[
{
"path": ".eslintrc.json",
"content": "{\n \"extends\": \"next/core-web-vitals\"\n}\n"
},
{
"path": ".github/workflows/coana-analysis.yml",
"content": "name: Coana Vulnerability Analysis\n\non:\n schedule:\n - cron: \"0 3 * * *\" # every day at 3 AM\n workflow_dispatch:\n inputs:\n tags:\n description: \"Manually run vulnerability analysis\"\n # Required by the return-dispatch action\n distinct_id:\n\njobs:\n coana-vulnerability-analysis:\n runs-on: ubuntu-latest\n\n steps:\n - name: Checkout code\n uses: actions/checkout@v4\n\n - name: Run Coana CLI\n id: coana-cli\n uses: docker://coana/coana:latest@sha256:74144ed0fc9d7da87dcd45ccd12458cc7c25ad23e47eebd7ceb4860ed396d63e\n with:\n args: |\n coana run . \\\n --api-key ${{ secrets.COANA_API_KEY }} \\\n --repo-url https://github.com/${{github.repository}}\n"
},
{
"path": ".github/workflows/coana-guardrail.yml",
"content": "name: Coana Guardrail\n\non: pull_request\n\njobs:\n guardrail:\n runs-on: ubuntu-latest\n\n steps:\n - name: Checkout the ${{github.base_ref}} branch\n uses: actions/checkout@v4\n with:\n ref: ${{github.base_ref}} # checkout the base branch (usually master/main).\n\n - name: Fetch the PR branch\n run: |\n git fetch ${{ github.event.pull_request.head.repo.clone_url }} ${{ github.head_ref }}:${{ github.head_ref }} --depth=1\n\n - name: Get list of changed files relative to the main/master branch\n id: changed-files\n run: |\n echo \"all_changed_files=$(git diff --name-only ${{ github.base_ref }} ${{ github.head_ref }} | tr '\\n' ' ')\" >> $GITHUB_OUTPUT\n\n - name: Use Node.js 20.x\n uses: actions/setup-node@v4\n with:\n node-version: 20.x\n\n - name: Run Coana on the ${{github.base_ref}} branch\n run: |\n npx @coana-tech/cli run . \\\n --guardrail-mode \\\n --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \\\n -o /tmp/main-branch \\\n --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \\\n --lightweight-reachability \\\n\n # Reset file permissions.\n # This is necessary because the Coana CLI may add\n # new files with root ownership since it's using docker.\n # These files will not be deleted by the clean step in checkout\n # if the permissions are not reset.\n - name: Reset file permissions\n run: sudo chown -R $USER:$USER .\n\n - name: Checkout the current branch\n uses: actions/checkout@v4\n with:\n clean: true\n\n - name: Run Coana on the current branch\n run: |\n npx @coana-tech/cli run . \\\n --guardrail-mode \\\n --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \\\n -o /tmp/current-branch \\\n --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \\\n --lightweight-reachability \\\n\n - name: Run Report Comparison\n run: |\n npx @coana-tech/cli compare-reports \\\n --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \\\n /tmp/main-branch/coana-report.json \\\n /tmp/current-branch/coana-report.json\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n"
},
{
"path": ".gitignore",
"content": "# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.\n\n# dependencies\n/node_modules\n/.pnp\n.pnp.js\n.yarn/install-state.gz\n\n# testing\n/coverage\n\n# next.js\n/.next/\n/out/\n\n# production\n/build\n\n# misc\n.DS_Store\n*.pem\n\n# debug\nnpm-debug.log*\nyarn-debug.log*\nyarn-error.log*\n\n# local env files\n.env*.local\n\n# vercel\n.vercel\n\n# typescript\n*.tsbuildinfo\nnext-env.d.ts\n"
},
{
"path": ".prettierrc",
"content": "{\n \"printWidth\": 100,\n \"singleQuote\": true\n}\n"
},
{
"path": "CODE_OF_CONDUCT.md",
"content": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nWe as members, contributors, and leaders pledge to make participation in our\ncommunity a harassment-free experience for everyone, regardless of age, body\nsize, visible or invisible disability, ethnicity, sex characteristics, gender\nidentity and expression, level of experience, education, socio-economic status,\nnationality, personal appearance, race, religion, or sexual identity\nand orientation.\n\nWe pledge to act and interact in ways that contribute to an open, welcoming,\ndiverse, inclusive, and healthy community.\n\n## Our Standards\n\nExamples of behavior that contributes to a positive environment for our\ncommunity include:\n\n* Demonstrating empathy and kindness toward other people\n* Being respectful of differing opinions, viewpoints, and experiences\n* Giving and gracefully accepting constructive feedback\n* Accepting responsibility and apologizing to those affected by our mistakes,\n and learning from the experience\n* Focusing on what is best not just for us as individuals, but for the\n overall community\n\nExamples of unacceptable behavior include:\n\n* The use of sexualized language or imagery, and sexual attention or\n advances of any kind\n* Trolling, insulting or derogatory comments, and personal or political attacks\n* Public or private harassment\n* Publishing others' private information, such as a physical or email\n address, without their explicit permission\n* Other conduct which could reasonably be considered inappropriate in a\n professional setting\n\n## Enforcement Responsibilities\n\nCommunity leaders are responsible for clarifying and enforcing our standards of\nacceptable behavior and will take appropriate and fair corrective action in\nresponse to any behavior that they deem inappropriate, threatening, offensive,\nor harmful.\n\nCommunity leaders have the right and responsibility to remove, edit, or reject\ncomments, commits, code, wiki edits, issues, and other contributions that are\nnot aligned to this Code of Conduct, and will communicate reasons for moderation\ndecisions when appropriate.\n\n## Scope\n\nThis Code of Conduct applies within all community spaces, and also applies when\nan individual is officially representing the community in public spaces.\nExamples of representing our community include using an official e-mail address,\nposting via an official social media account, or acting as an appointed\nrepresentative at an online or offline event.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be\nreported to the community leaders responsible for enforcement at\nsupport@workos.com.\nAll complaints will be reviewed and investigated promptly and fairly.\n\nAll community leaders are obligated to respect the privacy and security of the\nreporter of any incident.\n\n## Enforcement Guidelines\n\nCommunity leaders will follow these Community Impact Guidelines in determining\nthe consequences for any action they deem in violation of this Code of Conduct:\n\n### 1. Correction\n\n**Community Impact**: Use of inappropriate language or other behavior deemed\nunprofessional or unwelcome in the community.\n\n**Consequence**: A private, written warning from community leaders, providing\nclarity around the nature of the violation and an explanation of why the\nbehavior was inappropriate. A public apology may be requested.\n\n### 2. Warning\n\n**Community Impact**: A violation through a single incident or series\nof actions.\n\n**Consequence**: A warning with consequences for continued behavior. No\ninteraction with the people involved, including unsolicited interaction with\nthose enforcing the Code of Conduct, for a specified period of time. This\nincludes avoiding interactions in community spaces as well as external channels\nlike social media. Violating these terms may lead to a temporary or\npermanent ban.\n\n### 3. Temporary Ban\n\n**Community Impact**: A serious violation of community standards, including\nsustained inappropriate behavior.\n\n**Consequence**: A temporary ban from any sort of interaction or public\ncommunication with the community for a specified period of time. No public or\nprivate interaction with the people involved, including unsolicited interaction\nwith those enforcing the Code of Conduct, is allowed during this period.\nViolating these terms may lead to a permanent ban.\n\n### 4. Permanent Ban\n\n**Community Impact**: Demonstrating a pattern of violation of community\nstandards, including sustained inappropriate behavior, harassment of an\nindividual, or aggression toward or disparagement of classes of individuals.\n\n**Consequence**: A permanent ban from any sort of public interaction within\nthe community.\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant][homepage],\nversion 2.0, available at\nhttps://www.contributor-covenant.org/version/2/0/code_of_conduct.html.\n\nCommunity Impact Guidelines were inspired by [Mozilla's code of conduct\nenforcement ladder](https://github.com/mozilla/diversity).\n\n[homepage]: https://www.contributor-covenant.org\n\nFor answers to common questions about this code of conduct, see the FAQ at\nhttps://www.contributor-covenant.org/faq. Translations are available at\nhttps://www.contributor-covenant.org/translations.\n"
},
{
"path": "LICENSE",
"content": "MIT License\n\nCopyright (c) 2023 WorkOS\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
},
{
"path": "README.md",
"content": "
\n \n
AuthKit
\n
How to use AuthKit's hosted UI or build your own frontend with the headless User Management APIs
\n\n\n## Setup\n\nFirst, ensure you have set up the [environment variables](/#environment-variables) and [redirects](/#redirects).\n\nFor each example, you will need to ensure the applicable authentication method is enabled in your WorkOS dashboard. To do so navigate to **Authentication** and edit the applicable authentication method and ensure it is set to **Enabled**.\n\nFor the Google OAuth and Microsoft OAuth examples, WorkOS provides demo app credentials to use in your WorkOS staging environment. This allows you to test these authentication flows without having to set up your own OAuth apps.\n\nIn order to test Single Sign-On, you will need to create an organization in your WorkOS dashboard. Navigate to **Organizations** and then **Create organization**. Enter a name for this organization, and optionally add a domain that the members will use to sign in. You will also need to create a Single Sign-On connection in the WorkOS dashboard for this organization. On this organization's detail page, navigate to the authentication section, find **Single Sign-On**. For the purposes of this example, we will use the **Configure Manually** feature to create a new connection. This requires you to have access to an identity provider (IdP) for testing such as Entra ID (Azure AD), Google Workspace, or Okta.\n\n## Examples\n\n- [Basic authentication](./basic/page.tsx). How to use AuthKit's hosted UI with any authentication method (Email + Password, Magic Auth, Google OAuth, Microsoft OAuth, and Single Sign-On).\n- [Using the authkit-nextjs library](./with-nextjs/page.tsx). How to use AuthKit's hosted UI in Next.js with managed client-side sessions and impersonation.\n- [With client-side sessions](./with-session/page.tsx). How to use AuthKit's hosted UI and manage sessions client-side using JavaScript Web Tokens (JWTs).\n\n### Next.js\n\nFor the `authkit-nextjs` example, you'll need to add the following to your environment variables:\n\n```bash\n# Needed for authkit-nextjs library example, defined in WorkOS dashboard\nWORKOS_REDIRECT_URI=\n\n# Needed for authkit-nextjs library example. Must be at least 32 characters long\nWORKOS_COOKIE_PASSWORD=\n```\n\nTo generate a secure cookie password, you can use the [1Password generator](https://1password.com/password-generator/) or use the `openssl` library to generate a strong password on the command line:\n\n```bash\nopenssl rand -base64 24\n```\n\n### Sessions\n\nFor the example with client-side sessions, you will need to add a JWT secret as an environment variable. It can be any random base64 string for testing locally. You can use the `openssl` library to easily generate a key.\n\n```bash\nopenssl rand -base64 32\n```\n\nAnd update the `.env.local` file:\n\n```bash\n# ...\nJWT_SECRET_KEY=\"\"\n```\n"
},
{
"path": "src/app/using-hosted-authkit/basic/callback/route.ts",
"content": "import { WorkOS } from '@workos-inc/node';\nimport { redirect } from 'next/navigation';\n\n// This is a Next.js Route Handler.\n//\n// If your application is a single page app (SPA) with a separate backend you will need to:\n// - create a backend endpoint to handle the request\n// - adapt the code below in your endpoint\n//\n// Please also note that for the sake of simplicity, we directly return the user here in the query string.\n// In a real application, you would probably store the user in a token (JWT)\n// and store that token in your DB or use cookies (See `with-session` example for more details).\n\nconst workos = new WorkOS(process.env.WORKOS_API_KEY);\n\nexport async function GET(request: Request) {\n const code = new URL(request.url).searchParams.get('code') || '';\n\n let response;\n\n try {\n response = await workos.userManagement.authenticateWithCode({\n clientId: process.env.WORKOS_CLIENT_ID || '',\n code,\n });\n } catch (error) {\n response = error;\n }\n\n if (response) {\n redirect(\n `http://localhost:3000/using-hosted-authkit/basic?response=${JSON.stringify(response)}`\n );\n }\n}\n"
},
{
"path": "src/app/using-hosted-authkit/basic/page.tsx",
"content": "import { WorkOS } from '@workos-inc/node';\n\n// This example uses Next.js with React Server Components.\n// Because this page is an RSC, the code stays on the server, which allows\n// us to use the WorkOS Node SDK without exposing our API key to the client.\n//\n// If your application is a single page app (SPA), you will need to:\n// - create a form that can POST to an endpoint in your backend\n// - call the `getAuthorizationURL` method in that endpoint\n// - redirect the user to the returned URL\n\nconst workos = new WorkOS(process.env.WORKOS_API_KEY);\n\nexport default function Basic({\n searchParams,\n}: {\n searchParams: { [key: string]: string | string[] | undefined };\n}) {\n const authKitUrl = workos.userManagement.getAuthorizationUrl({\n clientId: process.env.WORKOS_CLIENT_ID || '',\n provider: 'authkit',\n redirectUri: 'http://localhost:3000/using-hosted-authkit/basic/callback',\n });\n\n const result = JSON.parse(String(searchParams.response ?? '{ \"error\": null }'));\n\n return (\n \n
\n \n );\n}\n"
},
{
"path": "src/app/using-hosted-authkit/page.tsx",
"content": "import Link from 'next/link';\n\nexport default function UsingHostedAuthKit() {\n return (\n \n
Using hosted AuthKit
\n
\n
\n Basic example\n
\n
\n With Next.js library\n
\n
\n With session\n
\n
\n \n );\n}\n"
},
{
"path": "src/app/using-hosted-authkit/with-nextjs/callback/route.ts",
"content": "import { handleAuth } from '@workos-inc/authkit-nextjs';\n\nexport const GET = handleAuth({ returnPathname: '/using-hosted-authkit/with-nextjs/' });\n"
},
{
"path": "src/app/using-hosted-authkit/with-nextjs/page.tsx",
"content": "import { getSignInUrl, getUser, signOut } from '@workos-inc/authkit-nextjs';\n\nexport default async function WithNextjs() {\n // Retrieves the user from the session or returns `null` if no user is signed in\n const { user } = await getUser();\n\n // Get the URL to redirect the user to AuthKit to sign in\n const signInUrl = await getSignInUrl();\n\n return (\n \n
Using hosted AuthKit
\n
With Next.js library
\n {user ? (\n <>\n
Welcome back {user?.firstName && `, ${user?.firstName}`}
\n \n );\n}\n"
},
{
"path": "src/app/using-hosted-authkit/with-session/auth.ts",
"content": "import { cookies } from 'next/headers';\nimport { redirect } from 'next/navigation';\nimport { jwtVerify } from 'jose';\nimport type { User } from '@workos-inc/node';\n\nexport function getJwtSecretKey() {\n const secret = process.env.JWT_SECRET_KEY;\n\n if (!secret) {\n throw new Error('JWT_SECRET_KEY is not set');\n }\n\n return new Uint8Array(Buffer.from(secret, 'base64'));\n}\n\nexport async function verifyJwtToken(token: string) {\n try {\n const { payload } = await jwtVerify(token, getJwtSecretKey());\n return payload;\n } catch (error) {\n return null;\n }\n}\n\n// Verify the JWT and return the user\nexport async function getUser(): Promise<{\n isAuthenticated: boolean;\n user?: User | null;\n}> {\n const token = cookies().get('token')?.value;\n\n if (token) {\n const verifiedToken = await verifyJwtToken(token);\n if (verifiedToken) {\n return {\n isAuthenticated: true,\n user: verifiedToken.user as User | null,\n };\n }\n }\n\n return { isAuthenticated: false };\n}\n\n// Clear the session and redirect to the home page\nexport async function signOut() {\n cookies().delete('token');\n redirect('/using-hosted-authkit/with-session');\n}\n"
},
{
"path": "src/app/using-hosted-authkit/with-session/callback/route.ts",
"content": "import { WorkOS } from '@workos-inc/node';\nimport { NextResponse } from 'next/server';\nimport { SignJWT } from 'jose';\nimport { getJwtSecretKey } from '../auth';\n\n// This is a Next.js Route Handler.\n//\n// If your application is a single page app (SPA) with a separate backend you will need to:\n// - create a backend endpoint to handle the request\n// - adapt the code below in your endpoint\n\nconst workos = new WorkOS(process.env.WORKOS_API_KEY);\n\nexport async function GET(request: Request) {\n const url = new URL(request.url);\n const code = url.searchParams.get('code') || '';\n\n try {\n const { user } = await workos.userManagement.authenticateWithCode({\n clientId: process.env.WORKOS_CLIENT_ID || '',\n code,\n });\n\n // Create a JWT with the user's information\n // Here you might lookup and retrieve user details from your database\n const token = await new SignJWT({ user })\n .setProtectedHeader({ alg: 'HS256', typ: 'JWT' })\n .setIssuedAt()\n .setExpirationTime('1h')\n .sign(getJwtSecretKey());\n\n // Cleanup params\n url.searchParams.delete('code');\n\n // Store the session and redirect to the application\n url.pathname = '/using-hosted-authkit/with-session';\n const response = NextResponse.redirect(url);\n\n response.cookies.set({\n name: 'token',\n value: token,\n httpOnly: true,\n path: '/',\n secure: true,\n sameSite: 'lax',\n });\n\n return response;\n } catch (error) {\n return NextResponse.json(error);\n }\n}\n"
},
{
"path": "src/app/using-hosted-authkit/with-session/page.tsx",
"content": "import { WorkOS } from '@workos-inc/node';\nimport { getUser, signOut } from './auth';\n\n// This example uses Next.js with React Server Components.\n// Because this page is an RSC, the code stays on the server, which allows\n// us to use the WorkOS Node SDK without exposing our API key to the client.\n//\n// If your application is a single page app (SPA), you will need to:\n// - create a form that can POST to an endpoint in your backend\n// - call the `getAuthorizationURL` method in that endpoint\n// - redirect the user to the returned URL\n\nconst workos = new WorkOS(process.env.WORKOS_API_KEY);\n\nexport default async function WithSession() {\n const { isAuthenticated, user } = await getUser();\n\n const authKitUrl = workos.userManagement.getAuthorizationUrl({\n clientId: process.env.WORKOS_CLIENT_ID || '',\n provider: 'authkit',\n redirectUri: 'http://localhost:3000/using-hosted-authkit/with-session/callback',\n });\n\n return (\n \n
\n\n\n## Setup\n\nFirst, ensure you have set up the [environment variables](/#environment-variables) and [redirects](/#redirects).\n\nFor each example, you will need to ensure the applicable authentication method is enabled in your WorkOS dashboard. To do so navigate to **Authentication** and edit the applicable authentication method and ensure it is set to **Enabled**.\n\nFor the Google OAuth and Microsoft OAuth examples, WorkOS provides demo app credentials to use in your WorkOS staging environment. This allows you to test these authentication flows without having to set up your own OAuth apps.\n\n## Examples\n\n### Sign-up\n\n- [Email + Password](./sign-up/email-password/page.tsx)\n- [Magic Auth](./sign-up/magic-auth/page.tsx)\n\n### Sign-in\n\n- [Email + Password](./sign-in/email-password/page.tsx)\n- [Magic Auth](./sign-in/magic-auth/page.tsx)\n- [Google OAuth](./sign-in/google-oauth/page.tsx)\n- [Microsoft OAuth](./sign-in/microsoft-oauth/page.tsx)\n- [Single Sign-On](./sign-in/sso/page.tsx)\n\nFor the Single Sign-On example, you will need to create an organization in your WorkOS dashboard. Navigate to **Organizations** and then **Create organization**. Enter a name for this organization, and optionally add a domain that the members will use to sign in. You will also need to create a Single Sign-On connection in the WorkOS dashboard for this organization. On this organization's detail page, navigate to the authentication section, find **Single Sign-On**. For the purposes of this example, we will use the **Configure Manually** feature to create a new connection. This requires you to have access to an identity provider (IdP) for testing such as Entra ID (Azure AD), Google Workspace, or Okta.\n\nYou will also need to copy the **Organization ID** from the organization you created with the active Single Sign-On connection. This is located below the organization's name on its detail page (beginning with `org_`). Copy it and add it to your `.env.local` file.\n\n```bash\nSSO_ENABLED_ORGANIZATION_ID=\"\"\n```\n\n### Other\n\n- [Multi-Factor Auth](./mfa/page.tsx)\n- [Verify email](./verify-email/page.tsx)\n- [Reset password](./reset-password/page.tsx)\n- [Users table](./users-table/page.tsx)\n- [Update user](./update-user/page.tsx)\n"
},
{
"path": "src/app/using-your-own-ui/mfa/mfa.ts",
"content": "'use server';\n\n// These are Next.js server actions.\n//\n// If your application is a single page app (SPA) with a separate backend you will need to:\n// - create a backend endpoint to handle each request\n// - adapt the code below in each of those endpoints\n//\n// Please also note that for the sake of simplicity, we return all errors here.\n// In a real application, you should pay attention to which errors make it\n// to the client for security reasons.\n\nimport { WorkOS } from '@workos-inc/node';\n\nconst workos = new WorkOS(process.env.WORKOS_API_KEY);\n\nexport async function signIn(prevState: any, formData: FormData): Promise {\n try {\n // For the sake of simplicity, we directly return the user here.\n // In a real application, you would probably store the user in a token (JWT)\n // and store that token in your DB or use cookies.\n return await workos.userManagement.authenticateWithPassword({\n clientId: process.env.WORKOS_CLIENT_ID || '',\n email: String(formData.get('email')),\n password: String(formData.get('password')),\n });\n } catch (error) {\n const err = JSON.parse(JSON.stringify(error));\n\n if (err.rawData.code === 'mfa_enrollment') {\n const { authenticationFactor, authenticationChallenge } =\n await workos.userManagement.enrollAuthFactor({\n userId: err.rawData.user.id,\n type: 'totp',\n totpIssuer: 'WorkOS',\n totpUser: err.rawData.user.email,\n });\n return {\n authenticationFactor,\n authenticationChallenge,\n pendingAuthenticationToken: err.rawData.pending_authentication_token,\n };\n }\n\n if (err.rawData.code === 'mfa_challenge') {\n const challenge = await workos.mfa.challengeFactor({\n authenticationFactorId: err.rawData.authentication_factors[0].id,\n });\n return {\n authenticationChallenge: challenge,\n pendingAuthenticationToken: err.rawData.pending_authentication_token,\n };\n }\n\n return { error: err };\n }\n}\n\nexport async function verifyTotp(prevState: any, formData: FormData) {\n try {\n // For the sake of simplicity, we directly return the user here.\n // In a real application, you would probably store the user in a token (JWT)\n // and store that token in your DB or use cookies.\n return await workos.userManagement.authenticateWithTotp({\n clientId: process.env.WORKOS_CLIENT_ID || '',\n authenticationChallengeId: String(formData.get('authenticationChallengeId')),\n pendingAuthenticationToken: String(formData.get('pendingAuthenticationToken')),\n code: String(formData.get('code')),\n });\n } catch (error) {\n return { error: JSON.parse(JSON.stringify(error)) };\n }\n}\n\ntype UnpackPromise = T extends Promise ? U : T;\ntype AuthenticateResponse = UnpackPromise<\n ReturnType\n>;\ntype EnrollResponse = UnpackPromise>;\ntype SignInResponse =\n | AuthenticateResponse\n | {\n authenticationFactor?: EnrollResponse['authenticationFactor'];\n authenticationChallenge: EnrollResponse['authenticationChallenge'];\n pendingAuthenticationToken: string;\n }\n | { error: any };\n"
},
{
"path": "src/app/using-your-own-ui/mfa/page.tsx",
"content": "'use client';\n\nimport { useFormState } from 'react-dom';\nimport { signIn, verifyTotp } from './mfa';\nimport Image from 'next/image';\n\nexport default function Mfa() {\n // This example uses Next.js server actions to call functions on the server side.\n //\n // If your application is a single page app (SPA), you will need to:\n // - handle the form submission in `