UNPKG

@auth0/nextjs-auth0

Version:

Auth0 Next.js SDK

github.com/auth0/nextjs-auth0

auth0/nextjs-auth0

337 lines (336 loc) 12.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
export class SdkError extends Error { } /** * Errors that come from Auth0 in the `redirect_uri` callback may contain reflected user input via the OpenID Connect `error` and `error_description` query parameter. * You should **not** render the error `message`, or `error` and `error_description` properties without properly escaping them first. */ export class OAuth2Error extends SdkError { constructor({ code, message }) { super(message ?? "An error occurred while interacting with the authorization server."); this.name = "OAuth2Error"; this.code = code; } } export class DiscoveryError extends SdkError { constructor(message) { super(message ?? "Discovery failed for the OpenID Connect configuration."); this.code = "discovery_error"; this.name = "DiscoveryError"; } } export class MissingStateError extends SdkError { constructor(message) { super(message ?? "The state parameter is missing."); this.code = "missing_state"; this.name = "MissingStateError"; } } export class InvalidStateError extends SdkError { constructor(message) { super(message ?? "The state parameter is invalid."); this.code = "invalid_state"; this.name = "InvalidStateError"; } } export class InvalidConfigurationError extends SdkError { constructor(message) { super(message ?? "The configuration is invalid."); this.code = "invalid_configuration"; this.name = "InvalidConfigurationError"; } } export class AuthorizationError extends SdkError { constructor({ cause, message }) { super(message ?? "An error occurred during the authorization flow."); this.code = "authorization_error"; this.cause = cause; this.name = "AuthorizationError"; } } export class AuthorizationCodeGrantRequestError extends SdkError { constructor(message) { super(message ?? "An error occurred while preparing or performing the authorization code grant request."); this.code = "authorization_code_grant_request_error"; this.name = "AuthorizationCodeGrantRequestError"; } } export class AuthorizationCodeGrantError extends SdkError { constructor({ cause, message }) { super(message ?? "An error occurred while trying to exchange the authorization code."); this.code = "authorization_code_grant_error"; this.cause = cause; this.name = "AuthorizationCodeGrantError"; } } export class BackchannelLogoutError extends SdkError { constructor(message) { super(message ?? "An error occurred while completing the backchannel logout request."); this.code = "backchannel_logout_error"; this.name = "BackchannelLogoutError"; } } export class BackchannelAuthenticationNotSupportedError extends SdkError { constructor() { super("The authorization server does not support backchannel authentication. Learn how to enable it here: https://auth0.com/docs/get-started/applications/configure-client-initiated-backchannel-authentication"); this.code = "backchannel_authentication_not_supported_error"; this.name = "BackchannelAuthenticationNotSupportedError"; } } export class BackchannelAuthenticationError extends SdkError { constructor({ cause }) { super("There was an error when trying to use Client-Initiated Backchannel Authentication."); this.code = "backchannel_authentication_error"; this.cause = cause; this.name = "BackchannelAuthenticationError"; } } export var AccessTokenErrorCode; (function (AccessTokenErrorCode) { AccessTokenErrorCode["MISSING_SESSION"] = "missing_session"; AccessTokenErrorCode["MISSING_REFRESH_TOKEN"] = "missing_refresh_token"; AccessTokenErrorCode["FAILED_TO_REFRESH_TOKEN"] = "failed_to_refresh_token"; })(AccessTokenErrorCode || (AccessTokenErrorCode = {})); export class AccessTokenError extends SdkError { constructor(code, message, cause) { super(message); this.name = "AccessTokenError"; this.code = code; this.cause = cause; } } /** * Enum representing error codes related to access tokens for connections. */ export var AccessTokenForConnectionErrorCode; (function (AccessTokenForConnectionErrorCode) { /** * The session is missing. */ AccessTokenForConnectionErrorCode["MISSING_SESSION"] = "missing_session"; /** * The refresh token is missing. */ AccessTokenForConnectionErrorCode["MISSING_REFRESH_TOKEN"] = "missing_refresh_token"; /** * Failed to exchange the refresh token. */ AccessTokenForConnectionErrorCode["FAILED_TO_EXCHANGE"] = "failed_to_exchange_refresh_token"; })(AccessTokenForConnectionErrorCode || (AccessTokenForConnectionErrorCode = {})); /** * Error class representing an access token for connection error. * Extends the `SdkError` class. */ export class AccessTokenForConnectionError extends SdkError { /** * Constructs a new `AccessTokenForConnectionError` instance. * * @param code - The error code. * @param message - The error message. * @param cause - The OAuth2 cause of the error. */ constructor(code, message, cause) { super(message); this.name = "AccessTokenForConnectionError"; this.code = code; this.cause = cause; } } /** * Error codes for Custom Token Exchange errors. */ export var CustomTokenExchangeErrorCode; (function (CustomTokenExchangeErrorCode) { /** * The subject_token is missing or empty. */ CustomTokenExchangeErrorCode["MISSING_SUBJECT_TOKEN"] = "missing_subject_token"; /** * The subject_token_type is not a valid URI, wrong length, or uses a reserved namespace. */ CustomTokenExchangeErrorCode["INVALID_SUBJECT_TOKEN_TYPE"] = "invalid_subject_token_type"; /** * The actor_token was provided without actor_token_type. */ CustomTokenExchangeErrorCode["MISSING_ACTOR_TOKEN_TYPE"] = "missing_actor_token_type"; /** * The token exchange request failed. */ CustomTokenExchangeErrorCode["EXCHANGE_FAILED"] = "exchange_failed"; })(CustomTokenExchangeErrorCode || (CustomTokenExchangeErrorCode = {})); /** * Error class representing a Custom Token Exchange error. * Extends the `SdkError` class. * * This error is thrown when a Custom Token Exchange operation fails, * such as validation errors or server-side token exchange failures. * * @see {@link https://auth0.com/docs/authenticate/custom-token-exchange Auth0 Custom Token Exchange Documentation} */ export class CustomTokenExchangeError extends SdkError { /** * Constructs a new `CustomTokenExchangeError` instance. * * @param code - The error code. * @param message - The error message. * @param cause - The OAuth2 cause of the error. */ constructor(code, message, cause) { super(message); this.name = "CustomTokenExchangeError"; this.code = code; this.cause = cause; } } /** * Error codes for DPoP-related errors. * * These error codes categorize different types of failures that can occur * during DPoP (Demonstrating Proof-of-Possession) operations. */ export var DPoPErrorCode; (function (DPoPErrorCode) { /** * Failed to calculate dpop_jkt (JWK thumbprint) parameter. * This occurs when the SDK cannot generate the required thumbprint * from the provided public key for the authorization request. */ DPoPErrorCode["DPOP_JKT_CALCULATION_FAILED"] = "dpop_jkt_calculation_failed"; /** * Failed to export DPoP public key to JWK format. * This occurs when the SDK cannot convert the CryptoKey to the * JSON Web Key format required for DPoP proofs. */ DPoPErrorCode["DPOP_KEY_EXPORT_FAILED"] = "dpop_key_export_failed"; /** * DPoP configuration is invalid or incomplete. * This occurs when the provided DPoP configuration contains * invalid values or missing required components. */ DPoPErrorCode["DPOP_CONFIGURATION_ERROR"] = "dpop_configuration_error"; })(DPoPErrorCode || (DPoPErrorCode = {})); /** * Represents an error that occurred during DPoP (Demonstrating Proof-of-Possession) operations. * * DPoP is an OAuth 2.0 extension that provides application-level proof-of-possession security * by binding access tokens to cryptographic key pairs. This error is thrown when DPoP-related * operations fail, such as key pair operations, proof generation, or configuration issues. * * Common scenarios that trigger DPoPError: * - Invalid or incompatible key pairs (wrong algorithm, corrupted keys) * - JWK thumbprint calculation failures * - Public key export failures to JWK format * - Invalid DPoP configuration parameters * * @example Handling DPoP errors * ```typescript * try { * const auth0 = new Auth0Client({ * useDPoP: true, * dpopKeyPair: invalidKeyPair * }); * } catch (error) { * if (error instanceof DPoPError) { * console.error(`DPoP Error [${error.code}]:`, error.message); * * switch (error.code) { * case DPoPErrorCode.DPOP_KEY_EXPORT_FAILED: * console.error("Key export failed. Check key format and algorithm."); * break; * case DPoPErrorCode.DPOP_JKT_CALCULATION_FAILED: * console.error("JWK thumbprint calculation failed. Verify key validity."); * break; * case DPoPErrorCode.DPOP_CONFIGURATION_ERROR: * console.error("Invalid DPoP configuration. Check options and environment variables."); * break; * } * * if (error.cause) { * console.error("Underlying cause:", error.cause); * } * } * } * ``` * * @example Creating a DPoP error * ```typescript * throw new DPoPError( * DPoPErrorCode.DPOP_JKT_CALCULATION_FAILED, * "Failed to calculate dpop_jkt parameter from public key", * originalError * ); * ``` * * @see {@link https://datatracker.ietf.org/doc/html/rfc9449 | RFC 9449: OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)} */ export class DPoPError extends SdkError { /** * Constructs a new `DPoPError` instance. * * @param code - The DPoP error code indicating the specific type of failure * @param message - A descriptive error message explaining what went wrong * @param cause - The underlying error that caused this DPoP error (optional) * * @example * ```typescript * const dpopError = new DPoPError( * DPoPErrorCode.DPOP_KEY_EXPORT_FAILED, * "Unable to export public key to JWK format", * keyExportError * ); * ``` */ constructor(code, message, cause) { super(message); this.name = "DPoPError"; this.code = code; this.cause = cause; } } /** * Error class representing a connect account request error. */ export class MyAccountApiError extends SdkError { constructor({ type, title, detail, status, validationErrors }) { super(`${title}: ${detail}`); this.name = "MyAccountApiError"; this.code = "my_account_api_error"; this.type = type; this.title = title; this.detail = detail; this.status = status; this.validationErrors = validationErrors; } } /** * Enum representing error codes related to the connect account flow. */ export var ConnectAccountErrorCodes; (function (ConnectAccountErrorCodes) { /** * The session is missing. */ ConnectAccountErrorCodes["MISSING_SESSION"] = "missing_session"; /** * Failed to initiate the connect account flow. */ ConnectAccountErrorCodes["FAILED_TO_INITIATE"] = "failed_to_initiate"; /** * Failed to complete the connect account flow. */ ConnectAccountErrorCodes["FAILED_TO_COMPLETE"] = "failed_to_complete"; })(ConnectAccountErrorCodes || (ConnectAccountErrorCodes = {})); /** * Error class representing a connect account error. */ export class ConnectAccountError extends SdkError { constructor({ code, message, cause }) { super(message); this.name = "ConnectAccountError"; this.code = code; this.cause = cause; } }