Return this in some Auth0Response methods

frederikprijck · frederikprijck · commit fde9abfd6843 · 2026-01-12T16:24:51.000+01:00
diff --git a/src/server/auth-client.ts b/src/server/auth-client.ts
@@ -967,12 +967,12 @@ export class AuthClient {
 
     if (!session) {
       if (this.noContentProfileResponseWhenUnauthenticated) {
-        auth0Res.status(null, 204);
-      } else {
-        auth0Res.status(null, 401);
+        return auth0Res.status(null, 204);
       }
-      return auth0Res;
+
+      return auth0Res.status(null, 401);
     }
+
     auth0Res.json(session?.user);
     auth0Res.addCacheControlHeadersForSession();
     return auth0Res;
@@ -987,7 +987,7 @@ export class AuthClient {
     const scope = auth0Req.getUrl().searchParams.get("scope");
 
     if (!session) {
-      auth0Res.json(
+      return auth0Res.json(
         {
           error: {
             message: "The user does not have an active session.",
@@ -998,7 +998,6 @@ export class AuthClient {
           status: 401
         }
       );
-      return auth0Res;
     }
 
     const [error, getTokenSetResponse] = await this.getTokenSet(session, {
@@ -1007,7 +1006,7 @@ export class AuthClient {
     });
 
     if (error) {
-      auth0Res.json(
+      return auth0Res.json(
         {
           error: {
             message: error.message,
@@ -1018,7 +1017,6 @@ export class AuthClient {
           status: 401
         }
       );
-      return auth0Res;
     }
 
     const { tokenSet: updatedTokenSet } = getTokenSetResponse;
@@ -1047,37 +1045,32 @@ export class AuthClient {
     auth0Res: Auth0Response
   ): Promise<Auth0Response> {
     if (!this.sessionStore.store) {
-      auth0Res.status("A session data store is not configured.", 500);
-      return auth0Res;
+      return auth0Res.status("A session data store is not configured.", 500);
     }
 
     if (!this.sessionStore.store.deleteByLogoutToken) {
-      auth0Res.status(
+      return auth0Res.status(
         "Back-channel logout is not supported by the session data store.",
         500
       );
-      return auth0Res;
     }
 
     const body = new URLSearchParams(await auth0Req.getBody());
     const logoutToken = body.get("logout_token");
 
     if (!logoutToken) {
-      auth0Res.status("Missing `logout_token` in the request body.", 400);
-      return auth0Res;
+      return auth0Res.status("Missing `logout_token` in the request body.", 400);
     }
 
     const [error, logoutTokenClaims] =
       await this.verifyLogoutToken(logoutToken);
     if (error) {
-      auth0Res.status(error.message, 400);
-      return auth0Res;
+      return auth0Res.status(error.message, 400);
     }
 
     await this.sessionStore.store.deleteByLogoutToken(logoutTokenClaims);
 
-    auth0Res.status(null, 204);
-    return auth0Res;
+    return auth0Res.status(null, 204);
   }
 
   async handleConnectAccount(
@@ -1099,13 +1092,11 @@ export class AuthClient {
     );
 
     if (!connection) {
-      auth0Res.status("A connection is required.", 400);
-      return auth0Res;
+      return auth0Res.status("A connection is required.", 400);
     }
 
     if (!session) {
-      auth0Res.status("The user does not have an active session.", 401);
-      return auth0Res;
+      return auth0Res.status("The user does not have an active session.", 401);
     }
 
     const [getTokenSetError, getTokenSetResponse] = await this.getTokenSet(
@@ -1117,11 +1108,10 @@ export class AuthClient {
     );
 
     if (getTokenSetError) {
-      auth0Res.status(
+      return auth0Res.status(
         "Failed to retrieve a connected account access token.",
         401
       );
-      return auth0Res;
     }
 
     const { tokenSet } = getTokenSetResponse;
@@ -1139,11 +1129,10 @@ export class AuthClient {
       await this.connectAccount({ tokenSet, ...connectAccountParams });
 
     if (connectAccountError) {
-      auth0Res.status(
+      return auth0Res.status(
         connectAccountError.message,
         connectAccountError.cause?.status ?? 500
       );
-      return auth0Res;
     }
 
     // update the session with the new token set, if necessary
diff --git a/src/server/http/auth0-next-response.ts b/src/server/http/auth0-next-response.ts
@@ -38,8 +38,10 @@ export class Auth0NextResponse extends Auth0Response<NextResponse> {
    *
    * @param url - The URL to redirect to.
    */
-  public redirect(url: string): void {
+  public redirect(url: string) {
     this.res = this.#mergeHeaders(this.res, NextResponse.redirect(url));
+
+    return this;
   }
 
   /**
@@ -55,12 +57,14 @@ export class Auth0NextResponse extends Auth0Response<NextResponse> {
    * res.status("Unauthorized", 401);
    * ```
    */
-  public status(message: string | null, status: number): void {
+  public status(message: string | null, status: number) {
     const body = status === 204 ? null : message;
     this.res = this.#mergeHeaders(
       this.res,
       new NextResponse(body, { status })
     );
+
+    return this;
   }
 
   /**
@@ -74,8 +78,10 @@ export class Auth0NextResponse extends Auth0Response<NextResponse> {
    * res.json({ error: "Invalid token" }, { status: 401 });
    * ```
    */
-  public json(body: any, init?: ResponseInit): void {
+  public json(body: any, init?: ResponseInit) {
     this.res = this.#mergeHeaders(this.res, NextResponse.json(body, init));
+
+    return this;
   }
 
   /**
diff --git a/src/server/http/auth0-response.ts b/src/server/http/auth0-response.ts
@@ -56,7 +56,7 @@ export abstract class Auth0Response<TResponse = any> {
    *
    * @param url - The URL to redirect to. Should be validated before calling this method.
    */
-  abstract redirect(url: string): void;
+  abstract redirect(url: string): Auth0Response<TResponse>;
 
   /**
    * Sets the HTTP status code of the response.
@@ -67,7 +67,7 @@ export abstract class Auth0Response<TResponse = any> {
    * @param message - The response body as a string or null.
    * @param status - The HTTP status code (e.g., 200, 401, 500).
    */
-  abstract status(message: string | null, status: number): TResponse | void;
+  abstract status(message: string | null, status: number): Auth0Response<TResponse>;
 
   /**
    * Sends a JSON response with the specified body.
@@ -82,7 +82,7 @@ export abstract class Auth0Response<TResponse = any> {
    *   user data, or other structured data.
    * @param init - Optional response initialization options (status, headers, etc.).
    */
-  abstract json(body: any, init?: ResponseInit): void;
+  abstract json(body: any, init?: ResponseInit): Auth0Response<TResponse>;
 
   /**
    * Adds cache control headers to the response to prevent caching of sensitive data.
