@workos-inc/authkit-nextjs
Advanced tools
Comparing version 0.5.3 to 0.6.1
@@ -7,3 +7,4 @@ declare const cookieName = "wos-session"; | ||
sameSite: "lax"; | ||
maxAge: number; | ||
}; | ||
export { cookieName, cookieOptions }; |
@@ -14,4 +14,8 @@ "use strict"; | ||
sameSite: 'lax', | ||
// Defaults to 400 days, the maximum allowed by Chrome | ||
// It's fine to have a long cookie expiry date as the access/refresh tokens | ||
// act as the actual time-limited aspects of the session. | ||
maxAge: env_variables_js_1.WORKOS_COOKIE_MAX_AGE ? parseInt(env_variables_js_1.WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400, | ||
}; | ||
exports.cookieOptions = cookieOptions; | ||
//# sourceMappingURL=cookie.js.map |
@@ -5,2 +5,6 @@ declare const WORKOS_CLIENT_ID: string; | ||
declare const WORKOS_COOKIE_PASSWORD: string; | ||
export { WORKOS_CLIENT_ID, WORKOS_API_KEY, WORKOS_REDIRECT_URI, WORKOS_COOKIE_PASSWORD }; | ||
declare const WORKOS_API_HOSTNAME: string | undefined; | ||
declare const WORKOS_API_HTTPS: string | undefined; | ||
declare const WORKOS_API_PORT: string | undefined; | ||
declare const WORKOS_COOKIE_MAX_AGE: string | undefined; | ||
export { WORKOS_CLIENT_ID, WORKOS_API_KEY, WORKOS_REDIRECT_URI, WORKOS_COOKIE_PASSWORD, WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_PORT, WORKOS_COOKIE_MAX_AGE, }; |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.WORKOS_COOKIE_PASSWORD = exports.WORKOS_REDIRECT_URI = exports.WORKOS_API_KEY = exports.WORKOS_CLIENT_ID = void 0; | ||
exports.WORKOS_COOKIE_MAX_AGE = exports.WORKOS_API_PORT = exports.WORKOS_API_HTTPS = exports.WORKOS_API_HOSTNAME = exports.WORKOS_COOKIE_PASSWORD = exports.WORKOS_REDIRECT_URI = exports.WORKOS_API_KEY = exports.WORKOS_CLIENT_ID = void 0; | ||
function getEnvVariable(name) { | ||
@@ -11,2 +11,5 @@ const envVariable = process.env[name]; | ||
} | ||
function getOptionalEnvVariable(name) { | ||
return process.env[name]; | ||
} | ||
const WORKOS_CLIENT_ID = getEnvVariable('WORKOS_CLIENT_ID'); | ||
@@ -20,2 +23,10 @@ exports.WORKOS_CLIENT_ID = WORKOS_CLIENT_ID; | ||
exports.WORKOS_COOKIE_PASSWORD = WORKOS_COOKIE_PASSWORD; | ||
const WORKOS_API_HOSTNAME = getOptionalEnvVariable('WORKOS_API_HOSTNAME'); | ||
exports.WORKOS_API_HOSTNAME = WORKOS_API_HOSTNAME; | ||
const WORKOS_API_HTTPS = getOptionalEnvVariable('WORKOS_API_HTTPS'); | ||
exports.WORKOS_API_HTTPS = WORKOS_API_HTTPS; | ||
const WORKOS_API_PORT = getOptionalEnvVariable('WORKOS_API_PORT'); | ||
exports.WORKOS_API_PORT = WORKOS_API_PORT; | ||
const WORKOS_COOKIE_MAX_AGE = getOptionalEnvVariable('WORKOS_COOKIE_MAX_AGE'); | ||
exports.WORKOS_COOKIE_MAX_AGE = WORKOS_COOKIE_MAX_AGE; | ||
if (WORKOS_COOKIE_PASSWORD.length < 32) { | ||
@@ -22,0 +33,0 @@ throw new Error('WORKOS_COOKIE_PASSWORD must be at least 32 characters long'); |
@@ -21,2 +21,3 @@ import { User } from '@workos-inc/node'; | ||
impersonator?: Impersonator; | ||
accessToken: string; | ||
} | ||
@@ -23,0 +24,0 @@ export interface NoUserInfo { |
@@ -31,2 +31,15 @@ "use strict"; | ||
newRequestHeaders.delete(sessionHeaderName); | ||
const url = new URL(env_variables_js_1.WORKOS_REDIRECT_URI); | ||
if (middlewareAuth.enabled && | ||
url.pathname === request.nextUrl.pathname && | ||
!middlewareAuth.unauthenticatedPaths.includes(url.pathname)) { | ||
// In the case where: | ||
// - We're using middleware auth mode | ||
// - The redirect URI is in the middleware matcher | ||
// - The redirect URI isn't in the unauthenticatedPaths array | ||
// | ||
// then we would get stuck in a login loop due to the redirect happening before the session is set. | ||
// It's likely that the user accidentally forgot to add the path to unauthenticatedPaths, so we add it here. | ||
middlewareAuth.unauthenticatedPaths.push(url.pathname); | ||
} | ||
const matchedPaths = middlewareAuth.unauthenticatedPaths.filter((pathGlob) => { | ||
@@ -84,3 +97,4 @@ const pathRegex = getMiddlewareAuthPathRegex(pathGlob); | ||
catch (e) { | ||
console.warn('Failed to refresh', e); | ||
if (debug) | ||
console.log('Failed to refresh. Deleting cookie and redirecting.', e); | ||
const response = server_1.NextResponse.next({ | ||
@@ -110,7 +124,3 @@ request: { headers: newRequestHeaders }, | ||
async function getUser({ ensureSignedIn = false } = {}) { | ||
const hasMiddleware = Boolean((0, headers_1.headers)().get(middlewareHeaderName)); | ||
if (!hasMiddleware) { | ||
throw new Error('You are calling `getUser` on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling `getUser` from by updating your middleware config in `middleware.(js|ts)`.'); | ||
} | ||
const session = await getSessionFromHeader(); | ||
const session = await getSessionFromHeader('getUser'); | ||
if (!session) { | ||
@@ -131,2 +141,3 @@ if (ensureSignedIn) { | ||
impersonator: session.impersonator, | ||
accessToken: session.accessToken, | ||
}; | ||
@@ -149,3 +160,2 @@ } | ||
catch (e) { | ||
console.warn('Failed to verify session:', e); | ||
return false; | ||
@@ -162,3 +172,7 @@ } | ||
} | ||
async function getSessionFromHeader() { | ||
async function getSessionFromHeader(caller) { | ||
const hasMiddleware = Boolean((0, headers_1.headers)().get(middlewareHeaderName)); | ||
if (!hasMiddleware) { | ||
throw new Error(`You are calling \`${caller}\` on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling \`${caller}\` from by updating your middleware config in \`middleware.(js|ts)\`.`); | ||
} | ||
const authHeader = (0, headers_1.headers)().get(sessionHeaderName); | ||
@@ -165,0 +179,0 @@ if (!authHeader) |
@@ -7,5 +7,10 @@ "use strict"; | ||
const env_variables_js_1 = require("./env-variables.js"); | ||
const options = { | ||
apiHostname: env_variables_js_1.WORKOS_API_HOSTNAME, | ||
https: env_variables_js_1.WORKOS_API_HTTPS ? env_variables_js_1.WORKOS_API_HTTPS === 'true' : true, | ||
port: env_variables_js_1.WORKOS_API_PORT ? parseInt(env_variables_js_1.WORKOS_API_PORT) : undefined, | ||
}; | ||
// Initialize the WorkOS client | ||
const workos = new node_1.default(env_variables_js_1.WORKOS_API_KEY); | ||
const workos = new node_1.default(env_variables_js_1.WORKOS_API_KEY, options); | ||
exports.workos = workos; | ||
//# sourceMappingURL=workos.js.map |
{ | ||
"name": "@workos-inc/authkit-nextjs", | ||
"version": "0.5.3", | ||
"version": "0.6.1", | ||
"description": "Authentication and session helpers for using WorkOS & AuthKit with Next.js", | ||
@@ -5,0 +5,0 @@ "sideEffects": false, |
@@ -38,2 +38,13 @@ # AuthKit Next.js Library | ||
### Optional configuration | ||
Certain environment variables are optional and can be used to debug or configure cookie settings. | ||
```sh | ||
WORKOS_COOKIE_MAX_AGE='600' # maximum age of the cookie in seconds. Defaults to 31 days | ||
WORKOS_API_HOSTNAME='api.workos.com' # base WorkOS API URL | ||
WORKOS_API_HTTPS=true # whether to use HTTPS in API calls | ||
WORKOS_API_PORT=3000 # port to use for API calls | ||
``` | ||
## Setup | ||
@@ -171,2 +182,26 @@ | ||
### Get the access token | ||
Sometimes it is useful to obtain the access token directly, for instance to make API requests to another service. | ||
```jsx | ||
import { getUser } from '@workos-inc/authkit-nextjs'; | ||
export default async function HomePage() { | ||
const { accessToken } = await getUser(); | ||
if (!accessToken) { | ||
return <div>Not signed in</div>; | ||
} | ||
const serviceData = await fetch('/api/path', { | ||
headers: { | ||
Authorization: `Bearer ${accessToken}`, | ||
}, | ||
}); | ||
return <div>{serviceData}</div>; | ||
} | ||
``` | ||
### Debugging | ||
@@ -173,0 +208,0 @@ |
@@ -1,2 +0,2 @@ | ||
import { WORKOS_REDIRECT_URI } from './env-variables.js'; | ||
import { WORKOS_REDIRECT_URI, WORKOS_COOKIE_MAX_AGE } from './env-variables.js'; | ||
@@ -12,4 +12,8 @@ const redirectUrl = new URL(WORKOS_REDIRECT_URI); | ||
sameSite: 'lax' as const, | ||
// Defaults to 400 days, the maximum allowed by Chrome | ||
// It's fine to have a long cookie expiry date as the access/refresh tokens | ||
// act as the actual time-limited aspects of the session. | ||
maxAge: WORKOS_COOKIE_MAX_AGE ? parseInt(WORKOS_COOKIE_MAX_AGE, 10) : 60 * 60 * 24 * 400, | ||
}; | ||
export { cookieName, cookieOptions }; |
@@ -1,2 +0,2 @@ | ||
function getEnvVariable(name: string) { | ||
function getEnvVariable(name: string): string { | ||
const envVariable = process.env[name]; | ||
@@ -9,2 +9,6 @@ if (!envVariable) { | ||
function getOptionalEnvVariable(name: string): string | undefined { | ||
return process.env[name]; | ||
} | ||
const WORKOS_CLIENT_ID = getEnvVariable('WORKOS_CLIENT_ID'); | ||
@@ -14,2 +18,6 @@ const WORKOS_API_KEY = getEnvVariable('WORKOS_API_KEY'); | ||
const WORKOS_COOKIE_PASSWORD = getEnvVariable('WORKOS_COOKIE_PASSWORD'); | ||
const WORKOS_API_HOSTNAME = getOptionalEnvVariable('WORKOS_API_HOSTNAME'); | ||
const WORKOS_API_HTTPS = getOptionalEnvVariable('WORKOS_API_HTTPS'); | ||
const WORKOS_API_PORT = getOptionalEnvVariable('WORKOS_API_PORT'); | ||
const WORKOS_COOKIE_MAX_AGE = getOptionalEnvVariable('WORKOS_COOKIE_MAX_AGE'); | ||
@@ -20,2 +28,11 @@ if (WORKOS_COOKIE_PASSWORD.length < 32) { | ||
export { WORKOS_CLIENT_ID, WORKOS_API_KEY, WORKOS_REDIRECT_URI, WORKOS_COOKIE_PASSWORD }; | ||
export { | ||
WORKOS_CLIENT_ID, | ||
WORKOS_API_KEY, | ||
WORKOS_REDIRECT_URI, | ||
WORKOS_COOKIE_PASSWORD, | ||
WORKOS_API_HOSTNAME, | ||
WORKOS_API_HTTPS, | ||
WORKOS_API_PORT, | ||
WORKOS_COOKIE_MAX_AGE, | ||
}; |
@@ -24,2 +24,3 @@ import { User } from '@workos-inc/node'; | ||
impersonator?: Impersonator; | ||
accessToken: string; | ||
} | ||
@@ -26,0 +27,0 @@ export interface NoUserInfo { |
@@ -37,2 +37,19 @@ import { redirect } from 'next/navigation'; | ||
const url = new URL(WORKOS_REDIRECT_URI); | ||
if ( | ||
middlewareAuth.enabled && | ||
url.pathname === request.nextUrl.pathname && | ||
!middlewareAuth.unauthenticatedPaths.includes(url.pathname) | ||
) { | ||
// In the case where: | ||
// - We're using middleware auth mode | ||
// - The redirect URI is in the middleware matcher | ||
// - The redirect URI isn't in the unauthenticatedPaths array | ||
// | ||
// then we would get stuck in a login loop due to the redirect happening before the session is set. | ||
// It's likely that the user accidentally forgot to add the path to unauthenticatedPaths, so we add it here. | ||
middlewareAuth.unauthenticatedPaths.push(url.pathname); | ||
} | ||
const matchedPaths: string[] = middlewareAuth.unauthenticatedPaths.filter((pathGlob) => { | ||
@@ -96,3 +113,3 @@ const pathRegex = getMiddlewareAuthPathRegex(pathGlob); | ||
} catch (e) { | ||
console.warn('Failed to refresh', e); | ||
if (debug) console.log('Failed to refresh. Deleting cookie and redirecting.', e); | ||
const response = NextResponse.next({ | ||
@@ -130,11 +147,3 @@ request: { headers: newRequestHeaders }, | ||
async function getUser({ ensureSignedIn = false } = {}) { | ||
const hasMiddleware = Boolean(headers().get(middlewareHeaderName)); | ||
if (!hasMiddleware) { | ||
throw new Error( | ||
'You are calling `getUser` on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling `getUser` from by updating your middleware config in `middleware.(js|ts)`.', | ||
); | ||
} | ||
const session = await getSessionFromHeader(); | ||
const session = await getSessionFromHeader('getUser'); | ||
if (!session) { | ||
@@ -157,2 +166,3 @@ if (ensureSignedIn) { | ||
impersonator: session.impersonator, | ||
accessToken: session.accessToken, | ||
}; | ||
@@ -174,3 +184,2 @@ } | ||
} catch (e) { | ||
console.warn('Failed to verify session:', e); | ||
return false; | ||
@@ -189,3 +198,11 @@ } | ||
async function getSessionFromHeader(): Promise<Session | undefined> { | ||
async function getSessionFromHeader(caller: string): Promise<Session | undefined> { | ||
const hasMiddleware = Boolean(headers().get(middlewareHeaderName)); | ||
if (!hasMiddleware) { | ||
throw new Error( | ||
`You are calling \`${caller}\` on a path that isn’t covered by the AuthKit middleware. Make sure it is running on all paths you are calling \`${caller}\` from by updating your middleware config in \`middleware.(js|ts)\`.`, | ||
); | ||
} | ||
const authHeader = headers().get(sessionHeaderName); | ||
@@ -192,0 +209,0 @@ if (!authHeader) return; |
import WorkOS from '@workos-inc/node'; | ||
import { WORKOS_API_KEY } from './env-variables.js'; | ||
import { WORKOS_API_HOSTNAME, WORKOS_API_HTTPS, WORKOS_API_KEY, WORKOS_API_PORT } from './env-variables.js'; | ||
const options = { | ||
apiHostname: WORKOS_API_HOSTNAME, | ||
https: WORKOS_API_HTTPS ? WORKOS_API_HTTPS === 'true' : true, | ||
port: WORKOS_API_PORT ? parseInt(WORKOS_API_PORT) : undefined, | ||
}; | ||
// Initialize the WorkOS client | ||
const workos = new WorkOS(WORKOS_API_KEY); | ||
const workos = new WorkOS(WORKOS_API_KEY, options); | ||
export { workos }; |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
78485
1197
220