UNPKG

@auth0/nextjs-auth0

Version:

Auth0 Next.js SDK

github.com/auth0/nextjs-auth0

auth0/nextjs-auth0

67 lines (66 loc) 2.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
import { NextResponse } from "next/server.js"; import { MfaRequirements } from "../errors/index.js"; import type { MfaContext } from "../types/index.js"; /** * Encrypt mfa_token with full context before exposing to application. * Uses same encryption as session cookies (JWE with AES-256-GCM). * The encrypted token is self-contained with audience, scope, and requirements. * * @param mfaToken - Raw mfa_token from Auth0 * @param audience - The API audience the token is for * @param scope - The requested scope * @param mfaRequirements - MFA requirements from Auth0 * @param secret - Cookie secret for encryption * @param ttlSeconds - TTL in seconds for JWE expiration * @returns Encrypted JWE string containing full MFA context */ export declare function encryptMfaToken(mfaToken: string, audience: string, scope: string, mfaRequirements: MfaRequirements | undefined, secret: string, ttlSeconds: number): Promise<string>; /** * Decrypt encrypted mfa_token from application to extract full context. * * @param encryptedToken - Encrypted JWE from MfaRequiredError * @param secret - Cookie secret for decryption * @returns MfaContext with mfaToken, audience, scope, and requirements * @throws MfaTokenExpiredError if JWE TTL exceeded * @throws MfaTokenInvalidError if token is tampered/malformed */ export declare function decryptMfaToken(encryptedToken: string, secret: string): Promise<MfaContext>; /** * Detect if an OAuth error response indicates MFA is required. * Works with oauth4webapi's ResponseBodyError which has `error` property directly. * * @param error - Error object from oauth4webapi * @returns True if error indicates mfa_required */ export declare function isMfaRequiredError(error: unknown): boolean; /** * Extract mfa_token and error details from Auth0's mfa_required response. * oauth4webapi's ResponseBodyError puts custom fields (mfa_token, mfa_requirements) * in the `cause` property, while `error` and `error_description` are directly on the error. * * @param error - Error object from oauth4webapi containing Auth0 response * @returns Object with mfa_token, error_description, and mfa_requirements if present */ export declare function extractMfaErrorDetails(error: unknown): { mfa_token: string | undefined; error_description: string | undefined; mfa_requirements: MfaRequirements | undefined; }; /** * Get HTTP status code for MFA error. * * Centralized mapping: 401 (auth), 400 (validation), 500 (unexpected) * * @param error - Error instance * @returns HTTP status code */ export declare function getMfaErrorStatusCode(error: Error): number; /** * Handle MFA errors and format response. * * Wraps non-SDK errors for consistent shape, uses error.toJSON() for serialization. * * @param e - Error thrown by business logic * @returns NextResponse with error details */ export declare function handleMfaError(e: unknown): NextResponse;