@smg-automotive/auth NPM

auth-pkg

Usage

npm install @smg-automotive/auth

The goal of this package is to support current auth implementation. It reads access and refresh tokens form cookies by domain.

Accessing user data and access tokens on the server

When accessing the user data and accessToken from the server, make sure to use the deriveUserAndTokenFromCookieHeader helper to derive the data from the cookies. The values normally originate form the request cookies unless they have been added or updated within the current request. In that case the correct data may only be present as a set cookie header and needs to be parsed form there in order to avoid accessing outdate or missing information.

Middleware

Call ensureTokenFreshness on middleware return. Pass to it Next.js request, response and specific auth config.

Auth config for middleware:

const authConfig = {
  tokenNames: {
    access: 'at',
    refresh: 'rt',
  },
  subMinutesFromExpirationTime: 300000,
  refreshTokenApiUrl: `https://api.dev/refreshtoken`,
  cookieDomain: '.domain',
  errorHandler: (error) => {},
};

tokenNames - access and refresh token names
subMinutesFromExpirationTime - amount of minutes to substract from access token expiration time
refreshTokenApiUrl - api url to refresh token
cookieDomain - domain for cookies
errorHandler - error handler method to handle errors

import { ensureTokenFreshness } from '@smg-automotive/auth-pkg';

export function middleware(request: NextRequest, _event: NextFetchEvent) {
  // ... middleware code

  const response = NextResponse.next();
  return ensureTokenFreshness(request, response, authConfig);
}

AuthProvider

Wrap an application with AuthProvider and pass to it authConfig prop. In order to be sure for a client side to have valid token and expose it in a context.

Auth config for provider:

const authConfig = {
  tokenNames: {
    access: 'at',
    refresh: 'rt',
  },
  subMinutesFromExpirationTime: 300000,
  triggerRefreshTokenApiUrl: '/api/live',
  errorHandler: (error) => {},
};

It contains of special triggerRefreshTokenApiUrl property.

It is internal api url in your application (as like: /api/live), which will be called in AuthProvider by interval in order to trigger middleware to ensure access token freshness on client side.

import { AuthProvider } from '@smg-automotive/auth-pkg';

<AuthProvider authConfig={authConfig}>
  <div>app code...</div>
</AuthProvider>;

AuthConfig

Auth config contains of:

accessTokenName - the name of access token based on the environment
accessTokenName - the name of refresh token based on the environment
subMinutesFromExpirationTime - time in ms when access token will be refreshed before expiration
triggerRefreshTokenApiUrl -

Development

You can link your local npm package to integrate it with any local project:

cd smg-automotive-auth-pkg
npm run build

cd <project directory>
npm link ../smg-automotive-auth-pkg

Release a new version

New versions are released on the ci using semantic-release as soon as you merge into master. Please make sure your merge commit message adheres to the corresponding conventions and your branch name does not contain forward slashes /.