgByName(orgName: string): OrgMemberInfo | undefined; | ||
static fromJSON(json: string): UserFromToken; | ||
static fromJwtPayload(payload: InternalUser): UserFromToken; | ||
} | ||
@@ -114,9 +146,38 @@ type OrgIdToOrgMemberInfo = { | ||
} | ||
type InternalOrgMemberInfo = { | ||
org_id: string; | ||
org_name: string; | ||
org_metadata: { | ||
[key: string]: any; | ||
}; | ||
url_safe_org_name: string; | ||
user_role: string; | ||
inherited_user_roles_plus_current_role: string[]; | ||
user_permissions: string[]; | ||
}; | ||
type InternalUser = { | ||
user_id: string; | ||
org_member_info?: InternalOrgMemberInfo; | ||
org_id_to_org_member_info?: { | ||
[org_id: string]: InternalOrgMemberInfo; | ||
}; | ||
email: string; | ||
first_name?: string; | ||
last_name?: string; | ||
username?: string; | ||
properties?: { | ||
[key: string]: unknown; | ||
}; | ||
login_method?: InternalLoginMethod; | ||
legacy_user_id?: string; | ||
impersonatorUserId?: string; | ||
}; | ||
declare function getUserOrRedirect(): Promise<UserFromToken>; | ||
declare function getUser(): Promise<UserFromToken | undefined>; | ||
declare function getAccessToken(): Promise<string | undefined>; | ||
declare function getAccessToken(): string | undefined; | ||
declare function authMiddleware(req: NextRequest): Promise<Response>; | ||
type RouteHandlerArgs = { | ||
postLoginRedirectPathFn?: (req: NextRequest) => string; | ||
getDefaultActiveOrgId?: (req: NextRequest, user: UserFromToken) => string | undefined; | ||
}; | ||
@@ -123,0 +184,0 @@ declare function getRouteHandlers(args?: RouteHandlerArgs): { |
@@ -111,4 +111,5 @@ "use strict"; | ||
var UserFromToken = class { | ||
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) { | ||
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) { | ||
this.userId = userId; | ||
this.activeOrgId = activeOrgId; | ||
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo; | ||
@@ -124,2 +125,11 @@ this.email = email; | ||
} | ||
getActiveOrg() { | ||
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) { | ||
return void 0; | ||
} | ||
return this.orgIdToOrgMemberInfo[this.activeOrgId]; | ||
} | ||
getActiveOrgId() { | ||
return this.activeOrgId; | ||
} | ||
getOrg(orgId) { | ||
@@ -169,5 +179,31 @@ if (!this.orgIdToOrgMemberInfo) { | ||
obj.properties, | ||
obj.activeOrgId, | ||
obj.loginMethod | ||
); | ||
} | ||
static fromJwtPayload(payload) { | ||
let activeOrgId; | ||
let orgIdToOrgMemberInfo; | ||
if (payload.org_member_info) { | ||
activeOrgId = payload.org_member_info.org_id; | ||
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info }); | ||
} else { | ||
activeOrgId = void 0; | ||
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info); | ||
} | ||
const loginMethod = toLoginMethod(payload.login_method); | ||
return new UserFromToken( | ||
payload.user_id, | ||
payload.email, | ||
orgIdToOrgMemberInfo, | ||
payload.first_name, | ||
payload.last_name, | ||
payload.username, | ||
payload.legacy_user_id, | ||
payload.impersonatorUserId, | ||
payload.properties, | ||
activeOrgId, | ||
loginMethod | ||
); | ||
} | ||
}; | ||
@@ -221,14 +257,3 @@ var OrgMemberInfo = class { | ||
function toUser(snake_case) { | ||
return new UserFromToken( | ||
snake_case.user_id, | ||
snake_case.email, | ||
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info), | ||
snake_case.first_name, | ||
snake_case.last_name, | ||
snake_case.username, | ||
snake_case.legacy_user_id, | ||
snake_case.impersonatorUserId, | ||
snake_case.properties, | ||
toLoginMethod(snake_case.login_method) | ||
); | ||
return UserFromToken.fromJwtPayload(snake_case); | ||
} | ||
@@ -305,3 +330,3 @@ function toOrgIdToOrgMemberInfo(snake_case) { | ||
} | ||
function refreshTokenWithAccessAndRefreshToken(refreshToken) { | ||
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) { | ||
return __async(this, null, function* () { | ||
@@ -311,3 +336,8 @@ const body = { | ||
}; | ||
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`; | ||
const queryParams = new URLSearchParams(); | ||
if (activeOrgId) { | ||
queryParams.set("with_active_org_support", "true"); | ||
queryParams.set("active_org_id", activeOrgId); | ||
} | ||
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`; | ||
const response = yield fetch(url, { | ||
@@ -324,6 +354,3 @@ method: "POST", | ||
const newRefreshToken = data.refresh_token; | ||
const { | ||
access_token: accessToken, | ||
expires_at_seconds: expiresAtSeconds | ||
} = data.access_token; | ||
const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token; | ||
return { | ||
@@ -389,2 +416,5 @@ refreshToken: newRefreshToken, | ||
// src/shared.ts | ||
var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id"; | ||
// src/server/app-router.ts | ||
@@ -404,4 +434,3 @@ function getUserOrRedirect() { | ||
return __async(this, null, function* () { | ||
var _a; | ||
const accessToken = (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value); | ||
const accessToken = getAccessToken(); | ||
if (accessToken) { | ||
@@ -417,10 +446,8 @@ const user = yield validateAccessTokenOrUndefined(accessToken); | ||
function getAccessToken() { | ||
return __async(this, null, function* () { | ||
var _a; | ||
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value); | ||
}); | ||
var _a; | ||
return (0, import_headers.headers)().get(CUSTOM_HEADER_FOR_ACCESS_TOKEN) || ((_a = (0, import_headers.cookies)().get(ACCESS_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value); | ||
} | ||
function authMiddleware(req) { | ||
return __async(this, null, function* () { | ||
var _a, _b; | ||
var _a, _b, _c; | ||
if (req.headers.has(CUSTOM_HEADER_FOR_ACCESS_TOKEN)) { | ||
@@ -433,2 +460,3 @@ throw new Error(`${CUSTOM_HEADER_FOR_ACCESS_TOKEN} is set which is for internal use only`); | ||
const refreshToken = (_b = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _b.value; | ||
const activeOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value; | ||
if (accessToken) { | ||
@@ -441,3 +469,3 @@ const user = yield validateAccessTokenOrUndefined(accessToken); | ||
if (refreshToken) { | ||
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken); | ||
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId); | ||
if (response.error === "unexpected") { | ||
@@ -503,3 +531,3 @@ throw new Error("Unexpected error while refreshing access token"); | ||
return __async(this, null, function* () { | ||
var _a, _b; | ||
var _a, _b, _c; | ||
const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value; | ||
@@ -540,2 +568,45 @@ if (!oauthState || oauthState.length !== 64) { | ||
} | ||
const currentActiveOrgId = (_c = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _c.value; | ||
const user = yield validateAccessToken(accessToken); | ||
const isUserInCurrentActiveOrg = !!currentActiveOrgId && !!user.getOrg(currentActiveOrgId); | ||
let activeOrgId = void 0; | ||
if (isUserInCurrentActiveOrg) { | ||
activeOrgId = currentActiveOrgId; | ||
} else if (args == null ? void 0 : args.getDefaultActiveOrgId) { | ||
activeOrgId = args.getDefaultActiveOrgId(req, user); | ||
} | ||
if (activeOrgId) { | ||
const response2 = yield refreshTokenWithAccessAndRefreshToken(data.refresh_token, activeOrgId); | ||
if (response2.error === "unexpected") { | ||
throw new Error("Unexpected error while setting active org"); | ||
} else if (response2.error === "unauthorized") { | ||
console.error( | ||
"Unauthorized error while setting active org. Your user may not have access to this org" | ||
); | ||
return new Response("Unauthorized", { status: 401 }); | ||
} else { | ||
const headers3 = new Headers(); | ||
headers3.append("Location", returnToPath); | ||
headers3.append( | ||
"Set-Cookie", | ||
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax` | ||
); | ||
headers3.append( | ||
"Set-Cookie", | ||
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax` | ||
); | ||
headers3.append( | ||
"Set-Cookie", | ||
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax` | ||
); | ||
headers3.append( | ||
"Set-Cookie", | ||
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0` | ||
); | ||
return new Response(null, { | ||
status: 302, | ||
headers: headers3 | ||
}); | ||
} | ||
} | ||
const headers2 = new Headers(); | ||
@@ -553,2 +624,6 @@ headers2.append("Location", returnToPath); | ||
"Set-Cookie", | ||
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0` | ||
); | ||
headers2.append( | ||
"Set-Cookie", | ||
`${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0` | ||
@@ -572,6 +647,7 @@ ); | ||
return __async(this, null, function* () { | ||
var _a; | ||
var _a, _b; | ||
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value; | ||
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value; | ||
if (oldRefreshToken) { | ||
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken); | ||
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId); | ||
if (refreshResponse.error === "unexpected") { | ||
@@ -589,2 +665,6 @@ throw new Error("Unexpected error while refreshing access token"); | ||
); | ||
headers3.append( | ||
"Set-Cookie", | ||
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0` | ||
); | ||
return new Response("Unauthorized", { status: 401, headers: headers3 }); | ||
@@ -608,3 +688,4 @@ } | ||
accessToken, | ||
impersonatorUserId: userFromToken.impersonatorUserId | ||
impersonatorUserId: userFromToken.impersonatorUserId, | ||
activeOrgId | ||
}; | ||
@@ -635,2 +716,6 @@ const headers3 = new Headers(); | ||
); | ||
headers3.append( | ||
"Set-Cookie", | ||
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0` | ||
); | ||
return new Response(null, { | ||
@@ -647,2 +732,3 @@ status: 401, | ||
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`); | ||
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`); | ||
return new Response(null, { status: 401 }); | ||
@@ -653,3 +739,3 @@ }); | ||
return __async(this, null, function* () { | ||
var _a; | ||
var _a, _b; | ||
const path = (args == null ? void 0 : args.postLoginRedirectPathFn) ? args.postLoginRedirectPathFn(req) : "/"; | ||
@@ -672,2 +758,6 @@ if (!path) { | ||
); | ||
headers2.append( | ||
"Set-Cookie", | ||
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0` | ||
); | ||
return new Response(null, { | ||
@@ -678,3 +768,4 @@ status: 302, | ||
} | ||
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken); | ||
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value; | ||
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId); | ||
if (refreshResponse.error === "unexpected") { | ||
@@ -694,2 +785,6 @@ console.error("Unexpected error while refreshing access token"); | ||
); | ||
headers2.append( | ||
"Set-Cookie", | ||
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0` | ||
); | ||
return new Response(null, { | ||
@@ -723,2 +818,6 @@ status: 302, | ||
); | ||
headers3.append( | ||
"Set-Cookie", | ||
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0` | ||
); | ||
return new Response(null, { status: 200, headers: headers3 }); | ||
@@ -748,5 +847,74 @@ } | ||
headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`); | ||
headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`); | ||
return new Response(null, { status: 200, headers: headers2 }); | ||
}); | ||
} | ||
function setActiveOrgHandler(req) { | ||
return __async(this, null, function* () { | ||
var _a; | ||
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value; | ||
const activeOrgId = req.nextUrl.searchParams.get("active_org_id"); | ||
if (!oldRefreshToken) { | ||
const headers2 = new Headers(); | ||
headers2.append( | ||
"Set-Cookie", | ||
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0` | ||
); | ||
return new Response(null, { status: 401, headers: headers2 }); | ||
} | ||
if (!activeOrgId) { | ||
return new Response(null, { status: 400 }); | ||
} | ||
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId); | ||
if (refreshResponse.error === "unexpected") { | ||
throw new Error("Unexpected error while setting active org id"); | ||
} else if (refreshResponse.error === "unauthorized") { | ||
return new Response("Unauthorized", { status: 401 }); | ||
} | ||
const refreshToken = refreshResponse.refreshToken; | ||
const accessToken = refreshResponse.accessToken; | ||
const authUrlOrigin = getAuthUrlOrigin(); | ||
const path = `${authUrlOrigin}/propelauth/oauth/userinfo`; | ||
const response = yield fetch(path, { | ||
headers: { | ||
"Content-Type": "application/json", | ||
Authorization: "Bearer " + accessToken | ||
} | ||
}); | ||
if (response.ok) { | ||
const userFromToken = yield validateAccessToken(accessToken); | ||
const data = yield response.json(); | ||
const jsonResponse = { | ||
userinfo: data, | ||
accessToken, | ||
impersonatorUserId: userFromToken.impersonatorUserId, | ||
activeOrgId | ||
}; | ||
const headers2 = new Headers(); | ||
headers2.append( | ||
"Set-Cookie", | ||
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax` | ||
); | ||
headers2.append( | ||
"Set-Cookie", | ||
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax` | ||
); | ||
headers2.append( | ||
"Set-Cookie", | ||
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax` | ||
); | ||
headers2.append("Content-Type", "application/json"); | ||
return new Response(JSON.stringify(jsonResponse), { | ||
status: 200, | ||
headers: headers2 | ||
}); | ||
} else if (response.status === 401) { | ||
return new Response(null, { | ||
status: 401 | ||
}); | ||
} else { | ||
return new Response(null, { status: 500 }); | ||
} | ||
}); | ||
} | ||
function getRouteHandler(req, { params }) { | ||
@@ -770,2 +938,4 @@ if (params.slug === "login") { | ||
return logoutPostHandler(req); | ||
} else if (params.slug === "set-active-org") { | ||
return setActiveOrgHandler(req); | ||
} else { | ||
@@ -772,0 +942,0 @@ return new Response("", { status: 404 }); |
@@ -24,2 +24,30 @@ import * as _propelauth_node_apis from '@propelauth/node-apis'; | ||
} | ||
type InternalPasswordLoginMethod = { | ||
login_method: 'password'; | ||
}; | ||
type InternalMagicLinkLoginMethod = { | ||
login_method: 'magic_link'; | ||
}; | ||
type InternalSocialSsoLoginMethod = { | ||
login_method: 'social_sso'; | ||
provider: SocialLoginProvider; | ||
}; | ||
type InternalEmailConfirmationLinkLoginMethod = { | ||
login_method: 'email_confirmation_link'; | ||
}; | ||
type InternalSamlSsoLoginMethod = { | ||
login_method: 'saml_sso'; | ||
provider: SamlLoginProvider; | ||
org_id: string; | ||
}; | ||
type InternalImpersonationLoginMethod = { | ||
login_method: 'impersonation'; | ||
}; | ||
type InternalGeneratedFromBackendApiLoginMethod = { | ||
login_method: 'generated_from_backend_api'; | ||
}; | ||
type InternalUnknownLoginMethod = { | ||
login_method: 'unknown'; | ||
}; | ||
type InternalLoginMethod = InternalPasswordLoginMethod | InternalMagicLinkLoginMethod | InternalSocialSsoLoginMethod | InternalEmailConfirmationLinkLoginMethod | InternalSamlSsoLoginMethod | InternalImpersonationLoginMethod | InternalGeneratedFromBackendApiLoginMethod | InternalUnknownLoginMethod; | ||
type PasswordLoginMethod = { | ||
@@ -56,2 +84,3 @@ loginMethod: 'password'; | ||
userId: string; | ||
activeOrgId?: string; | ||
orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo; | ||
@@ -70,3 +99,5 @@ email: string; | ||
[key: string]: unknown; | ||
}, loginMethod?: LoginMethod); | ||
}, activeOrgId?: string, loginMethod?: LoginMethod); | ||
getActiveOrg(): OrgMemberInfo | undefined; | ||
getActiveOrgId(): string | undefined; | ||
getOrg(orgId: string): OrgMemberInfo | undefined; | ||
@@ -77,2 +108,3 @@ getOrgByName(orgName: string): OrgMemberInfo | undefined; | ||
static fromJSON(json: string): UserFromToken; | ||
static fromJwtPayload(payload: InternalUser): UserFromToken; | ||
} | ||
@@ -104,2 +136,30 @@ type OrgIdToOrgMemberInfo = { | ||
} | ||
type InternalOrgMemberInfo = { | ||
org_id: string; | ||
org_name: string; | ||
org_metadata: { | ||
[key: string]: any; | ||
}; | ||
url_safe_org_name: string; | ||
user_role: string; | ||
inherited_user_roles_plus_current_role: string[]; | ||
user_permissions: string[]; | ||
}; | ||
type InternalUser = { | ||
user_id: string; | ||
org_member_info?: InternalOrgMemberInfo; | ||
org_id_to_org_member_info?: { | ||
[org_id: string]: InternalOrgMemberInfo; | ||
}; | ||
email: string; | ||
first_name?: string; | ||
last_name?: string; | ||
username?: string; | ||
properties?: { | ||
[key: string]: unknown; | ||
}; | ||
login_method?: InternalLoginMethod; | ||
legacy_user_id?: string; | ||
impersonatorUserId?: string; | ||
}; | ||
@@ -106,0 +166,0 @@ declare function validateAccessTokenOrUndefined(accessToken: string | undefined): Promise<UserFromToken | undefined>; |
@@ -90,4 +90,5 @@ "use strict"; | ||
var UserFromToken = class { | ||
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) { | ||
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) { | ||
this.userId = userId; | ||
this.activeOrgId = activeOrgId; | ||
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo; | ||
@@ -103,2 +104,11 @@ this.email = email; | ||
} | ||
getActiveOrg() { | ||
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) { | ||
return void 0; | ||
} | ||
return this.orgIdToOrgMemberInfo[this.activeOrgId]; | ||
} | ||
getActiveOrgId() { | ||
return this.activeOrgId; | ||
} | ||
getOrg(orgId) { | ||
@@ -148,5 +158,31 @@ if (!this.orgIdToOrgMemberInfo) { | ||
obj.properties, | ||
obj.activeOrgId, | ||
obj.loginMethod | ||
); | ||
} | ||
static fromJwtPayload(payload) { | ||
let activeOrgId; | ||
let orgIdToOrgMemberInfo; | ||
if (payload.org_member_info) { | ||
activeOrgId = payload.org_member_info.org_id; | ||
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info }); | ||
} else { | ||
activeOrgId = void 0; | ||
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info); | ||
} | ||
const loginMethod = toLoginMethod(payload.login_method); | ||
return new UserFromToken( | ||
payload.user_id, | ||
payload.email, | ||
orgIdToOrgMemberInfo, | ||
payload.first_name, | ||
payload.last_name, | ||
payload.username, | ||
payload.legacy_user_id, | ||
payload.impersonatorUserId, | ||
payload.properties, | ||
activeOrgId, | ||
loginMethod | ||
); | ||
} | ||
}; | ||
@@ -200,14 +236,3 @@ var OrgMemberInfo = class { | ||
function toUser(snake_case) { | ||
return new UserFromToken( | ||
snake_case.user_id, | ||
snake_case.email, | ||
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info), | ||
snake_case.first_name, | ||
snake_case.last_name, | ||
snake_case.username, | ||
snake_case.legacy_user_id, | ||
snake_case.impersonatorUserId, | ||
snake_case.properties, | ||
toLoginMethod(snake_case.login_method) | ||
); | ||
return UserFromToken.fromJwtPayload(snake_case); | ||
} | ||
@@ -214,0 +239,0 @@ function toOrgIdToOrgMemberInfo(snake_case) { |
@@ -23,2 +23,30 @@ import { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next'; | ||
} | ||
type InternalPasswordLoginMethod = { | ||
login_method: 'password'; | ||
}; | ||
type InternalMagicLinkLoginMethod = { | ||
login_method: 'magic_link'; | ||
}; | ||
type InternalSocialSsoLoginMethod = { | ||
login_method: 'social_sso'; | ||
provider: SocialLoginProvider; | ||
}; | ||
type InternalEmailConfirmationLinkLoginMethod = { | ||
login_method: 'email_confirmation_link'; | ||
}; | ||
type InternalSamlSsoLoginMethod = { | ||
login_method: 'saml_sso'; | ||
provider: SamlLoginProvider; | ||
org_id: string; | ||
}; | ||
type InternalImpersonationLoginMethod = { | ||
login_method: 'impersonation'; | ||
}; | ||
type InternalGeneratedFromBackendApiLoginMethod = { | ||
login_method: 'generated_from_backend_api'; | ||
}; | ||
type InternalUnknownLoginMethod = { | ||
login_method: 'unknown'; | ||
}; | ||
type InternalLoginMethod = InternalPasswordLoginMethod | InternalMagicLinkLoginMethod | InternalSocialSsoLoginMethod | InternalEmailConfirmationLinkLoginMethod | InternalSamlSsoLoginMethod | InternalImpersonationLoginMethod | InternalGeneratedFromBackendApiLoginMethod | InternalUnknownLoginMethod; | ||
type PasswordLoginMethod = { | ||
@@ -55,2 +83,3 @@ loginMethod: 'password'; | ||
userId: string; | ||
activeOrgId?: string; | ||
orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo; | ||
@@ -69,3 +98,5 @@ email: string; | ||
[key: string]: unknown; | ||
}, loginMethod?: LoginMethod); | ||
}, activeOrgId?: string, loginMethod?: LoginMethod); | ||
getActiveOrg(): OrgMemberInfo | undefined; | ||
getActiveOrgId(): string | undefined; | ||
getOrg(orgId: string): OrgMemberInfo | undefined; | ||
@@ -76,2 +107,3 @@ getOrgByName(orgName: string): OrgMemberInfo | undefined; | ||
static fromJSON(json: string): UserFromToken; | ||
static fromJwtPayload(payload: InternalUser): UserFromToken; | ||
} | ||
@@ -103,2 +135,30 @@ type OrgIdToOrgMemberInfo = { | ||
} | ||
type InternalOrgMemberInfo = { | ||
org_id: string; | ||
org_name: string; | ||
org_metadata: { | ||
[key: string]: any; | ||
}; | ||
url_safe_org_name: string; | ||
user_role: string; | ||
inherited_user_roles_plus_current_role: string[]; | ||
user_permissions: string[]; | ||
}; | ||
type InternalUser = { | ||
user_id: string; | ||
org_member_info?: InternalOrgMemberInfo; | ||
org_id_to_org_member_info?: { | ||
[org_id: string]: InternalOrgMemberInfo; | ||
}; | ||
email: string; | ||
first_name?: string; | ||
last_name?: string; | ||
username?: string; | ||
properties?: { | ||
[key: string]: unknown; | ||
}; | ||
login_method?: InternalLoginMethod; | ||
legacy_user_id?: string; | ||
impersonatorUserId?: string; | ||
}; | ||
@@ -105,0 +165,0 @@ declare function getUserFromServerSideProps(props: GetServerSidePropsContext, forceRefresh?: boolean): Promise<UserFromToken | undefined>; |
@@ -85,4 +85,5 @@ "use strict"; | ||
var UserFromToken = class { | ||
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, loginMethod) { | ||
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) { | ||
this.userId = userId; | ||
this.activeOrgId = activeOrgId; | ||
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo; | ||
@@ -98,2 +99,11 @@ this.email = email; | ||
} | ||
getActiveOrg() { | ||
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) { | ||
return void 0; | ||
} | ||
return this.orgIdToOrgMemberInfo[this.activeOrgId]; | ||
} | ||
getActiveOrgId() { | ||
return this.activeOrgId; | ||
} | ||
getOrg(orgId) { | ||
@@ -143,5 +153,31 @@ if (!this.orgIdToOrgMemberInfo) { | ||
obj.properties, | ||
obj.activeOrgId, | ||
obj.loginMethod | ||
); | ||
} | ||
static fromJwtPayload(payload) { | ||
let activeOrgId; | ||
let orgIdToOrgMemberInfo; | ||
if (payload.org_member_info) { | ||
activeOrgId = payload.org_member_info.org_id; | ||
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info }); | ||
} else { | ||
activeOrgId = void 0; | ||
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info); | ||
} | ||
const loginMethod = toLoginMethod(payload.login_method); | ||
return new UserFromToken( | ||
payload.user_id, | ||
payload.email, | ||
orgIdToOrgMemberInfo, | ||
payload.first_name, | ||
payload.last_name, | ||
payload.username, | ||
payload.legacy_user_id, | ||
payload.impersonatorUserId, | ||
payload.properties, | ||
activeOrgId, | ||
loginMethod | ||
); | ||
} | ||
}; | ||
@@ -195,14 +231,3 @@ var OrgMemberInfo = class { | ||
function toUser(snake_case) { | ||
return new UserFromToken( | ||
snake_case.user_id, | ||
snake_case.email, | ||
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info), | ||
snake_case.first_name, | ||
snake_case.last_name, | ||
snake_case.username, | ||
snake_case.legacy_user_id, | ||
snake_case.impersonatorUserId, | ||
snake_case.properties, | ||
toLoginMethod(snake_case.login_method) | ||
); | ||
return UserFromToken.fromJwtPayload(snake_case); | ||
} | ||
@@ -275,3 +300,3 @@ function toOrgIdToOrgMemberInfo(snake_case) { | ||
} | ||
function refreshTokenWithAccessAndRefreshToken(refreshToken) { | ||
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) { | ||
return __async(this, null, function* () { | ||
@@ -281,3 +306,8 @@ const body = { | ||
}; | ||
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`; | ||
const queryParams = new URLSearchParams(); | ||
if (activeOrgId) { | ||
queryParams.set("with_active_org_support", "true"); | ||
queryParams.set("active_org_id", activeOrgId); | ||
} | ||
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`; | ||
const response = yield fetch(url, { | ||
@@ -294,6 +324,3 @@ method: "POST", | ||
const newRefreshToken = data.refresh_token; | ||
const { | ||
access_token: accessToken, | ||
expires_at_seconds: expiresAtSeconds | ||
} = data.access_token; | ||
const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token; | ||
return { | ||
@@ -359,2 +386,5 @@ refreshToken: newRefreshToken, | ||
// src/shared.ts | ||
var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id"; | ||
// src/server/pages.ts | ||
@@ -365,2 +395,3 @@ function getUserFromServerSideProps(props, forceRefresh = false) { | ||
const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME]; | ||
const activeOrgId = props.req.cookies[ACTIVE_ORG_ID_COOKIE_NAME]; | ||
if (accessToken && !forceRefresh) { | ||
@@ -373,3 +404,3 @@ const user = yield validateAccessTokenOrUndefined(accessToken); | ||
if (refreshToken) { | ||
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken); | ||
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId); | ||
if (response.error === "unexpected") { | ||
@@ -399,2 +430,3 @@ throw new Error("Unexpected error while refreshing access token"); | ||
const refreshToken = req.cookies[REFRESH_TOKEN_COOKIE_NAME]; | ||
const activeOrgId = req.cookies[ACTIVE_ORG_ID_COOKIE_NAME]; | ||
if (accessToken && !forceRefresh) { | ||
@@ -407,3 +439,3 @@ const user = yield validateAccessTokenOrUndefined(accessToken); | ||
if (refreshToken) { | ||
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken); | ||
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId); | ||
if (response.error === "unexpected") { | ||
@@ -410,0 +442,0 @@ throw new Error("Unexpected error while refreshing access token"); |
{ | ||
"name": "@propelauth/nextjs", | ||
"version": "0.0.118", | ||
"version": "0.0.119", | ||
"exports": { | ||
@@ -5,0 +5,0 @@ "./server": { |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
548708
5892
18