From 7dacab8b759967772b8a866bd0938e3c8356908f Mon Sep 17 00:00:00 2001 From: kenkoooo Date: Thu, 20 Feb 2025 14:54:24 +0900 Subject: [PATCH 1/2] feat: add idToken support in AuthClient Co-authored-by: kenkoooo --- src/server/auth-client.test.ts | 6 ++++++ src/server/auth-client.ts | 3 ++- src/types/index.ts | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/server/auth-client.test.ts b/src/server/auth-client.test.ts index 83997a96..dc6fd43c 100644 --- a/src/server/auth-client.test.ts +++ b/src/server/auth-client.test.ts @@ -2182,6 +2182,7 @@ ca/T0LLtgmbMmxSv/MmzIg== tokenSet: { accessToken: DEFAULT.accessToken, refreshToken: DEFAULT.refreshToken, + idToken: expect.stringMatching(/^eyJhbGciOiJSUzI1NiJ9\..+\..+$/), expiresAt: expect.any(Number) }, internal: { @@ -2289,6 +2290,7 @@ ca/T0LLtgmbMmxSv/MmzIg== }, tokenSet: { accessToken: DEFAULT.accessToken, + idToken: expect.any(String), refreshToken: DEFAULT.refreshToken, expiresAt: expect.any(Number) }, @@ -2633,6 +2635,7 @@ ca/T0LLtgmbMmxSv/MmzIg== tokenSet: { accessToken: DEFAULT.accessToken, refreshToken: DEFAULT.refreshToken, + idToken: expect.any(String), expiresAt: expect.any(Number) }, internal: { @@ -3026,6 +3029,7 @@ ca/T0LLtgmbMmxSv/MmzIg== tokenSet: { accessToken: DEFAULT.accessToken, refreshToken: DEFAULT.refreshToken, + idToken: expect.any(String), expiresAt: expect.any(Number) }, internal: { @@ -3120,6 +3124,7 @@ ca/T0LLtgmbMmxSv/MmzIg== tokenSet: { accessToken: DEFAULT.accessToken, refreshToken: DEFAULT.refreshToken, + idToken: expect.any(String), expiresAt: expect.any(Number) }, internal: { @@ -3249,6 +3254,7 @@ ca/T0LLtgmbMmxSv/MmzIg== tokenSet: { accessToken: DEFAULT.accessToken, refreshToken: DEFAULT.refreshToken, + idToken: expect.any(String), expiresAt: expect.any(Number) }, internal: { diff --git a/src/server/auth-client.ts b/src/server/auth-client.ts index a30900c3..05d1b67c 100644 --- a/src/server/auth-client.ts +++ b/src/server/auth-client.ts @@ -490,6 +490,7 @@ export class AuthClient { user: idTokenClaims, tokenSet: { accessToken: oidcRes.access_token, + idToken: oidcRes.id_token, scope: oidcRes.scope, refreshToken: oidcRes.refresh_token, expiresAt: Math.floor(Date.now() / 1000) + Number(oidcRes.expires_in) @@ -565,7 +566,6 @@ export class AuthClient { } ); } - const res = NextResponse.json({ token: updatedTokenSet.accessToken, scope: updatedTokenSet.scope, @@ -684,6 +684,7 @@ export class AuthClient { const updatedTokenSet = { ...tokenSet, // contains the existing `iat` claim to maintain the session lifetime accessToken: oauthRes.access_token, + idToken: oauthRes.id_token, expiresAt: accessTokenExpiresAt }; diff --git a/src/types/index.ts b/src/types/index.ts index fd6d5e87..fddb60b5 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -1,5 +1,6 @@ export interface TokenSet { accessToken: string; + idToken?: string; scope?: string; refreshToken?: string; expiresAt: number; // the time at which the access token expires in seconds since epoch From 65dbf98eb3f725462dfe46551086baea351ef26a Mon Sep 17 00:00:00 2001 From: Tushar Pandey Date: Fri, 28 Mar 2025 15:49:17 +0530 Subject: [PATCH 2/2] added exampple to access id_token --- EXAMPLES.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/EXAMPLES.md b/EXAMPLES.md index cd6ebda0..220fcbc5 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -185,6 +185,15 @@ export async function middleware(request: NextRequest) { > [!IMPORTANT] > The `request` object must be passed as a parameter to the `getSession(request)` method when called from a middleware to ensure that any updates to the session can be read within the same request. +## Accessing the idToken +`idToken` can be accessed from the session in the following way: + +```js +const session = await auth0.getSession(); +const idToken = session.tokenSet.idToken; +``` + + ## Updating the session The `updateSession` method could be used to update the session of the currently authenticated user in the App Router, Pages Router, and middleware. If the user does not have a session, an error will be thrown.