add workos logic

apps/blog-next/app/api/auth/workos/callback/route.ts

@@ -0,0 +1,10 @@
+import { completeWorkosAuth } from '@holo-js/auth-workos'
+
+export async function GET(request: Request) {
+  const result = await completeWorkosAuth(request)
+  if (!result.ok) {
+    return Response.redirect(new URL(`/login?error=${encodeURIComponent(result.code)}`, request.url))
+  }
+
+  return Response.redirect(new URL('/admin', request.url))
+}

apps/blog-next/app/api/auth/workos/login/route.ts

@@ -0,0 +1,5 @@
+import { loginWithWorkos } from '@holo-js/auth-workos'
+
+export async function GET(request: Request) {
+  return await loginWithWorkos(request)
+}

apps/blog-next/app/api/auth/workos/logout/route.ts

@@ -0,0 +1,10 @@
+import { logoutWithWorkos } from '@holo-js/auth-workos'
+
+export async function POST(request: Request) {
+  const result = await logoutWithWorkos(request)
+  if (!result.ok) {
+    return Response.json(result, { status: 422 })
+  }
+
+  return Response.redirect(result.url, 303)
+}

apps/blog-next/app/api/auth/workos/register/route.ts

@@ -0,0 +1,5 @@
+import { registerWithWorkos } from '@holo-js/auth-workos'
+
+export async function GET(request: Request) {
+  return await registerWithWorkos(request)
+}

apps/blog-next/app/auth-nav.tsx

@@ -18,6 +18,10 @@ const logoutButtonStyle = {
   padding: 0,
 } as const
 
+const logoutFormStyle = {
+  display: 'inline',
+} as const
+
 export function AuthNav() {
   const auth = useAuth()
   const [isLoggingOut, setIsLoggingOut] = useState(false)
@@ -57,6 +61,9 @@ export function AuthNav() {
     <>
       <span style={{ color: '#e5eef8' }}>{displayName}</span>
       <button type="button" disabled={isLoggingOut} onClick={logout} style={logoutButtonStyle}>Logout</button>
+      <form action="/api/auth/workos/logout" method="post" style={logoutFormStyle}>
+        <button type="submit" style={logoutButtonStyle}>Logout from WorkOS</button>
+      </form>
     </>
   )
 }

apps/blog-next/app/login/page.tsx

@@ -47,6 +47,7 @@ export default function LoginPage() {
       <div style={{ display: 'grid', gap: '0.65rem' }}>
         <a href="/auth/google" style={{ color: '#e5e7eb', textDecoration: 'none' }}>Continue with Google</a>
         <a href="/auth/github" style={{ color: '#e5e7eb', textDecoration: 'none' }}>Continue with GitHub</a>
+        <a href="/api/auth/workos/login" style={{ color: '#e5e7eb', textDecoration: 'none' }}>Continue with WorkOS</a>
       </div>
 
       <form onSubmit={(event) => { event.preventDefault(); form.submit() }} style={{ display: 'grid', gap: '0.9rem' }}>
@@ -97,7 +98,7 @@ export default function LoginPage() {
       ) : null}
 
       <div style={{ display: 'flex', gap: '1rem', flexWrap: 'wrap' }}>
-        <Link href="/register" style={{ color: '#7dd3fc' }}>Create account</Link>
+      <Link href="/register" style={{ color: '#7dd3fc' }}>Create account</Link>
         <Link href="/forgot-password" style={{ color: '#7dd3fc' }}>Forgot password?</Link>
       </div>
     </section>

apps/blog-next/app/register/page.tsx

@@ -100,6 +100,7 @@ export default function RegisterPage() {
       ) : null}
 
       <Link href="/login" style={{ color: '#7dd3fc' }}>Already have an account?</Link>
+      <a href="/api/auth/workos/register" style={{ color: '#7dd3fc' }}>Register with WorkOS</a>
     </section>
   )
 }

apps/blog-next/config/auth.ts

@@ -41,7 +41,6 @@ export default defineAuthConfig({
   personalAccessTokens: {
     defaultAbilities: [],
   },
-  socialEncryptionKey: env('AUTH_SOCIAL_ENCRYPTION_KEY'),
   social: {
     google: {
       clientId: env('AUTH_GOOGLE_CLIENT_ID'),
@@ -57,12 +56,11 @@ export default defineAuthConfig({
     },
   },
   workos: {
+    provider: env('AUTH_WORKOS_PROVIDER', 'dashboard'),
     dashboard: {
       clientId: env('WORKOS_CLIENT_ID'),
       apiKey: env('WORKOS_API_KEY'),
-      cookiePassword: env('WORKOS_COOKIE_PASSWORD'),
       redirectUri: env('WORKOS_REDIRECT_URI'),
-      sessionCookie: env('WORKOS_SESSION_COOKIE', "wos-session"),
     },
   },
   // Add a dedicated guard and provider if WorkOS users should resolve through a different model.

apps/blog-next/tests/run.mjs

@@ -40,6 +40,7 @@ let capturedOutput = ''
 function createChildEnv(overrides = {}) {
   const env = {
     ...process.env,
+    APP_NAME: '',
     HOLO_SECURITY_TRUST_PROXY: 'true',
     ...overrides,
   }

apps/blog-nuxt/app/app.vue

@@ -21,6 +21,9 @@ async function logout() {
         <template v-if="authenticated">
           <span class="user-name">{{ displayName }}</span>
           <button type="button" class="logout-button" @click="logout">Logout</button>
+          <form action="/api/auth/workos/logout" method="post" class="logout-form">
+            <button type="submit" class="logout-button">Logout from WorkOS</button>
+          </form>
         </template>
         <template v-else>
           <NuxtLink to="/login">Login</NuxtLink>
@@ -70,6 +73,9 @@ async function logout() {
   cursor: pointer;
   font: inherit;
 }
+.logout-form {
+  display: inline;
+}
 a {
   color: #cbd5e1;
   text-decoration: none;

apps/blog-nuxt/app/pages/login.vue → apps/blog-nuxt/app/pages/login/index.vue

@@ -35,6 +35,7 @@ const form = useForm(loginForm, {
     <div class="social-links">
       <a href="/auth/google">Continue with Google</a>
       <a href="/auth/github">Continue with GitHub</a>
+      <a href="/api/auth/workos/login">Continue with WorkOS</a>
     </div>
 
     <form class="stack" @submit.prevent="form.submit()">

apps/blog-nuxt/app/pages/register.vue → apps/blog-nuxt/app/pages/register/index.vue

@@ -69,6 +69,7 @@ const form = useForm(registerForm, {
     </div>
 
     <NuxtLink to="/login">Already have an account?</NuxtLink>
+    <a href="/api/auth/workos/register">Register with WorkOS</a>
   </section>
 </template>
 

apps/blog-nuxt/config/auth.ts

@@ -41,7 +41,6 @@ export default defineAuthConfig({
   personalAccessTokens: {
     defaultAbilities: [],
   },
-  socialEncryptionKey: env('AUTH_SOCIAL_ENCRYPTION_KEY'),
   social: {
     google: {
       clientId: env('AUTH_GOOGLE_CLIENT_ID'),
@@ -57,12 +56,11 @@ export default defineAuthConfig({
     },
   },
   workos: {
+    provider: env('AUTH_WORKOS_PROVIDER', 'dashboard'),
     dashboard: {
       clientId: env('WORKOS_CLIENT_ID'),
       apiKey: env('WORKOS_API_KEY'),
-      cookiePassword: env('WORKOS_COOKIE_PASSWORD'),
       redirectUri: env('WORKOS_REDIRECT_URI'),
-      sessionCookie: env('WORKOS_SESSION_COOKIE', "wos-session"),
     },
   },
   // Add a dedicated guard and provider if WorkOS users should resolve through a different model.

apps/blog-nuxt/server/api/auth/workos/callback.get.ts

@@ -0,0 +1,12 @@
+import { completeWorkosAuth } from '@holo-js/auth-workos'
+import { sendRedirect } from 'h3'
+
+export default defineEventHandler(async (event) => {
+  const result = await completeWorkosAuth(event)
+  if (!result.ok) {
+    const errCode = result.code ?? 'unknown_error'
+    return await sendRedirect(event, `/login?error=${encodeURIComponent(errCode)}`, 303)
+  }
+
+  return await sendRedirect(event, '/admin', 303)
+})

apps/blog-nuxt/server/api/auth/workos/login.get.ts

@@ -0,0 +1,5 @@
+import { loginWithWorkos } from '@holo-js/auth-workos'
+
+export default defineEventHandler(async (event) => {
+  return await loginWithWorkos(event)
+})

apps/blog-nuxt/server/api/auth/workos/logout.post.ts

@@ -0,0 +1,14 @@
+import { logoutWithWorkos } from '@holo-js/auth-workos'
+import { createError, sendRedirect } from 'h3'
+
+export default defineEventHandler(async (event) => {
+  const result = await logoutWithWorkos(event)
+  if (!result.ok) {
+    throw createError({
+      statusCode: 422,
+      statusMessage: result.message,
+    })
+  }
+
+  return await sendRedirect(event, result.url, 303)
+})

apps/blog-nuxt/server/api/auth/workos/register.get.ts

@@ -0,0 +1,5 @@
+import { registerWithWorkos } from '@holo-js/auth-workos'
+
+export default defineEventHandler(async (event) => {
+  return await registerWithWorkos(event)
+})

apps/blog-nuxt/tests/run.mjs

@@ -43,6 +43,7 @@ let capturedOutput = ''
 function createChildEnv(overrides = {}) {
   const env = {
     ...process.env,
+    APP_NAME: '',
     HOLO_SECURITY_TRUST_PROXY: 'true',
     ...overrides,
   }

apps/blog-sveltekit/config/auth.ts

@@ -41,7 +41,6 @@ export default defineAuthConfig({
   personalAccessTokens: {
     defaultAbilities: [],
   },
-  socialEncryptionKey: env('AUTH_SOCIAL_ENCRYPTION_KEY'),
   social: {
     google: {
       clientId: env('AUTH_GOOGLE_CLIENT_ID'),
@@ -57,12 +56,11 @@ export default defineAuthConfig({
     },
   },
   workos: {
+    provider: env('AUTH_WORKOS_PROVIDER', 'dashboard'),
     dashboard: {
       clientId: env('WORKOS_CLIENT_ID'),
       apiKey: env('WORKOS_API_KEY'),
-      cookiePassword: env('WORKOS_COOKIE_PASSWORD'),
       redirectUri: env('WORKOS_REDIRECT_URI'),
-      sessionCookie: env('WORKOS_SESSION_COOKIE', "wos-session"),
     },
   },
   // Add a dedicated guard and provider if WorkOS users should resolve through a different model.

apps/blog-sveltekit/src/routes/+layout.svelte

@@ -42,6 +42,9 @@
       {#if auth.authenticated}
         <span class="user-name">{displayName}</span>
         <button type="button" class="logout-button" disabled={isLoggingOut} aria-busy={isLoggingOut} onclick={logout}>Logout</button>
+        <form action="/api/auth/workos/logout" method="post" class="logout-form">
+          <button type="submit" class="logout-button">Logout from WorkOS</button>
+        </form>
       {:else}
         <a href="/login">Login</a>
         <a href="/register">Register</a>
@@ -94,6 +97,9 @@
     opacity: 0.6;
     pointer-events: none;
   }
+  .logout-form {
+    display: inline;
+  }
   a {
     color: #cbd5e1;
     text-decoration: none;

apps/blog-sveltekit/src/routes/api/auth/workos/callback/+server.ts

@@ -0,0 +1,11 @@
+import { redirect, type RequestHandler } from '@sveltejs/kit'
+import { completeWorkosAuth } from '@holo-js/auth-workos'
+
+export const GET = (async (event) => {
+  const result = await completeWorkosAuth(event)
+  if (!result.ok) {
+    throw redirect(303, `/login?error=${encodeURIComponent(result.code)}`)
+  }
+
+  throw redirect(303, '/admin')
+}) satisfies RequestHandler

apps/blog-sveltekit/src/routes/api/auth/workos/login/+server.ts

@@ -0,0 +1,6 @@
+import { loginWithWorkos } from '@holo-js/auth-workos'
+import type { RequestHandler } from './$types'
+
+export const GET = (async (event) => {
+  return await loginWithWorkos(event)
+}) satisfies RequestHandler

apps/blog-sveltekit/src/routes/api/auth/workos/logout/+server.ts

@@ -0,0 +1,11 @@
+import { redirect, type RequestHandler } from '@sveltejs/kit'
+import { logoutWithWorkos } from '@holo-js/auth-workos'
+
+export const POST = (async (event) => {
+  const result = await logoutWithWorkos(event)
+  if (!result.ok) {
+    return Response.json(result, { status: 422 })
+  }
+
+  throw redirect(303, result.url)
+}) satisfies RequestHandler

apps/blog-sveltekit/src/routes/api/auth/workos/register/+server.ts

@@ -0,0 +1,6 @@
+import { registerWithWorkos } from '@holo-js/auth-workos'
+import type { RequestHandler } from './$types'
+
+export const GET = (async (event) => {
+  return await registerWithWorkos(event)
+}) satisfies RequestHandler

apps/blog-sveltekit/src/routes/login/+page.svelte

@@ -30,6 +30,7 @@
   <div class="social-links">
     <a href="/auth/google">Continue with Google</a>
     <a href="/auth/github">Continue with GitHub</a>
+    <a href="/api/auth/workos/login">Continue with WorkOS</a>
   </div>
 
   <form class="stack" on:submit={(event) => { event.preventDefault(); form.submit() }}>

apps/blog-sveltekit/src/routes/register/+page.svelte

@@ -96,6 +96,7 @@
   {/if}
 
   <a href="/login" class="link">Already have an account?</a>
+  <a href="/api/auth/workos/register" class="link">Register with WorkOS</a>
 </section>
 
 <style>

apps/blog-sveltekit/tests/run.mjs

@@ -39,6 +39,7 @@ let capturedOutput = ''
 function createChildEnv(overrides = {}) {
   const env = {
     ...process.env,
+    APP_NAME: '',
     HOLO_SECURITY_TRUST_PROXY: 'true',
     ...overrides,
   }