@krakentech/blueprint-auth
39.1.2
Patch Changes
-
2567a7c: New bundling strategy for better performance
-
Unbundle mode Packages are now bundled using tsdown's unbundle mode. This mode drastically reduces the number of generated file compared to the glob-filtered entries we used before, and prevented proper tree-shaking.
-
Automatic package.json exports tsdown is now responsible for generating the
package.jsonexports,main,module, andtypesfields. This ensures packages follow best practices.
-
39.1.1
Patch Changes
- b783f71:
loginHandlerandgraphqlHandler: remove noisyUnexpected error response. This could mean that the isKrakenErrorResponse type guard is not working as expected.log message.
39.1.0
Minor Changes
-
535870e: Rename
SessionDatatoSessionStateand addisScopedSession"flag".- import type { SessionData } from "@krakentech/blueprint-auth";
+ import type { SessionState } from "@krakentech/blueprint-api";This type is now coming from
@krakentech/blueprint-apiand re-exported by@krakentech/blueprint-authfor convenience. The goal being: having a single source of truth.Because of this change, the new
SessionStatetype now includes theisScopedSessionboolean flag:type SessionState = {
isAuthenticated: boolean;
isMasquerading: boolean;
isMobileWebView: boolean;
+ isScopedSession: boolean;
sub: string | null;
};These changes affect any session-related code:
useSessionhook,sessionHandler, etc.
39.0.1
Patch Changes
-
c045425: Fix peer dependencies to use
^instead of exact versions.- "@krakentech/blueprint-api": "3.3.0",
+ "@krakentech/blueprint-api": "^3.3.0",
- "@vercel/edge-config": "1.1.0",
+ "@vercel/edge-config": "^1.1.0",
39.0.0
Major Changes
-
40dcf89: Replace
useSecureCookiewithgetCookieOptionsprop. This allows more flexibility in cookie configuration, such as setting different options based on the environment or specific requirements. It also allows different options for different cookies if needed.Cookies also now default to
sameSite: 'lax'to allow for a better out-of-the-box experience, while still being secure. This allows for easier integration with third-party services that may require cookies to be sent in cross-site requests, such as OAuth providers or redirect from other domains (e.g. email links).It stills ships with sensible defaults:
{
expires, // same as before, depends on the cookie being set but it's based on the token expiry (if available)
httpOnly: true,
secure: true,
sameSite: "lax"
}What you need to change is:
{
- useSecureCookie: false;
+ getCookieOptions: () => ({ secure: false }),
}You can now also provide different options based on the cookie name:
{
getCookieOptions: (cookieName) => {
if (cookieName === "masquerade") {
return { secure: true, sameSite: "strict" };
}
return { secure: false, sameSite: "lax" };
},
}
38.0.3
Patch Changes
-
34f0b6d:
authMiddleware: supportscopedTokenbeing used as an actual access token, allowing access to any anon routes when present. A good example would be magic link login flows.Example usage:
await authMiddleware({
appRoutes: {
anon: {
getPreSignedKey: (url) => {
if (url.pathname.startsWith("/anon")) {
const [_anon, preSignedKey] = url.pathname.split("/").filter(Boolean);
return { preSignedKey };
}
if (url.pathname.startsWith("/dashboard")) {
return { preSignedKey: url.searchParams.get("preSignedKey") };
}
},
pathname: ["/anon", "/dashboard"],
},
},
...
});
38.0.2
Patch Changes
- be3f2bd:
useLogout: invalidate (instead of resetting) theuseSessionquery cache since resetting it setsdatatoundefinedand we don't want that since that can make deconstruction fail (for exampleconst { data: { isAuthenticated } } = useSession()).
38.0.1
Patch Changes
- dfaaa0b: Masquerading: improve error handling so that it's easier to understand why it fails
38.0.0
Patch Changes
- e2346c1:
useGraphQLClient.userScopedGraphQLClient: automatically prepend thewindow.location.originwhen a relative path is provided as theapiRoutes.graphqlto thecreateClientSideAuthfunction. - Updated dependencies [7dc77b4]
- @krakentech/blueprint-api@3.3.0
37.0.0
Major Changes
-
96c4eb3: The
cookies-nextdependency was updated to v6.1.0 as a first step toward App Router support.Key changes
- Server-side utility functions from
cookies-nextare now asynchronous.
Migration guide
@krakentech/blueprint-auth
The
getSessionDatafunction is now asynchronous.- const session = getSessionData()
+ const session = await getSessionData()The
sessionHandlerAPI route handler is now asynchronous.The
getAuthCookies,getRefreshToken,getSecureCookie,removeAllCookies,removeAuthCookies,removeSecureCookies, andsetSecureCookieutility functions returned fromcreateAuthCookieUtilsare now asynchronous.const {
getAuthCookies
getRefreshToken
getSecureCookie
removeAllCookies
removeAuthCookies
removeSecureCookies
setSecureCookie
} = createAuthCookieUtils({ req, res })
- const cookies = getAuthCookies()
+ const cookies = await getAuthCookies()
- const accessToken = getSecureCookie("access")
+ const accessToken = await getSecureCookie("access")
- removeAllCookies()
+ await removeAllCookies()
- removeAuthCookies()
+ await removeAuthCookies()
- removeSecureCookies()
+ await removeSecureCookies(["access", "refresh"])
- setSecureCookie({ key: "access", value: "foo" })
+ await setSecureCookie({ key: "access", value: "foo" })@krakentech/blueprint-onboarding
The
deleteCookieOnServerutility function returned bycreateNextWizardis now asynchronous.- deleteCookieOnServer()
+ await deleteCookieOnServer() - Server-side utility functions from
Minor Changes
-
63447ac: Allow Next 15 and React 19 as peer dependencies.
The minimum required versions are still the same:
next@14.2.25react@18.2.0react-dom@18.2.0.@types/react@18.3.23
36.0.1
Patch Changes
- Updated dependencies [e4dc37d]
- @krakentech/blueprint-api@3.2.1
36.0.0
Patch Changes
- Updated dependencies [72176a1]
- Updated dependencies [12e020f]
- @krakentech/blueprint-api@3.2.0
35.0.0
Patch Changes
- Updated dependencies [8982f0f]
- @krakentech/blueprint-api@3.1.0
34.0.1
Patch Changes
- Updated dependencies [bf089bc]
- @krakentech/blueprint-api@3.0.1
34.0.0
Major Changes
- bad97b4: Bump graphql-request from
^6.1.0to^7.2.0
Patch Changes
- Updated dependencies [bad97b4]
- @krakentech/blueprint-api@3.0.0
33.1.0
Minor Changes
-
e4e85cb:
loginHandler: strip out anything from the response that could help bad actors exploit Kraken's systems by using its response to determine if a user exists or not, if the user is locked out, if the password is correct, etc.Before
{
"data": {
"obtainKrakenToken": null
},
"errors": [
{
"message": "Invalid data.",
"locations": [
{
"line": 3,
"column": 9
}
],
"path": ["obtainKrakenToken"],
"extensions": {
"errorType": "VALIDATION",
"errorCode": "KT-CT-1138",
"errorDescription": "Please make sure the credentials are correct.",
"errorClass": "VALIDATION",
"validationErrors": [
{
"message": "Please make sure the credentials are correct.",
"inputPath": ["input", "email"]
},
{
"message": "Please make sure the credentials are correct.",
"inputPath": ["input", "password"]
}
]
}
}
]
}After
{
"data": null,
"errors": [
{
"message": "Invalid data.",
"extensions": {
"errorCode": "KT-CT-1138"
}
}
]
}
33.0.0
Patch Changes
- Updated dependencies [6ed7c25]
- @krakentech/blueprint-api@2.0.0
32.1.0
Minor Changes
- 661841b:
authMiddleware: ensure that all auth-related cookies are cleared if the user is not authenticated in any way. - e3e3cd8:
getServerSideGraphQLClients: stop attempting to refresh tokens for masquerade/scopes sessions since they have no refresh token. - e3e3cd8:
authMiddleware: addmasqueradeExpiresprop so that consumers can customize the expiration time of masquerade cookies. By default, it is set to 1 hour. - e3e3cd8: Set expiry times for all auth-related cookies to prevent issues with cookie expiration.
32.0.0
Major Changes
- 515ef52: Remove
withBlueprintAuthsince, as ofblueprint-api@1.0.0, you no longer have to use it in yournext.configfile. This util was previously masking an issue where@tanstack/react-querywas being imported in server-side code and, sinceblueprint-apiclient code has been split into its own submodule, it is no longer necessary. (middleware is importing from the api package, that's why we needed this workaround before)
Minor Changes
- 7bf9be6: Specify external relative imports file extensions:
from 'next/compat/routertofrom 'next/compat/router.js'to ensure compatibility with ESM imports.
31.1.1
Patch Changes
- 8f195fc: Set files: ["dist"]
- Updated dependencies [8f195fc]
- @krakentech/blueprint-api@1.2.1
31.1.0
Minor Changes
- 3e02b23: Rename the
X-Client-IPandX-Client-IP-Authorizationheaders toX-Kraken-Client-IPandX-Kraken-Client-IP-Authorization. Because theX-Client-IPheader has been deprecated and will be removed on 2025-08-01.
31.0.0
Patch Changes
- Updated dependencies [0401bcc]
- @krakentech/blueprint-api@1.2.0
30.0.0
Patch Changes
- Updated dependencies [9926ab8]
- @krakentech/blueprint-api@1.1.0
29.0.0
Patch Changes
- Updated dependencies [507d46c]
- @krakentech/blueprint-api@1.0.0
28.1.0
Minor Changes
- fdd22ba:
getServerSideGraphQLClients: fix issue where requests made using theorganizationScopedGraphQLClient(when the cached organization token is invalid) would not try to get the latest organization token from the Edge Config directly from Vercel through a "GET" request and instead get a new token from Kraken and (try to) update the Edge Config with it, which would result in us making so many requests that we would hit Vercel's Edge Config API rate limit.
28.0.0
Patch Changes
- Updated dependencies [639224c]
- @krakentech/blueprint-api@0.8.0
27.0.0
Minor Changes
-
6343863: Turn the package into an ES Module. This includes:
- Adding
"type": "module"to thepackage.json - Updating the
exportsfield to include both ESM and CommonJS versions - Ensuring all imports and exports are compatible with ESM
It shouldn't break any existing functionality, as the CommonJS version is still available for compatibility.
- Adding
Patch Changes
- Updated dependencies [6343863]
- @krakentech/blueprint-api@0.7.0
26.2.0
Minor Changes
-
fd482bf:
logoutHandler/useLogout: change the method toPOSTfromGETsince usingPOSTis a security best practice to prevent Cross-Site Request Forgery (CSRF) when it comes to state-changing requests.You might have to update any mocking you're doing when it comes to logging out since it now expects a
POSTrequest instead ofGET.
Patch Changes
- fd482bf:
loginHandler: validate thereq.bodybefore making the request to Kraken
26.1.1
Patch Changes
-
971dd01: # Enable tree-shaking of blueprint packages
The blueprint packages are now code-split and tagged as side-effect free. Bundlers such as Webpack are able to perform tree-shaking and only include necessary code in application bundles.
-
Updated dependencies [971dd01]
- @krakentech/blueprint-api@0.6.1
26.1.0
Minor Changes
- 255b22d:
getServerSideGraphQLClients: removex-raw-cookiessince we don't need them anymore + they make some requests to Kraken return a400 - Request Header Or Cookie Too Largeerror
26.0.0
Major Changes
-
6394ea7: The
graphqlHandlerdoes not handle organization-scoped requests anymore, all organization-scoped requests need to be performed server-side using theorganizationScopedGraphQLClientreturned bygetServerSideGraphQLClients.The
edgeConfig,encryption,krakenConfig.organizationSecretKey, andallowedOrganizationScopedOperationsare now unnecessary.graphqlHandler({
req,
res,
krakenConfig: {
graphqlEndpoint,
- organizationSecretKey: process.env.KRAKEN_ORGANIZATION_KEY,
xClientIpSecretKey: process.env.KRAKEN_X_CLIENT_IP_SECRET_KEY,
},
- encryption: {
- key: process.env.AUTH_ENCRYPTION_KEY,
- iv: process.env.AUTH_ENCRYPTION_IV,
- },
- edgeConfig: {
- envVar: process.env.EDGE_CONFIG,
- teamId: process.env.VERCEL_TEAM_ID,
- authToken: process.env.VERCEL_AUTH_TOKEN,
- },
- allowedOrganizationScopedOperations: ['thirdPartyViewer'],
});The
useGraphQLClientshook has been renameduseGraphQLClientas it now only return theuserScopedGraphQLClient:- import { useGraphQLClients } from '@krakentech/blueprint-auth'
+ import { useGraphQLClient } from '@krakentech/blueprint-auth'- const { userScopedGraphQLClient } = useGraphQLClients()
+ const { userScopedGraphQLClient } = useGraphQLClient()Client-side requests made using the
organizationScopedGraphQLClientshould be moved server-side. In most cases the request can be done during the server-side rendering of the page, i.e. ingetServerSideProps. If the request was performed in response to a user interaction, the request should be performed by a custom API route handler. -
3c4aa75: Client-side hooks and the
AuthProvidershould now be constructed using thecreateClientSideAuthbuilder function.Somewhere in your project, export the functions returned by
createClientSideAuth, e.g. insrc/lib/bluerprint-auth/client.ts.import { createClientSideAuth } from "@krakentech/blueprint-auth/client";
export const {
AuthProvider,
useAuth,
useGraphQLClient,
useLogin,
useLogout,
useSession,
useKrakenAuthErrorHandler,
} = createClientSideAuth({
apiRoutes: {
graphql: {
kraken: "/api/graphql/kraken",
},
login: "/api/auth/login",
logout: "/api/auth/logout",
session: "/api/auth/session",
},
defaultTarget: "kraken",
});In application code, replace imports from
@krakentech/blueprint-auth/clientby the create functions.- import { AuthProvider } from "@krakentech/blueprint-auth/client"
+ import { AuthProvider } from "@/lib/blueprint-auth/client"If your application needs to target multiple GraphQL APIs using
graphqlHandler, you should create one GraphQL API route per back-end, and provide the API routes tocreateClientSideAuth. You can define the default back-end to target to run client-side queries.export const { ... } = createClientSideAuth({
apiRoutes: {
graphql: {
kraken: "/api/graphql/kraken",
oe: "/api/graphql/oe",
},
...
},
defaultTarget: "kraken",
})In order to perform a client-side request against the back-end of your choice, the
useGraphQLClienthook takes an optional target argument.import { useGraphQLClient } from "@/lib/blueprint-auth/client";
// make requests to `apiRoutes.graphql.kraken (defaultTarget)`
const { userScopedGraphQLClient } = useGraphQLClient();
const { userScopedGraphQLClient } = useGraphQLClient("kraken");
// make requests to `apiRoutes.graphql.oe`
const { userScopedGraphQLClient } = useGraphQLClient("oe"); -
ef0274f: Homogenization of the APIs throughout the package utility functions and API handlers:
-
krakenGraphqlApiUrl→krakenConfig.graphqlEndpointThe
krakenGraphqlApiUrloption ofgetServerSideGraphQLClientshas been moved tokrakenConfig.graphqlEndpointfor consistency.
const { userScopedGraphQLClient } = getServerSideGraphQLClients({
context,
- krakenGraphqlApiUrl: process.env.KRAKEN_AUTH_ENDPOINT,
+ krakenConfig: {
+ graphqlEndpoint: process.env.KRAKEN_AUTH_ENDPOINT,
+ },
})-
appRoutesandapiRoutesnow require object formatAll variants of the
appRoutes, andapiRoutesconfiguration options are now derived from the sameAppRoutes, andApiRoutestypes respectively. Use{ pathname: string }instead of plain strings.
The
appRoutesconfiguration option of theAuthProviderfollows the newAppRoutesinterface.<AuthProvider
appRoutes={{
- dashboard: '/dashboard',
+ dashboard: {
+ pathname: '/dashboard',
+ },
- login: '/login',
+ login: {
+ pathname: '/login',
+ },
}}
>The
appRoutesconfiguration option of theauthMiddlewarefollows the newAppRoutesinterface.authMiddleware({
appRoutes: {
anon: {
- path: '/anon',
+ pathname: '/anon',
getPreSignedKey(url) {...},
},
dashboard: {
- path: '/dashboard',
+ pathname: '/dashboard',
},
login: {
- path: '/login',
+ pathname: '/login',
},
masquerade: {
- path: '/masquerade',
+ pathname: '/masquerade',
getUserIdAndMarqueradeToken(url) {...},
},
}
})krakenOAuthApiRoutemoved intoapiRoutes.krakenOAuth
The
krakenOAuthApiRouteconfiguration option ofcreateKrakenOAuthURIhas been moved toapiRoutes.krakenOAuthfor consistency.createKrakenOAuthURI({
req,
res,
- krakenOAuthApiRoute: '/api/auth/kraken-oauth',
+ apiRoutes: {
+ krakenOAuth: '/api/auth/kraken-oauth'
+ },
})The
appRoutesconfiguration option ofkrakenOAuthHandlerfollows the newAppRoutesinterface, additionallyappRoutes.krakenOAuthhas been moved toapiRoutes.krakenOAuthfor consistency.krakenOAuthHandler({
req,
res,
appRoutes: {
- dashboard: '/dashboard',
+ dashboard: {
+ pathname: '/dashboard',
+ },
- login: '/login',
+ login: {
+ pathname: '/login',
+ },
- krakenOAuth: '/api/auth/kraken-oauth'
},
+ apiRoutes: {
+ krakenOAuth: '/api/auth/kraken-oauth'
+ },
})-
Defaults from environment variables
Default values for the
krakenConfigconfiguration option are derived from environment variables consistently throughout the utility functions and handlers of the package. This means, unless a value differing from the environment variable needs to be used, thekrakenConfigconfiguration option can be omitted completely or partially in:authMiddlewarecreateKrakenOAuthURIgetServerSideGraphQLClientsgraphqlHandlerkrakenOAuthHandlerloginHandlerupdateOrgTokenHandler
const defaultKrakenConfig = {
authEndpoint: process.env.KRAKEN_AUTH_ENDPOINT,
graphqlEndpoint: process.env.KRAKEN_GRAPHQL_ENDPOINT,
oauthClientId: process.env.KRAKEN_OAUTH_CLIENT_ID,
organizationSecretKey: process.env.KRAKEN_ORGANIZATION_KEY,
xClientIpSecretKey: process.env.KRAKEN_X_CLIENT_IP_SECRET_KEY,
};Similarly, the
edgeConfigandencryptionconfiguration options are now derived from environment variables ingetServerSideGraphQLClientsandupdateOrgTokenHandler.const defaultEdgeConfig = {
envVar: process.env.EDGE_CONFIG,
teamId: process.env.VERCEL_TEAM_ID,
authToken: process.env.VERCEL_AUTH_TOKEN,
};
const defaultEncryptionConfig = {
key: process.env.AUTH_ENCRYPTION_KEY,
iv: process.env.AUTH_ENCRYPTION_IV,
}; -
-
61bc194: The package has been split into multiple sub-modules.
Exports general-purpose constants and types.
import {
TOKEN_COOKIE_KEYS,
krakenAuthTokenOverrideHeader,
rawCookiesHeader,
xClientIpAuthorizationHeader,
xClientIpHeader,
sessionQueryKey,
ignoredQueryParams,
nextPageParam,
type CookieKey,
type CookieMap,
type CookieName,
type AuthScope,
type EdgeConfig,
type EncryptionConfig,
type KrakenConfig,
type AuthHandlers,
type SessionData,
} from "@krakentech/blueprint-auth";Exports client-side hooks and context providers.
import {
AppProvider,
useAuth,
useGraphQLClient
useKrakenAuthErrorHandler,
useLogin,
useLogout,
useSession,
- } from '@krakentech/blueprint-auth'
+ } from '@krakentech/blueprint-auth/client'Exports the middleware handler.
import {
authMiddleware,
type AuthMiddlewareProps,
- } from '@krakentech/blueprint-auth'
+ } from '@krakentech/blueprint-auth/middleware'Export server-side utility functions and API handlers.
import {
createKrakenOAuthURI,
getServerSideGraphQLClients,
getSessionData,
graphqlHandler,
krakenOAuthHandler,
loginHandler,
logoutHandler,
prefetchSession,
sessionHandler,
updateOrgTokHandler,
type AuthenticatedGraphQLClient,
type GetServerSideGraphQLClientsConfigOptions,
type GetServerSideGraphQLClientsArgs,
type getServerSideGraphQLClientsContext,
type ObtainKrakenToken,
- } from '@krakentech/blueprint-auth'
+ } from '@krakentech/blueprint-auth/server'Exports utility functions.
import {
createAuthCookieUtils,
setKrakenAuthTokenOverrideHeader,
setNextPageSearchParam,
- } from '@krakentech/blueprint-auth'
+ } from '@krakentech/blueprint-auth/utils'Exports the webpack plugin.
import {
withBlueprintAuth,
- } from '@krakentech/blueprint-auth'
+ } from '@krakentech/blueprint-auth/webpack'
Minor Changes
-
2b03696: Allow auth-scope dependent custom-headers on server-side GraphQL clients.
The
setCustomHeaderscallback ofgetServerSideGraphQLClientstakes an additionalauthScope: 'user' | 'organization'parameter, allowing consumers to conditionally set headers.const { userScopedGraphQLClient, orgrnizationScopedGraphQLClient } =
getServerSideGraphQLClients({
setCustomHeaders(headers, scope) {
switch (scope) {
case "user": {
return headers.set("x-custom-header", "foo");
}
case "organization": {
return headers.set("x-custom-header", "bar");
}
}
},
}); -
25c7dee: The new
krakenConfig.graphqlAuthEndpointcan be used to target a different GraphQL API endpoint for all internal authentication operations. This is useful when using a back-end delegating authentication to Kraken.This can be configured by setting the
KRAKEN_GRAPHQL_AUTH_ENDPOINTenvironment variable, or by providing the option to:authMiddlewaregetServerSideGraphQLClientsgraphqlHandlerloginHandlerupdateOrgTokenHandler
const { userScopedGraphQLClient } = getServerSideGraphQLClients({
context,
config: {
krakenConfig: {
graphqlEndpoint: "https://api.your-brand.energy/v1/graphql/",
graphqlAuthEndpoint: "https://api.your-kraken-auth.energy/v1/graphql/",
},
},
});
25.1.0
Minor Changes
- 9c24225: Use DeepPartial type for mock data
25.0.3
Patch Changes
-
8734fdd: ## @krakentech/blueprint-auth
- Reset session query after logout. This means that the
isAuthenticatedprop from theuseSessionhook returns an updated value on logout.
@krakentech/chat-bot
- Implement chatbot feature so that it actually calls the APIs. See the gb-energy-consumer-site for an example of how to implement it.
- Reset session query after logout. This means that the
25.0.2
Patch Changes
- 45653b2: Import
useRouterfromnext/compat/routerinstead ofnext/routerto ensure compatibility.
25.0.1
Patch Changes
- 5acadcc: Import
useRouterfromnext/compat/router
25.0.0
Major Changes
-
d580b2f:
useSession: return the fulluseQueryobject instead of destructureddataobject. This change is to provide more flexibility to the consumer to handle the loading and error states and to align with best practices.- const { isAuthenticated, isMasquerading, isMobileWebView, sub } = useSession();
+ const { data: { isAuthenticated, isMasquerading, isMobileWebView, sub }, isLoading, isError, ... } = useSession();
Patch Changes
- Updated dependencies [d580b2f]
- @krakentech/blueprint-api@0.6.0
24.0.3
Patch Changes
- 3a9660b: Bump next peerDependency from ^14.2.9 to ^14.2.25 in order to address a security vulnerability
24.0.2
Patch Changes
- 3c29cde: Create tsup.config file and mark
react/react-domas externals - Updated dependencies [3c29cde]
- @krakentech/blueprint-api@0.5.1
24.0.1
Patch Changes
- c62e1fb: Read
Set-Cookieheaders fromrawHeadersingetAuthCookies.
24.0.0
Major Changes
-
4ee7bd5: What changed?
getServerSideOnlyGraphQLOrgClienthas been removed, you should now usegetServerSideGraphQLClientsinstead.getServerSideGraphQLClientswas revamped from the ground up, it now performs requests against the Kraken GraphQL API directly, without going through the/api/graphqlAPI first. The new implementation builds on top ofgetServerSideOnlyGraphQLOrgClientand replaces it.
Migration guide
- If you're NOT using
getServerSideOnlyGraphQLOrgClientorgetServerSideGraphQLClients:
You don't need to do anything! 🎉
- If you're using
getServerSideOnlyGraphQLOrgClient:
getServerSideOnlyGraphQLOrgClientcan be replaced bygetServerSideGraphQLClients. It now accepts additional options, such assetCustomHeadersanduseSecureCookie, but the functions are compatible:import {
- getServerSideOnlyOrgGraphQLClient,
+ getServerSideGraphQLClients,
} from '@krakentech/blueprint-auth';- const { organizationScopedGraphQLClient } = getServerSideOnlyGraphQLOrgClient({
+ const { organizationScopedGraphQLClient } = getServerSideGraphQLClients({- If you're using
getServerSideGraphQLClients:
The
graphqlApiRouteparameter was renamedkrakenGraphqlApiRouteto make the change explicit:const { userScopedGraphQLClient, organizationScopedGraphQLClient } = getServerSideGraphQLClients({
- graphqlApiRoute: `${getVercelOrigin()}/api/graphql`,
+ krakenGraphqlApiRoute: "https://api.clientcode-kraken.energy/v1/graphql/",
context,
})The return type was changed from
GraphQLClienttoAuthenticatedGraphQLClient, you may need to change or replace types in functions handling server-side GraphQL client instances:function agreementQueryOptions(
- client: GraphQLClient,
+ client: GraphQLClient | AuthenticatedGraphQLClient,
variables: VariablesOf<typeof AgreementQuery>
) { ... }The new implementation uses the same environment variables you've probably already using for the
/api/graphqlhandler:- Vercel EdgeConfig store:
EDGE_CONFIGVERCEL_TEAM_IDVERCEL_AUTH_TOKEN
- Encryption:
AUTH_ENCRYPTION_KEYAUTH_ENCRYPTION_IV
- Kraken:
KRAKEN_ORGANIZATION_KEYKRAKEN_X_CLIENT_IP_SECRET_KEY
However, in case you're using custom names or need to override those values, you could provide the configuration explicitly as well. Here is how environment variables and configuration options map with each other:
const { userScopedGraphQLClient, organizationScopedGraphQLClient } =
getServerSideGraphQLClients({
krakenGraphqlApiRoute: "https://api.clientcode-kraken.energy/v1/graphql/",
context,
config: {
krakenConfig: {
organizationSecretKey: process.env.KRAKEN_ORGANIZATION_KEY,
xClientIpSecretKey: process.env.KRAKEN_X_CLIENT_IP_SECRET_KEY,
},
edgeConfig: {
envVar: process.env.EDGE_CONFIG,
teamId: process.env.VERCEL_TEAM_ID,
authToken: process.env.VERCEL_AUTH_TOKEN,
},
encryption: {
key: process.env.AUTH_ENCRYPTION_KEY,
iv: process.env.AUTH_ENCRYPTION_IV,
},
},
});The configuration object also has two fields that do not map to environment variables, if you need them then they should look familiar:
const { userScopedGraphQLClient, organizationScopedGraphQLClient } =
getServerSideGraphQLClients({
krakenGraphqlApiRoute: "https://api.clientcode-kraken.energy/v1/graphql/",
context,
config: {
// optional, default: true, set to false during tests if you need to access cookie values
useSecureCookie: process.env.NODE_ENV === "test",
// optional, set custom headers for every request made with the client instance
setCustomHeaders(headers) {
headers.set("x-custom-header", "my-custom-header-value");
},
},
});
23.1.0
Minor Changes
- 27d2201:
graphqlHandler: return an error if the request has noqueryin itsbody.
23.0.0
Major Changes
-
3107a9a: Remove the
/serversubmodule since there's currently an issue when using it together with Vitest.The initial motivation behind this change was so that consumers could upgrade to Next.js v15 without any issues but we'll have to first figure out how to make the
/serversubmodule work together with Vitest.We're reverting this change for now so that we can push other changes to the auth package.
import {
authMiddleware,
getServerSideGraphQLClients,
getServerSideOnlyOrgGraphQLClient,
getSessionData,
graphqlHandler,
krakenOAuthHandler,
loginHandler,
logoutHandler,
sessionHandler,
updateOrgTokenHandler
- } from '@krakentech/blueprint-auth/server';
+ } from '@krakentech/blueprint-auth';
22.0.0
Major Changes
-
7e16955:
getSessionDatadata is now available on the/serversubmodule.- import { getSessionData } from '@krakentech/blueprint-auth';
+ import { getSessionData } from '@krakentech/blueprint-auth/server';
21.0.1
Patch Changes
- f243619: Add more logging to getServerSideOnlyGraphQLClient
21.0.0
Major Changes
-
cdfde0d: Separate client and server code by moving every api route handler and the middleware handler into a
/serversubmodule. This is specially useful for consumers that are looking to bump next to v15. Without this, the consumer would be greated with compilation errors due to the fact that, for example, we would have references to client code (createContext,useContext, etc) in the server code.import {
authMiddleware,
getServerSideGraphQLClients,
getServerSideOnlyOrgGraphQLClient,
getSessionData,
graphqlHandler,
krakenOAuthHandler,
loginHandler,
logoutHandler,
sessionHandler,
updateOrgTokenHandler
- } from '@krakentech/blueprint-auth';
+ } from '@krakentech/blueprint-auth/server';
20.2.1
Patch Changes
- 5c028e4: Improve
getServerSideOnlyOrgGraphQLClientconfig validation logs.
20.2.0
Minor Changes
- f4cefa4: graphqlHandler: prevent mutations whenever the app is being ran locally (dev mode) + pointing to a production kraken graphql endpoint. This is to prevent accidental mutations to the production database.
20.1.0
Minor Changes
-
1b105b1: ## What's changed?
This change introduces a new function -
getServerSideOnlyOrgGraphQLClient, which returns an object with a propertyorganizationScopedGraphQLClient. This is designed to:- Replace the
organizationScopedGraphQLClientingetServerSideGraphQLClients - essentially replace from
organizationScopedGraphQLClientinuseGraphQLClients.
Both of these existing approaches have been deprecated. We say essentially in 2. because, it's not a direct replacement - the practice of making organisation scoped requests from the client (where the client gets to define the request and the variables) is fundamentally insecure. All requests made to organisation scoped mutations or queries should be made from the server directly to the API. This is what is accomplished with our new hook and client.
How do I upgrade?
Requests currently made on the server
Here is a diff of a code example to explain a simple replacement on a server side call
import {
- getServerSideGraphQLClients,
+ getServerSideOnlyOrgGraphQLClient
} from '@krakentech/blueprint-auth';
const thirdPartyViewerQuery = gql`
query {
thirdPartyViewer {
name
}
}
`;
const Page = ({
thirdPartyViewerData,
}: {
thirdPartyViewerData: ThirdPartyViewerData;
}) => {
return (
<Stack flexDirection="column" gap="sm">
<Typography>
Third Party Viewer: {thirdPartyViewerData.thirdPartyViewer.name}{' '}
<i>(org scoped request)</i>
</Typography>
</Stack>
);
};
export const getServerSideProps: GetServerSideProps = async (context) => {
- const { organizationScopedGraphQLClient } =
- getServerSideGraphQLClients({
- graphqlApiRoute: 'https://localhost:3000/api/graphql/',
- context,
- });
+ const { organizationScopedGraphQLClient } =
+ await getServerSideOnlyOrgGraphQLClient({
+ krakenGraphqlApiUrl: 'https://api.clientcode-kraken.energy/v1/graphql/',
+ context,
+ config,
+ });
+ }
const thirdPartyViewerData =
await organizationScopedGraphQLClient.request(
thirdPartyViewerQuery
);
return {
thirdPartyViewerData,
};What will be a bit more involved is replacing client side requests. Let's discuss why:
Client side queries
This one isn't too bad - you can replace a client side query with a server side query in
getServerSidePropsorgetStaticProps. As a rule of thumb, it probably makes more sense to usegetServerSidePropssince otherwise we could end up displaying stale data.Client side mutations
This one is more complicated. Let's use the example of
createAccountat the end of the join process. We want to call this on form submit, so it feels like we need to call it on the client side. However, this exposes this request to the client and let's anyone call this with any values. If that was acceptable, we should probably remove the organisation authentication all together and just use standard rate limiting - which there is precedence for - see slack discussion and example Kraken core PR.If organisation authentication is required for a mutation, we need to make a custom local API endpoint, which exposes only the specific mutation and appropriate input fields. Here is an example.
import type { NextApiRequest, NextApiResponse } from "next";
import { SelectProductsMutation } from "@/src/features/onboarding/graphql/mutations/select-products";
import {
getKrakenErrorDetails,
isKrakenErrorResponse,
} from "@krakentech/blueprint-api";
import { withSentry } from "@sentry/nextjs";
import { getServerSideGraphQLClient } from "../../lib/graphql/server-org-client";
export const config = {
api: {
externalResolver: true,
},
};
export class APIURLError extends Error {
APIURL;
constructor(msg: string, APIURL: string) {
super(`${msg}, APIURL: ${APIURL}`);
// Set the prototype explicitly.
Object.setPrototypeOf(this, APIURLError.prototype);
this.APIURL = APIURL;
}
}
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
// Verify that the request method is POST
if (req.method !== "POST") {
res.status(405).end();
return;
}
try {
const body = JSON.parse(req.body);
const quoteCode = body.quoteCode as string;
const selectedQuotedProductIds =
body.selectedQuotedProductIds as string[];
const { organizationScopedGraphQLClient } =
await getServerSideGraphQLClient();
const response = await organizationScopedGraphQLClient.request(
SelectProductsMutation,
{
input: {
quoteCode,
selectedQuotedProductIds,
},
}
);
res
.status(200)
.setHeader(
"Cache-Control",
"no-cache, no-store, max-age=0, must-revalidate"
)
.json(response);
} catch (error) {
if (error instanceof APIURLError) {
res.status(400).json({ data: null, errors: [error] });
return;
}
// Type guard to check if the error is a Kraken error response
if (!isKrakenErrorResponse(error)) {
res.status(400).json({ data: null, errors: [error] });
return;
}
// Error is krakenErrorResponse type
const [firstError] = error.response.errors;
const { errorDescription, errorCode } = getKrakenErrorDetails(firstError);
const errors = [{ errorDescription, errorCode }];
res.status(400).json({
data: null,
errors,
});
}
};
export default withSentry(handler);You can then call that API endpoint in client side code using something like this:
const response = await fetch(`/api/select-products`, {
method: "POST",
body: JSON.stringify({
quoteCode: data.quoteRequest.code,
selectedQuotedProductIds: filteredOffering.products.map(
(product) => product.id
),
}),
});
await response.json();Configuration options for the client
The values here are the defaults set by Blueprint - if you set these values in your env file they will get picked up automatically, or you can pass them in explicitly.
const config: KrakenOrgConfigOptions = {
krakenConfig: {
// the secret key for the organisation you want to authenticate as
organizationSecretKey: process.env.KRAKEN_ORGANIZATION_KEY,
// the secret key used for your kraken to override the ip address for requests for rate limiting purposes
xClientIpSecretKey: process.env.KRAKEN_X_CLIENT_IP_SECRET_KEY,
// a value to use to override the x-client-ip address passed to Kraken.
// This is useful if your build process or e2e tests are getting rate limited by a localhost ip address.
xClientIpOverride: "",
},
edgeConfig: {
// edge config string for the project, used for caching encrypted org tokens
envVar: process.env.EDGE_CONFIG,
// vercel team id
teamId: process.env.VERCEL_TEAM_ID,
// vercel auth token
authToken: process.env.VERCEL_AUTH_TOKEN,
},
encryption: {
// the encryption key used to encrypt the cached org tokens
key: process.env.AUTH_ENCRYPTION_KEY,
// the IV used to encrypt the cached org tokens
iv: process.env.AUTH_ENCRYPTION_IV,
},
}; - Replace the
20.0.0
Patch Changes
- Updated dependencies [ebf8ae7]
- @krakentech/blueprint-api@0.5.0
19.0.0
Major Changes
-
a76860e:
authMiddleware: change theresprop to expect aNextResponseinstead oftypeof NextResponse. This way the user can pass a customNextResponseinstance and this middleware utility fn won't have to be the first one in the chain.import { NextResponse } from 'next/server';
await authMiddleware({
req,
- res: NextResponse,
+ res: NextResponse.next(), // or a custom NextResponse coming from another utility fn, for example.
...
18.3.0
Minor Changes
- d7e7514: Export getSessionData fn so that consumers can use it to retrieve session data server-side
18.2.0
Minor Changes
- 0097446:
useLogin: add ashouldRedirectToNextPageprop so that consumers can disable the default behaviour of redirecting to the page in thenextPagequery parameter after login (or theAuthProvider.appRoutes.dashboardas a fallback). It'strueby default.
18.1.0
Minor Changes
- 8cd8c49:
sessionHandler+useSession:isAuthenticatedis nowtrueif theMWAuthTokencookie is set (by Flapjack) and return an additionalisMobileWebViewwhen it is as well so that consumers can conditionally renders parts of the app if the user is seeing the website through a mobile WebView.
18.0.1
Patch Changes
-
90aef5a: Refactor and rename isValidURL function and its usages.
Rename isValidUrl -> validateURL
validateURL returns an object
{valid: boolean, error?: Error}
18.0.0
Major Changes
-
0e45b12: - Refactored
setKrakenAuthTokenOverrideHeaderto acceptheadersas a prop- Now accepts
headersobject as a prop
Update all
setKrakenAuthTokenOverrideHeader://Before
setKrakenAuthTokenOverrideHeader(token);
// After
const headers = new Headers();
setKrakenAuthTokenOverrideHeader({ token, headers }); - Now accepts
17.0.0
Major Changes
-
3a618e1:
authMiddleware: change the way we pass in props related to theappRoutesin order to allow further route specific configurations.- The
anon,masqueradeanddashboardroutes now support a custom success/error responses. - Previously we had a bunch of properties that were related to a single app route at the root of the
authMiddlewareprops and now they are nested under their respectiveappRouteskey. For example:getPreSignedKeytoappRoutes.anon.getPreSignedKey.
Before
{
appRoutes: {
anon: '/anon',
dashboard: '/dashboard',
login: '/login',
masquerade: '/masquerade',
},
dashboardRouteAllowList: [...],
getPreSignedKey: () => {},
getUserIdAndMasqueradeToken: () => {},
}After
appRoutes: {
anon: {
path: '/anon',
getPreSignedKey: () => {},
customSuccessResponse: () => {},
customErrorResponse: () => {},
},
dashboard: {
path: '/dashboard',
allowList: [...],
customSuccessResponse: () => {},
customErrorResponse: () => {},
},
login: {
path: '/login',
},
masquerade: {
path: '/masquerade',
getUserIdAndMasqueradeToken: () => {},
customSuccessResponse: () => {},
customErrorResponse: () => {},
},
}, - The
16.5.0
Minor Changes
- 4195e36:
authMiddleware: support authenticated webviews. If theMWAuthTokencookie is present, the user can now navigate to a protected route (usually dashboard pages) and if they try to access theloginpage, they will be redirected to thedashboardpage.
Patch Changes
- aa5d908: Remove sub, authProvider cookies when there is no refreshToken
16.4.0
Minor Changes
-
b623770:
redirectToNextPage: do not redirect anywhere if both thenextPageurl search param is invalid or thefallbackisn't provided.Export
nextPageParamas a named export so that consumers can use it to create their own custom redirects.
16.3.0
Minor Changes
-
8ce59bc: authMiddleware: support additional url search params when handling the "nextPage". Now if the user tries to go to a protected route, say,
/dashboard/accounts/A-123456?referralCode=123while unauthenticated, the user will still be redirected to the login page and after successful login, the user will be redirected to the original URL with the search params intact.Before:
/dashboard/accounts/A-123456?referralCode=123->/login?nextPage=/dashboard/accounts/A-123456->/dashboard/accounts/A-123456After:/dashboard/accounts/A-123456?referralCode=123->/login?nextPage=/dashboard/accounts/A-123456&referralCode=123->/dashboard/accounts/A-123456?referralCode=123
16.2.2
Patch Changes
- 5cab6d6: authMiddleware: only redirect users that navigate to the /login page to the /dashboard if they are "truly" authenticated, essentially if both the refresh and access tokens are stored in cookies.
16.2.1
Patch Changes
- 7c045a7:
graphqlHandler: only check for query operation definitions (instead of checking for fragment definitions as well) to determine if a query operation is allowed to be executed whenever the request is meant to be org scoped. This is to prevent thegraphqlHandlerfrom blocking queries that contain fragment definitions.
16.2.0
Minor Changes
- 3a548f1: graphqlHandler: add
allowedOrganizationScopedOperationsprop. This change allows consumers to specify which operations are allowed to be organization scoped.
16.1.5
Patch Changes
-
c8f5124: updateOrgTokenHandler: return meaningfull error status codes and log errors:
- 401 if the
CRON_SECRETenv var is not set - 500 if the either the
ObtainKrakenTokenmutation fails or thePATCHrequest (to update the org token in the project's Edge Config Store) to Vercel's API fails
- 401 if the
16.1.4
Patch Changes
-
62348cc: updateOrgTokenHandler: properly handle errors coming from Vercel's API requests so that we are able to debug errors in the future
Add a bunch of logs to the
authMiddlewareand the other api route handlers error states in order to facilitate debugging in the future.
16.1.3
Patch Changes
- 35a249b: graphqlHandler: in production, fallback to fetching a new organization token from Kraken if the organization token is either missing or expired (in the Edge Config). Previously we were (also) trying to update the token in the Edge Config, but it turns out that it can be quite tricky to do so if a lot of users are trying to access the service at the same time. This change should make the service more resilient to token expiration issues.
16.1.2
Patch Changes
- 0f8e270: Improve server error logs by always passing the error itself
16.1.1
Patch Changes
- 2fa0ba6: Update Next to latest minor version
16.1.0
Minor Changes
-
3705584: ### Summary of Changes
- Implemented OAuth Refresh Token Flow: Added middleware and specifications to handle the OAuth refresh token flow, ensuring access tokens are refreshed automatically.
- Enhanced Error Handling: Introduced an
onErrorhandler to manage errors during the token refresh process and ensure proper cleanup of cookies. - Updated Cookie Management: Added the
authProvidercookie to various flows (standard login, masquerade login and oAuth login) to track and manage authentication providers. - Extended Configuration: Introduced new properties to the
krakenConfigfor configuration management of oAuth. - Improved Schema Validation: Enhanced the schema with an optional
errorproperty to handle error scenarios more gracefully. - Cleaned Up Codebase: Removed unnecessary
oauthClientSecretusages.
16.0.0
Major Changes
-
fb46a39: It's only a major bump because you need to provide a new
appRoute.dashboardto theAuthProvider.With these changes, you no longer have to add redirect logic to your login route. If the user is already authenticated and tries to go to the login route, they will be redirected to the nextPage url if there is one (and it's valid), otherwise they will be redirected to the dashboard. The redirect logic has been also added to the on the
onSuccescallback of theuseLoginhook for your convenience as well.
15.2.0
Minor Changes
- 697774b: Turn the
AuthProvider.handlersprop optional and provide a defaultonLoginErrorimplementation that redirects the user to the same page with anerrorquery parameter.
15.1.0
Minor Changes
-
c82d066: Create url related helpers so that consumers can redirect users to the page in the
nextPageparam safely:redirectToNextPage- Redirects to the page in thenextPageparam if it is a valid URL by sanitizing it.setNextPageSearchParam- Sets thenextPagesearch param in the URL in you need it manually in your app.
15.0.0
Patch Changes
- ac9cc96: Fix useLogin hook so that the onSuccess and onError callbacks are called correctly
- Updated dependencies [66a8c3f]
- @krakentech/blueprint-api@0.4.0
14.0.1
Patch Changes
- 8a4ff09: Updates Typescript and adds noUncheckedIndexedAccess rule to utils package
14.0.0
Major Changes
-
3e711cf: In order to make it more clear where to use the
getGraphQLClientfunction, it has been renamed togetServerSideGraphQLClientsand it returns auserScopedGraphQLClientandorganizationScopedGraphQLClient, much like theuseGraphQLClientshook (which is meant to be used client-side).This means that, if you weren't using the
getGraphQLClientfunction, you don't have to do anything.
13.0.0
Major Changes
-
88bea42: > This is only a "major" release if you're making organization scoped requests to the Kraken API. If you're only making user scoped requests, you don't have to do anything.
Persist the organization token in Vercel's edge config instead of cookies so that every user's session can use the same token to make requests to the organization's GraphQL API. This will make it virtually impossible to hit the rate limit surrounding the
obtainKrakenTokenmutation.Required changes:
- The
graphqlHandlerrequires a newedgeConfigproperty. - Creating a new API route to handle the periodic updates of the organization token in the edge config that uses the
updateOrgTokenHandlerfunction. - Adding it to the
vercel.jsoncrons array and set it to run every X minutes where X is the token's expiration time minus a few minutes. (e.g. 55 minutes for a 1-hour token) - Create or connect to a Edge Config Store in your Vercel project. ->
https://vercel.com/<team-id>/<project-id>/stores
There's more detailed information in the blueprint-auth documentation.
- The
12.1.0
Minor Changes
-
70234a2: Add the
x-client-ip-authorizationheader to every server request (if provided). This header is used by Kraken to prevent valid server-side requests, which originate from a single/pool of IPs (this will be the case if you host your app in Vercel for example), from being erroneously rate-limited. More information can be found on this Kraken announcement.If you want this header to be set, you need to pass in a
krakenConfig.xClientIpSecretKeyto thegraphqlHandler,loginHandlerandauthMiddlewarefunctions.
12.0.1
Patch Changes
- 71aaf73: Retry organization scoped requests if we use an invalid/expired token as the auth header value
- a715956: Fix the createEncryptionUtils so that they don't return an error if the encryption/decryption fails for some reason (if the key/iv pair used to decrypt a token is different than the one used to encrypt it, for example)
- 96d702e: Make the getAuthToken usable in both middleware and api routes
12.0.0
Major Changes
- 931f912: Upgrade to react-query 5
11.0.0
Major Changes
- bfa2843: - Remove support for relative paths in the
getGraphQLClientfunction. The reason being: react's first render happens on the server wherewindowisundefined. This means that consumers would either have to pass an absolute path anyway or wrap the client in auseEffectwhich is less than ideal.- Create a new
useGraphQLClientshook that returns authenticated kraken graphql clients for client-side use. - The
AuthProviderrequires a newapiRoute.graphqlprop which is the path to the graphql endpoint. This is required for theuseGraphQLClientshook to work.
- Create a new
10.0.2
Patch Changes
- 3e8dd70: Fix getAuthToken function: previously it doesn't didn't return the correct authToken in preview/prod deployments
10.0.1
Patch Changes
- 0500d69: Fix the way we determine which token we pass to the auth header when the request is made on the server (getServerSideProps)
10.0.0
Major Changes
- 5baa598: - Remove the
getOrganizationScopedGraphQLClientfunction in favor of having a singlegetGraphQLClientfunction that takes ascopeargument to choose between organization and user scoped clients.- Assert the origin of the url automatically when used on the client or in
getServerSideProps. This means that you only have to pass a relative path to thegraphqlApiRouteprop of thegetGraphQLClientfunction.http://localhost:3000/api/graphql->/api/graphqlessentially. getGraphQLClientnow requires thecontextto be passed instead of just thereqobject when used server-side.
- Assert the origin of the url automatically when used on the client or in
9.5.2
Patch Changes
- 09e2ee0: Make both graphql helpers (
getGraphQLClientandgetOrganizationGraphQLClient) use the automatically set (by Vercel)VERCEL_AUTOMATION_BYPASS_SECRETenvironment variable to bypass the authentication check instead of requiring consumers to manually create and maintain aNEXT_PUBLIC_VERCEL_AUTOMATION_BYPASS_SECRETenvironment variable.
9.5.1
Patch Changes
- 5f66908: Make getGraphQLClient req prop optional so that it can be used on the client without type errors
9.5.0
Minor Changes
- 941744c: Refresh access token when we get a token invalid error
9.4.1
Patch Changes
- b71a990: Remove errors array from our api responses so that we return success responses the same way Kraken does
9.4.0
Minor Changes
- 1e086a3: Add useKrakenAuthErrorHandler hook to auth package
9.3.0
Minor Changes
- 4025416: Persist the (encrypted) organization token so that apps don't need to get a token everytime they need to make organization scoped requests
9.2.1
Patch Changes
- a2ed98e: Allow auth header override for edge cases where the consumer can't adhere to the "normal" way of authenticating requests (this can happen specially due to backend constraints)
9.2.0
Minor Changes
- 702ca06: Add handling for EXPIRED_REFRESH_TOKEN error in API. We found this was missing following an API change which expired tokens early when an email address or password is changed. Previously the cookie which held the refresh token would disappear when the token expired in a more predictable way.
9.1.0
Minor Changes
- dc658fd: Make our graphql client helpers bypass Vercel Deployment Protection
Patch Changes
- dc658fd: getOrganizationScopedGraphQLClient: use a custom header (x-kraken-organization-scoped-request) instead of a cookie since we can't set cookies on the client. Error: Refused to set unsafe header "set-cookie"
- b956213: Fix login error responses to include errors in expected format and returns full errors from graphql API from
graphqlHandler;
9.0.0
Major Changes
-
dd4867f: Improve organization scoped requests. Some prop naming changes for better clarity/consistency among the api route/middleware handlers:
krakenGraphqlEndpoint->krakenConfig: { graphqlEndpoint }- the
graphqlHandlernow requires anorganizationSecretKey->krakenConfig: { graphqlEndpoint, organizationSecretKey } - the
getOrganizationScopedGraphQLClientno longer needs thekrakenConfigobject to be passed in
8.0.0
Major Changes
-
163ffa8: Consistency improvemets, these shouldn't affect anyone but they might if you were using the
scopedKrakenTokencookie key for example:- Standardized the naming of the cookie keys. Essentially renamed
scopedKrakenTokentoscopedTokensince this was the only cookie that was using theKrakenprefix. - Standardized json responses for all the endpoints, now all the endpoints will return a json response with the same structure. (
dataanderrorsand will always have a200status code like every graphql response)
- Standardized the naming of the cookie keys. Essentially renamed
Patch Changes
- 2cd1b7c: Remove hashing of the sub cookie value
7.3.0
Minor Changes
- b05ed44: Added possibility to pass through the client request header
7.2.0
Minor Changes
- 789206c: Add dashboardRouteAllowList prop to authMiddleware. This prop makes it possible for consumers to bypass the dashboard route guarding. This is useful when you need to allow access to pages that live inside the dashboard folder without requiring the user to be authenticated. Without this, the authMiddleware would redirect the user to the login page (if they are not authenticated) instead.
7.1.0
Minor Changes
- a84f02a: Support authenticated WebViews by checking if there is a MWAuthToken present within the request
- be3a9c9: Add getGraphQLClient and getOrganizationScopedGraphQLClient so that consumers can make server side requests more easily
Patch Changes
- be3a9c9: Rename obtainKrakenTokenQuery to obtainKrakenTokenMutation since it is a mutation not a query
7.0.0
Patch Changes
- Updated dependencies [8bda073]
- @krakentech/blueprint-api@0.3.0
6.0.0
Major Changes
-
85b8ab3: Rename props so it's more clear what is what
authMiddleware:graphqlEndpoint->krakenGraphqlEndpointauthMiddleware:routes->appRouteskrakenOAuthHandler: removedredirectUriandtokenUrikrakenOAuthHandler: addedkrakenConfigobject withauthEndpoint,clientIdandclientSecretkrakenOAuthHandler: addedappRoutesobject withlogin,logoutandkrakenOAuth. These are used to handle the request, and its error/success redirect responses
5.0.0
Patch Changes
- Updated dependencies [a0bd6b8]
- @krakentech/blueprint-api@0.2.0
4.1.0
Minor Changes
- b9e6a8e: Unify redirect url params, we now add a single "error" url param with either the errorCode we get from Kraken or a sensible fallback.
4.0.1
Patch Changes
- f6d4291: Fix kraken-oauth api handler by adding return
4.0.0
Major Changes
- 3697d07: Remove /dist/middleware submodule, consumers can import the authMiddleware function directly from '@krakentech/blueprint-auth'
Minor Changes
- fb8e049: Add Kraken OAuth to auth package
3.0.0
Patch Changes
- Updated dependencies [c5c0279]
- @krakentech/blueprint-api@0.1.0
2.0.0
Patch Changes
- Updated dependencies [c19dadc]
- @krakentech/blueprint-utils@1.0.0
1.0.1
Patch Changes
- 3e6520f: Prevent getAuthToken from returning early with an empty string
1.0.0
Patch Changes
- fa19fd0: Support cookies from the server (cookies set by middleware in serverSideProps are still in the set-cookie header instead of the cookie header)
- 35ff94a: Add seperate @blueprint/utils modules for stripe and i18n
- Updated dependencies [35ff94a]
- @krakentech/blueprint-utils@0.3.0
0.3.2
Patch Changes
- 583d413: Fix typo prefecthSession -> prefetchSession and make the function accept context instead of just the req
0.3.1
Patch Changes
- 203ba07: Create prefetchSession function and allow custom login/portfolio redirect urls
0.3.0
Minor Changes
- 8419c83: Allow null as the preSignedKey value (getPreSignedKey)
0.2.2
Patch Changes
- Updated dependencies [57bbdd9]
- @krakentech/blueprint-utils@0.2.6
0.2.1
Patch Changes
- 739f0ed: - Make anon routes optional (routes that rely on pre signed keys)
- Accept an array of anon routes
0.2.0
Minor Changes
- 823b48e: Add graphql api route handler
0.1.1
Patch Changes
- Updated dependencies [a9aa708]
- @krakentech/blueprint-utils@0.2.5
0.1.0
Minor Changes
-
91e4a2c: First version of the
blueprint-authpackage. This release includes the following features available as imports:next.config.jshelper:withBlueprintAuth(meant to be used in thewebpackconfig of a Next.js app)- API Route Handlers:
loginHandler,logoutHandler,sessionHandler - Middleware:
authMiddleware - Provider:
AuthProvider(provides context for the hooks) - Hooks:
useLogin,useLogout,useSession