@smg-automotive/auth
Advanced tools
npm install @smg-automotive/auth
The goal of this package is to support current auth implementation. It reads access and refresh tokens form cookies by domain.
When accessing the user data and accessToken from the server, make sure to use the deriveUserAndTokenFromCookieHeader
helper to derive the data from the cookies.
The values normally originate form the request cookies unless they have been added or updated within the current request.
In that case the correct data may only be present as a set cookie header and needs to be parsed form there in order to
avoid accessing outdate or missing information.
Call ensureTokenFreshness on middleware return. Pass to it Next.js request, response and specific auth config.
Auth config for middleware:
const authConfig = {
tokenNames: {
access: 'at',
refresh: 'rt',
},
subMinutesFromExpirationTime: 300000,
refreshTokenApiUrl: `https://api.dev/refreshtoken`,
cookieDomain: '.domain',
errorHandler: (error) => {},
};
tokenNames - access and refresh token namessubMinutesFromExpirationTime - amount of minutes to substract from access token expiration timerefreshTokenApiUrl - api url to refresh tokencookieDomain - domain for cookieserrorHandler - error handler method to handle errorsimport { ensureTokenFreshness } from '@smg-automotive/auth-pkg';
export function middleware(request: NextRequest, _event: NextFetchEvent) {
// ... middleware code
const response = NextResponse.next();
return ensureTokenFreshness(request, response, authConfig);
}
Wrap an application with AuthProvider and pass to it authConfig prop.
In order to be sure for a client side to have valid token and expose it in a context.
Auth config for provider:
const authConfig = {
tokenNames: {
access: 'at',
refresh: 'rt',
},
subMinutesFromExpirationTime: 300000,
triggerRefreshTokenApiUrl: '/api/live',
errorHandler: (error) => {},
};
It contains of special triggerRefreshTokenApiUrl property.
It is internal api url in your application (as like: /api/live), which will be called in AuthProvider by interval in order to trigger middleware
to ensure access token freshness on client side.
import { AuthProvider } from '@smg-automotive/auth-pkg';
<AuthProvider authConfig={authConfig}>
<div>app code...</div>
</AuthProvider>;
Auth config contains of:
accessTokenName - the name of access token based on the environmentaccessTokenName - the name of refresh token based on the environmentsubMinutesFromExpirationTime - time in ms when access token will be refreshed before expirationtriggerRefreshTokenApiUrl -You can link your local npm package to integrate it with any local project:
cd smg-automotive-auth-pkg
npm run build
cd <project directory>
npm link ../smg-automotive-auth-pkg
New versions are released on the ci using semantic-release as soon as you merge into master. Please
make sure your merge commit message adheres to the corresponding conventions and your branch name does not contain forward slashes /.
FAQs
SMG Automotive auth package
We found that @smg-automotive/auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.
Security News
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
Research
Security News
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.