@auth0/nextjs-auth0

import { NextResponse, type NextRequest } from "next/server.js"; import * as jose from "jose"; import { AccessTokenForConnectionError, SdkError } from "../errors/index.js"; import { AccessTokenForConnectionOptions, AuthorizationParameters, BackchannelAuthenticationOptions, BackchannelAuthenticationResponse, ConnectionTokenSet, LogoutStrategy, SessionData, StartInteractiveLoginOptions, TokenSet } from "../types/index.js"; import { AbstractSessionStore } from "./session/abstract-session-store.js"; import { TransactionStore } from "./transaction-store.js"; export type BeforeSessionSavedHook = (session: SessionData, idToken: string | null) => Promise<SessionData>; export type OnCallbackContext = { returnTo?: string; }; export type OnCallbackHook = (error: SdkError | null, ctx: OnCallbackContext, session: SessionData | null) => Promise<NextResponse>; export interface Routes { login: string; logout: string; callback: string; profile: string; accessToken: string; backChannelLogout: string; } export type RoutesOptions = Partial<Pick<Routes, "login" | "callback" | "logout" | "backChannelLogout">>; export interface AuthClientOptions { transactionStore: TransactionStore; sessionStore: AbstractSessionStore; domain: string; clientId: string; clientSecret?: string; clientAssertionSigningKey?: string | jose.CryptoKey; clientAssertionSigningAlg?: string; authorizationParameters?: AuthorizationParameters; pushedAuthorizationRequests?: boolean; secret: string; appBaseUrl: string; signInReturnToPath?: string; logoutStrategy?: LogoutStrategy; includeIdTokenHintInOIDCLogoutUrl?: boolean; beforeSessionSaved?: BeforeSessionSavedHook; onCallback?: OnCallbackHook; routes: Routes; fetch?: typeof fetch; jwksCache?: jose.JWKSCacheInput; allowInsecureRequests?: boolean; httpTimeout?: number; enableTelemetry?: boolean; enableAccessTokenEndpoint?: boolean; noContentProfileResponseWhenUnauthenticated?: boolean; } export declare class AuthClient { private transactionStore; private sessionStore; private clientMetadata; private clientSecret?; private clientAssertionSigningKey?; private clientAssertionSigningAlg; private domain; private authorizationParameters; private pushedAuthorizationRequests; private appBaseUrl; private signInReturnToPath; private logoutStrategy; private includeIdTokenHintInOIDCLogoutUrl; private beforeSessionSaved?; private onCallback; private routes; private fetch; private jwksCache; private allowInsecureRequests; private httpTimeout; private httpOptions; private authorizationServerMetadata?; private readonly enableAccessTokenEndpoint; private readonly noContentProfileResponseWhenUnauthenticated; constructor(options: AuthClientOptions); handler(req: NextRequest): Promise<NextResponse>; startInteractiveLogin(options?: StartInteractiveLoginOptions): Promise<NextResponse>; handleLogin(req: NextRequest): Promise<NextResponse>; handleLogout(req: NextRequest): Promise<NextResponse>; handleCallback(req: NextRequest): Promise<NextResponse>; handleProfile(req: NextRequest): Promise<NextResponse>; handleAccessToken(req: NextRequest): Promise<NextResponse>; handleBackChannelLogout(req: NextRequest): Promise<NextResponse>; /** * Retrieves OAuth token sets, handling token refresh when necessary or if forced. * * @returns A tuple containing either: * - `[SdkError, null]` if an error occurred (missing refresh token, discovery failure, or refresh failure) * - `[null, {tokenSet, idTokenClaims}]` if a new token was retrieved, containing the new token set ID token claims * - `[null, {tokenSet, }]` if token refresh was not done and existing token was returned */ getTokenSet(tokenSet: TokenSet, forceRefresh?: boolean | undefined): Promise<[null, GetTokenSetResponse] | [SdkError, null]>; backchannelAuthentication(options: BackchannelAuthenticationOptions): Promise<[null, BackchannelAuthenticationResponse] | [SdkError, null]>; private discoverAuthorizationServerMetadata; private defaultOnCallback; /** * Handle callback errors with transaction cleanup */ private handleCallbackError; private verifyLogoutToken; private authorizationUrl; private getClientAuth; private get issuer(); /** * Exchanges a refresh token for an access token for a connection. * * This method performs a token exchange using the provided refresh token and connection details. * It first checks if the refresh token is present in the `tokenSet`. If not, it returns an error. * Then, it constructs the necessary parameters for the token exchange request and performs * the request to the authorization server's token endpoint. * * @returns {Promise<[AccessTokenForConnectionError, null] | [null, ConnectionTokenSet]>} A promise that resolves to a tuple. * The first element is either an `AccessTokenForConnectionError` if an error occurred, or `null` if the request was successful. * The second element is either `null` if an error occurred, or a `ConnectionTokenSet` object * containing the access token, expiration time, and scope if the request was successful. * * @throws {AccessTokenForConnectionError} If the refresh token is missing or if there is an error during the token exchange process. */ getConnectionTokenSet(tokenSet: TokenSet, connectionTokenSet: ConnectionTokenSet | undefined, options: AccessTokenForConnectionOptions): Promise<[ AccessTokenForConnectionError, null ] | [null, ConnectionTokenSet]>; /** * Filters and processes ID token claims for a session. * * If a `beforeSessionSaved` callback is configured, it will be invoked to allow * custom processing of the session and ID token. Otherwise, default filtering * will be applied to remove standard ID token claims from the user object. */ finalizeSession(session: SessionData, idToken?: string): Promise<SessionData>; private getOpenIdClientConfig; } type GetTokenSetResponse = { tokenSet: TokenSet; idTokenClaims?: { [key: string]: any; }; }; export {};