diff --git a/README.md b/README.md index 45c5f608..4b13f9bf 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ### 1. Install the SDK ```shell -npm i @auth0/nextjs-auth0@4.0.0-beta.11 +npm i @auth0/nextjs-auth0@4.0.0-beta.12 ``` ### 2. Add the environment variables diff --git a/V4_MIGRATION_GUIDE.md b/V4_MIGRATION_GUIDE.md index 4e611d29..948a1570 100644 --- a/V4_MIGRATION_GUIDE.md +++ b/V4_MIGRATION_GUIDE.md @@ -241,3 +241,4 @@ If you'd like to customize the `user` object to include additional custom claims - All cookies set by the SDK default to `SameSite=Lax` - `touchSession` method was removed. The middleware enables rolling sessions by default and can be configured via the [session configuration](https://github.com/auth0/nextjs-auth0/tree/v4?tab=readme-ov-file#session-configuration). - `getAccessToken` can now be called in React Server Components. +- By default, v4 will use [OpenID Connect's RP-Initiated Logout](https://auth0.com/docs/authenticate/login/logout/log-users-out-of-auth0) if it's enabled on the tenant. Otherwise, it will fallback to the `/v2/logout` endpoint. diff --git a/e2e/test-app/pages/api/pages-router/update-session/index.ts b/e2e/test-app/pages/api/pages-router/update-session/index.ts index 4756ecfe..f003d985 100644 --- a/e2e/test-app/pages/api/pages-router/update-session/index.ts +++ b/e2e/test-app/pages/api/pages-router/update-session/index.ts @@ -2,11 +2,9 @@ import type { NextApiRequest, NextApiResponse } from "next" import { auth0 } from "@/lib/auth0" -type ResponseData = - | {} - | { - error: string - } +type ResponseData = { + error?: string +} export default async function handler( req: NextApiRequest, diff --git a/e2e/test-app/pnpm-lock.yaml b/e2e/test-app/pnpm-lock.yaml index 97eef87d..e66762a8 100644 --- a/e2e/test-app/pnpm-lock.yaml +++ b/e2e/test-app/pnpm-lock.yaml @@ -2366,8 +2366,8 @@ snapshots: '@typescript-eslint/parser': 8.14.0(eslint@8.57.1)(typescript@5.6.3) eslint: 8.57.1 eslint-import-resolver-node: 0.3.9 - eslint-import-resolver-typescript: 3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0)(eslint@8.57.1) - eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-typescript@3.6.3)(eslint@8.57.1) + eslint-import-resolver-typescript: 3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint@8.57.1))(eslint@8.57.1) + eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint@8.57.1))(eslint@8.57.1))(eslint@8.57.1) eslint-plugin-jsx-a11y: 6.10.2(eslint@8.57.1) eslint-plugin-react: 7.37.2(eslint@8.57.1) eslint-plugin-react-hooks: 5.0.0(eslint@8.57.1) @@ -2386,37 +2386,37 @@ snapshots: transitivePeerDependencies: - supports-color - eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0)(eslint@8.57.1): + eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint@8.57.1))(eslint@8.57.1): dependencies: '@nolyfill/is-core-module': 1.0.39 debug: 4.3.7 enhanced-resolve: 5.17.1 eslint: 8.57.1 - eslint-module-utils: 2.12.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.3)(eslint@8.57.1) + eslint-module-utils: 2.12.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint@8.57.1))(eslint@8.57.1))(eslint@8.57.1) fast-glob: 3.3.2 get-tsconfig: 4.8.1 is-bun-module: 1.2.1 is-glob: 4.0.3 optionalDependencies: - eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-typescript@3.6.3)(eslint@8.57.1) + eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint@8.57.1))(eslint@8.57.1))(eslint@8.57.1) transitivePeerDependencies: - '@typescript-eslint/parser' - eslint-import-resolver-node - eslint-import-resolver-webpack - supports-color - eslint-module-utils@2.12.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.3)(eslint@8.57.1): + eslint-module-utils@2.12.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint@8.57.1))(eslint@8.57.1))(eslint@8.57.1): dependencies: debug: 3.2.7 optionalDependencies: '@typescript-eslint/parser': 8.14.0(eslint@8.57.1)(typescript@5.6.3) eslint: 8.57.1 eslint-import-resolver-node: 0.3.9 - eslint-import-resolver-typescript: 3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0)(eslint@8.57.1) + eslint-import-resolver-typescript: 3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint@8.57.1))(eslint@8.57.1) transitivePeerDependencies: - supports-color - eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-typescript@3.6.3)(eslint@8.57.1): + eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint@8.57.1))(eslint@8.57.1))(eslint@8.57.1): dependencies: '@rtsao/scc': 1.1.0 array-includes: 3.1.8 @@ -2427,7 +2427,7 @@ snapshots: doctrine: 2.1.0 eslint: 8.57.1 eslint-import-resolver-node: 0.3.9 - eslint-module-utils: 2.12.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.3)(eslint@8.57.1) + eslint-module-utils: 2.12.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.3(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.14.0(eslint@8.57.1)(typescript@5.6.3))(eslint@8.57.1))(eslint@8.57.1))(eslint@8.57.1) hasown: 2.0.2 is-core-module: 2.15.1 is-glob: 4.0.3 diff --git a/package.json b/package.json index f992db3a..b396bd52 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@auth0/nextjs-auth0", - "version": "4.0.0-beta.11", + "version": "4.0.0-beta.12", "description": "Auth0 Next.js SDK", "scripts": { "build": "tsc", diff --git a/src/server/auth-client.test.ts b/src/server/auth-client.test.ts index 0db250f6..b56f4c0d 100644 --- a/src/server/auth-client.test.ts +++ b/src/server/auth-client.test.ts @@ -4007,38 +4007,6 @@ ca/T0LLtgmbMmxSv/MmzIg== }) }) }) - - describe("allowInsecureRequests", async () => { - it("should now allow setting allowInsecureRequests when NODE_ENV is set to `production`", async () => { - process.env.NODE_ENV = "production" - const secret = await generateSecret(32) - const transactionStore = new TransactionStore({ - secret, - }) - const sessionStore = new StatelessSessionStore({ - secret, - }) - expect( - () => - new AuthClient({ - transactionStore, - sessionStore, - - domain: DEFAULT.domain, - clientId: DEFAULT.clientId, - clientSecret: DEFAULT.clientSecret, - - secret, - appBaseUrl: DEFAULT.appBaseUrl, - - fetch: getMockAuthorizationServer(), - allowInsecureRequests: true, - }) - ).toThrowError( - "Insecure requests are not allowed in production environments." - ) - }) - }) }) const _authorizationServerMetadata = { diff --git a/src/server/auth-client.ts b/src/server/auth-client.ts index cbb8dbdc..7f311204 100644 --- a/src/server/auth-client.ts +++ b/src/server/auth-client.ts @@ -137,8 +137,8 @@ export class AuthClient { this.allowInsecureRequests = options.allowInsecureRequests ?? false if (this.allowInsecureRequests && process.env.NODE_ENV === "production") { - throw new Error( - "Insecure requests are not allowed in production environments." + console.warn( + "allowInsecureRequests is enabled in a production environment. This is not recommended." ) } diff --git a/src/server/client.ts b/src/server/client.ts index b7d32f4d..ac957eb5 100644 --- a/src/server/client.ts +++ b/src/server/client.ts @@ -152,12 +152,6 @@ export class Auth0Client { if (protocol === "https:") { cookieOptions.secure = true } - - if (process.env.NODE_ENV === "production" && !cookieOptions.secure) { - console.warn( - `The application's base URL (${appBaseUrl}) is not set to HTTPS. This is not recommended for production environments.` - ) - } } this.transactionStore = new TransactionStore({