@smg-automotive/auth
v5.0.8
Published
SMG Automotive auth package
Downloads
1,966
Readme
auth-pkg
Usage
npm install @smg-automotive/auth
The goal of this package is to support current auth implementation. It reads access and refresh tokens form cookies by domain.
Accessing user data and access tokens on the server
When accessing the user data and accessToken from the server, make sure to use the deriveUserAndTokenFromCookieHeader
helper to derive the data from the cookies.
The values normally originate form the request cookies unless they have been added or updated within the current request.
In that case the correct data may only be present as a set cookie header and needs to be parsed form there in order to
avoid accessing outdate or missing information.
Middleware
Call ensureTokenFreshness
on middleware return. Pass to it Next.js request
, response
and specific auth config.
Auth config for middleware:
const authConfig = {
tokenNames: {
access: 'at',
refresh: 'rt',
},
subMinutesFromExpirationTime: 300000,
refreshTokenApiUrl: `https://api.dev/refreshtoken`,
cookieDomain: '.domain',
errorHandler: (error) => {},
};
tokenNames
- access and refresh token namessubMinutesFromExpirationTime
- amount of minutes to substract from access token expiration timerefreshTokenApiUrl
- api url to refresh tokencookieDomain
- domain for cookieserrorHandler
- error handler method to handle errors
import { ensureTokenFreshness } from '@smg-automotive/auth-pkg';
export function middleware(request: NextRequest, _event: NextFetchEvent) {
// ... middleware code
const response = NextResponse.next();
return ensureTokenFreshness(request, response, authConfig);
}
AuthProvider
Wrap an application with AuthProvider and pass to it authConfig
prop.
In order to be sure for a client side to have valid token and expose it in a context.
Auth config for provider:
const authConfig = {
tokenNames: {
access: 'at',
refresh: 'rt',
},
subMinutesFromExpirationTime: 300000,
triggerRefreshTokenApiUrl: '/api/live',
errorHandler: (error) => {},
};
It contains of special triggerRefreshTokenApiUrl
property.
It is internal api url in your application (as like: /api/live
), which will be called in AuthProvider by interval in order to trigger middleware
to ensure access token freshness on client side.
import { AuthProvider } from '@smg-automotive/auth-pkg';
<AuthProvider authConfig={authConfig}>
<div>app code...</div>
</AuthProvider>;
AuthConfig
Auth config contains of:
accessTokenName
- the name of access token based on the environmentaccessTokenName
- the name of refresh token based on the environmentsubMinutesFromExpirationTime
- time in ms when access token will be refreshed before expirationtriggerRefreshTokenApiUrl
-
Development
You can link your local npm package to integrate it with any local project:
cd smg-automotive-auth-pkg
npm run build
cd <project directory>
npm link ../smg-automotive-auth-pkg
Release a new version
New versions are released on the ci using semantic-release as soon as you merge into master. Please
make sure your merge commit message adheres to the corresponding conventions and your branch name does not contain forward slashes /
.