fix: authentication strategy cookies and split cookies per domain

packages/medusa-plugin-auth/src/auth-strategies/facebook/admin.ts

@@ -2,7 +2,10 @@ import passport from 'passport';
 import { Strategy as FacebookStrategy } from 'passport-facebook';
 import jwt from 'jsonwebtoken';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import {
+	ADMIN_AUTH_TOKEN_COOKIE_NAME,
+	TWENTY_FOUR_HOURS_IN_MS
+} from '../../types';
 import { UserService } from '@medusajs/medusa';
 import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registration-name';
 import { MedusaError } from 'medusa-core-utils';
@@ -80,7 +83,7 @@ export function getFacebookAdminAuthRouter(facebook: FacebookAuthOptions, config
 		const token = jwt.sign({ userId: req.user.id }, configModule.projectConfig.jwt_secret, {
 			expiresIn: facebook.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 		});
-		res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(facebook.admin.successRedirect);
+		res.cookie(ADMIN_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(facebook.admin.successRedirect);
 	};
 
 	router.get(facebook.admin.authCallbackPath, cors(adminCorsOptions));

packages/medusa-plugin-auth/src/auth-strategies/facebook/store.ts

@@ -9,7 +9,11 @@ import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registrat
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { AUTH_TOKEN_COOKIE_NAME, CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import {
+	CUSTOMER_METADATA_KEY,
+	STORE_AUTH_TOKEN_COOKIE_NAME,
+	TWENTY_FOUR_HOURS_IN_MS
+} from '../../types';
 import { getCookieOptions } from '../../utils/get-cookie-options';
 import { FacebookAuthOptions } from './types';
 
@@ -86,10 +90,10 @@ export function getFacebookStoreAuthRouter(facebook: FacebookAuthOptions, config
 			session: false,
 		}),
 		(req, res) => {
-			const token = jwt.sign({ userId: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
+			const token = jwt.sign({ customer_id: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
 				expiresIn: facebook.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 			});
-			res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(facebook.store.successRedirect);
+			res.cookie(STORE_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(facebook.store.successRedirect);
 		}
 	);
 

packages/medusa-plugin-auth/src/auth-strategies/google/admin.ts

@@ -2,7 +2,7 @@ import passport from 'passport';
 import { Strategy as GoogleStrategy } from 'passport-google-oauth2';
 import jwt from 'jsonwebtoken';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { UserService } from '@medusajs/medusa';
 import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registration-name';
 import { MedusaError } from 'medusa-core-utils';
@@ -82,7 +82,7 @@ export function getGoogleAdminAuthRouter(google: GoogleAuthOptions, configModule
 		const token = jwt.sign({ userId: req.user.id }, configModule.projectConfig.jwt_secret, {
 			expiresIn: google.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 		});
-		res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(google.admin.successRedirect);
+		res.cookie(ADMIN_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(google.admin.successRedirect);
 	};
 
 	router.get(google.admin.authCallbackPath, cors(adminCorsOptions));

packages/medusa-plugin-auth/src/auth-strategies/google/store.ts

@@ -9,7 +9,11 @@ import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registrat
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { AUTH_TOKEN_COOKIE_NAME, CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import {
+	CUSTOMER_METADATA_KEY,
+	STORE_AUTH_TOKEN_COOKIE_NAME,
+	TWENTY_FOUR_HOURS_IN_MS
+} from '../../types';
 import { getCookieOptions } from '../../utils/get-cookie-options';
 import { GoogleAuthOptions } from './index';
 
@@ -88,10 +92,10 @@ export function getGoogleStoreAuthRouter(google: GoogleAuthOptions, configModule
 			session: false,
 		}),
 		(req, res) => {
-			const token = jwt.sign({ userId: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
+			const token = jwt.sign({ customer_id: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
 				expiresIn: google.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 			});
-			res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(google.store.successRedirect);
+			res.cookie(STORE_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(google.store.successRedirect);
 		}
 	);
 

packages/medusa-plugin-auth/src/auth-strategies/jwt-override.ts

@@ -1,20 +1,53 @@
 import passport from 'passport';
 import { Strategy as JWTStrategy } from 'passport-jwt';
 import { ConfigModule } from '@medusajs/medusa/dist/types/global';
-import { AUTH_TOKEN_COOKIE_NAME } from '../types';
+import { ADMIN_AUTH_TOKEN_COOKIE_NAME, STORE_AUTH_TOKEN_COOKIE_NAME } from "../types";
 
 export function loadJwtOverrideStrategy(configModule: ConfigModule): void {
 	const { jwt_secret } = configModule.projectConfig;
 	passport.use(
 		'jwt',
 		new JWTStrategy(
 			{
-				jwtFromRequest: (req) => req.cookies[AUTH_TOKEN_COOKIE_NAME] ?? req.session.jwt,
+				jwtFromRequest: (req) => {
+					return req.cookies[STORE_AUTH_TOKEN_COOKIE_NAME] ?? req.cookies[ADMIN_AUTH_TOKEN_COOKIE_NAME]  ?? req.session.jwt
+				},
 				secretOrKey: jwt_secret,
 			},
 			async (jwtPayload, done) => {
 				return done(null, jwtPayload);
 			}
 		)
 	);
+
+	// The bellow code will be available for the next version of medusa core
+	/*passport.use(
+		'admin-jwt',
+		new JWTStrategy(
+			{
+				jwtFromRequest: (req) => {
+					return req.cookies[ADMIN_AUTH_TOKEN_COOKIE_NAME]  ?? req.session.jwt
+				},
+				secretOrKey: jwt_secret,
+			},
+			async (jwtPayload, done) => {
+				return done(null, jwtPayload);
+			}
+		)
+	);
+
+	passport.use(
+		'store-jwt',
+		new JWTStrategy(
+			{
+				jwtFromRequest: (req) => {
+					return req.cookies[STORE_AUTH_TOKEN_COOKIE_NAME]  ?? req.session.jwt_store
+				},
+				secretOrKey: jwt_secret,
+			},
+			async (jwtPayload, done) => {
+				return done(null, jwtPayload);
+			}
+		)
+	);*/
 }

packages/medusa-plugin-auth/src/auth-strategies/linkedin/admin.ts

@@ -2,7 +2,7 @@ import passport from 'passport';
 import { Strategy as LinkedinStrategy } from 'passport-linkedin-oauth2';
 import jwt from 'jsonwebtoken';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { UserService } from '@medusajs/medusa';
 import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registration-name';
 import { MedusaError } from 'medusa-core-utils';
@@ -84,7 +84,7 @@ export function getLinkedinAdminAuthRouter(linkedin: LinkedinAuthOptions, config
 		const token = jwt.sign({ userId: req.user.id }, configModule.projectConfig.jwt_secret, {
 			expiresIn: linkedin.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 		});
-		res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(linkedin.admin.successRedirect);
+		res.cookie(ADMIN_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(linkedin.admin.successRedirect);
 	};
 
 	router.get(linkedin.admin.authCallbackPath, cors(adminCorsOptions));

packages/medusa-plugin-auth/src/auth-strategies/linkedin/store.ts

@@ -9,7 +9,11 @@ import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registrat
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { AUTH_TOKEN_COOKIE_NAME, CUSTOMER_METADATA_KEY, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import {
+	CUSTOMER_METADATA_KEY,
+	STORE_AUTH_TOKEN_COOKIE_NAME,
+	TWENTY_FOUR_HOURS_IN_MS
+} from '../../types';
 import { getCookieOptions } from '../../utils/get-cookie-options';
 import { LinkedinAuthOptions } from './index';
 
@@ -90,10 +94,10 @@ export function getLinkedinStoreAuthRouter(linkedin: LinkedinAuthOptions, config
 			session: false,
 		}),
 		(req, res) => {
-			const token = jwt.sign({ userId: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
+			const token = jwt.sign({ customer_id: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
 				expiresIn: linkedin.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 			});
-			res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(linkedin.store.successRedirect);
+			res.cookie(STORE_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(linkedin.store.successRedirect);
 		}
 	);
 

packages/medusa-plugin-auth/src/auth-strategies/twitter/admin.ts

@@ -2,7 +2,7 @@ import passport from 'passport';
 import { Strategy as TwitterStrategy } from '@superfaceai/passport-twitter-oauth2';
 import jwt from 'jsonwebtoken';
 import { ConfigModule, MedusaContainer } from '@medusajs/medusa/dist/types/global';
-import { AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
+import { ADMIN_AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS } from '../../types';
 import { UserService } from '@medusajs/medusa';
 import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registration-name';
 import { MedusaError } from 'medusa-core-utils';
@@ -81,7 +81,7 @@ export function getTwitterAdminAuthRouter(twitter: TwitterAuthOptions, configMod
 		const token = jwt.sign({ userId: req.user.id }, configModule.projectConfig.jwt_secret, {
 			expiresIn: twitter.admin.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 		});
-		res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(twitter.admin.successRedirect);
+		res.cookie(ADMIN_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(twitter.admin.successRedirect);
 	};
 
 	router.get(twitter.admin.authCallbackPath, cors(adminCorsOptions));

packages/medusa-plugin-auth/src/auth-strategies/twitter/store.ts

@@ -9,7 +9,11 @@ import formatRegistrationName from '@medusajs/medusa/dist/utils/format-registrat
 import { MedusaError } from 'medusa-core-utils';
 import { EntityManager } from 'typeorm';
 
-import { AUTH_TOKEN_COOKIE_NAME, TWENTY_FOUR_HOURS_IN_MS, CUSTOMER_METADATA_KEY } from '../../types';
+import {
+	TWENTY_FOUR_HOURS_IN_MS,
+	CUSTOMER_METADATA_KEY,
+	STORE_AUTH_TOKEN_COOKIE_NAME
+} from '../../types';
 import { getCookieOptions } from '../../utils/get-cookie-options';
 import { TwitterAuthOptions } from './index';
 
@@ -91,10 +95,10 @@ export function getTwitterStoreAuthRouter(twitter: TwitterAuthOptions, configMod
 			session: false,
 		}),
 		(req, res) => {
-			const token = jwt.sign({ userId: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
+			const token = jwt.sign({ customer_id: req.user.customer_id }, configModule.projectConfig.jwt_secret, {
 				expiresIn: twitter.store.expiresIn ?? TWENTY_FOUR_HOURS_IN_MS,
 			});
-			res.cookie(AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(twitter.store.successRedirect);
+			res.cookie(STORE_AUTH_TOKEN_COOKIE_NAME, token, getCookieOptions()).redirect(twitter.store.successRedirect);
 		}
 	);
 

packages/medusa-plugin-auth/src/types/index.ts

@@ -3,7 +3,8 @@ import { FacebookAuthOptions } from '../auth-strategies/facebook';
 import { TwitterAuthOptions } from '../auth-strategies/twitter';
 import { LinkedinAuthOptions } from '../auth-strategies/linkedin';
 
-export const AUTH_TOKEN_COOKIE_NAME = 'auth_token';
+export const STORE_AUTH_TOKEN_COOKIE_NAME = 'store_auth_token';
+export const ADMIN_AUTH_TOKEN_COOKIE_NAME = 'admin_auth_token';
 
 export const CUSTOMER_METADATA_KEY = 'useSocialAuth';