feat(SW-158): Updated to use custom cookie and optimization

app/[lang]/(live)/(public)/login/route.ts

@@ -16,7 +16,13 @@ export async function GET(
 
   const returnUrl = request.headers.get("x-returnurl")
   const isMFA = request.headers.get("x-mfa-login")
-  const isMagicLinkLogin = !!request.headers.get("x-magic-link")
+
+  // This is to support seamless login when using magic link login
+  const isMagicLinkUpdateLogin = !!request.headers.get("x-magic-link")
+
+  if (!env.PUBLIC_URL) {
+    throw internalServerError("No value for env.PUBLIC_URL")
+  }
 
   if (returnUrl) {
     // Seamless login request from Current web
@@ -30,9 +36,6 @@ export async function GET(
 
     // Make relative URL to absolute URL
     if (redirectTo.startsWith("/")) {
-      if (!env.PUBLIC_URL) {
-        throw internalServerError("No value for env.PUBLIC_URL")
-      }
       redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
     }
 
@@ -69,6 +72,14 @@ export async function GET(
       const redirectUrl = new URL(redirectUrlValue)
       redirectUrl.searchParams.set("returnurl", redirectTo)
       redirectTo = redirectUrl.toString()
+
+      /** Set cookie with redirect Url to appropriately redirect user when using magic link login */
+      redirectHeaders.append(
+        "set-cookie",
+        "magicLinkRedirectTo=" +
+          redirectTo +
+          "; Max-Age=300; Path=/; HttpOnly; SameSite=Lax"
+      )
     } catch (e) {
       console.error(
         "Unable to create URL for seamless login, proceeding without it."
@@ -96,26 +107,26 @@ export async function GET(
        * to the user which we do not want.
        */
       acr_values: "acr",
+
       /**
-       * The `for_origin` param is used to make Curity email login functionality working.
-       * Without the parameter Curity gives Internal Error issue for login with Email link.
-       */
-      for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "",
-      /**
-       * This is new param set for differentiate between
-       * the Magic link login of New web and current web
-       */
+       * Both of the below two params are required to send for initiating login as well
+       * because user might choose to do Email link login.
+       * */
+      // The `for_origin` param is used to make Curity email login functionality working.
+      for_origin: env.PUBLIC_URL,
+      // This is new param set for differentiate between the Magic link login of New web and current web
       version: "2",
     }
     if (isMFA) {
-      params.scope = ["profile_update", "openid", "profile"].join(" ")
+      // Append profile_update scope for MFA
+      params.scope = params.scope + " profile_udpate"
       /**
        * The below acr value is required as for New Web same Curity Client is used for MFA
        * while in current web it is being setup using different Curity Client
        */
       params.acr_values =
         "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web"
-    } else if (isMagicLinkLogin) {
+    } else if (isMagicLinkUpdateLogin) {
       params.acr_values = "abc"
     }
     const redirectUrl = await signIn(

app/[lang]/(live)/(public)/verifymagiclink/route.ts

@@ -4,7 +4,7 @@ import { AuthError } from "next-auth"
 import { Lang } from "@/constants/languages"
 import { login } from "@/constants/routes/handleAuth"
 import { env } from "@/env/server"
-import { internalServerError } from "@/server/errors/next"
+import { badRequest, internalServerError } from "@/server/errors/next"
 
 import { signIn } from "@/auth"
 
@@ -14,16 +14,17 @@ export async function GET(
 ) {
   let redirectTo: string
 
-  // Set callback from Cookie set by NextAuth when intiating login
+  // Set redirect url from the magicLinkRedirect Cookie which is set when intiating login
   redirectTo =
-    request.cookies.get("Scandic-auth.callback-url")?.value ||
+    request.cookies.get("magicLinkRedirectTo")?.value ||
     "/" + context.params.lang
 
+  if (!env.PUBLIC_URL) {
+    throw internalServerError("No value for env.PUBLIC_URL")
+  }
+
   // Make relative URL to absolute URL
   if (redirectTo.startsWith("/")) {
-    if (!env.PUBLIC_URL) {
-      throw internalServerError("No value for env.PUBLIC_URL")
-    }
     redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
   }
 
@@ -33,12 +34,7 @@ export async function GET(
   const loginKey = request.nextUrl.searchParams.get("loginKey")
 
   if (!loginKey) {
-    if (!env.PUBLIC_URL) {
-      throw internalServerError("No value for env.PUBLIC_URL")
-    }
-    const publicUrl = new URL(env.PUBLIC_URL)
-    const loginUrl = login[context.params.lang]
-    return NextResponse.redirect(new URL(loginUrl, publicUrl))
+    return badRequest()
   }
 
   try {
@@ -58,7 +54,7 @@ export async function GET(
         ui_locales: context.params.lang,
         scope: ["openid", "profile"].join(" "),
         loginKey: loginKey,
-        for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "",
+        for_origin: env.PUBLIC_URL,
         acr_values: "abc",
         version: "2",
       }

auth.ts

@@ -191,19 +191,6 @@ export const config = {
       return token
     },
   },
-  cookies: {
-    // Specific cookie name required to reset callback url when login using
-    // Email verification link (Magic link) scenario
-    callbackUrl: {
-      name: `Scandic-auth.callback-url`,
-      options: {
-        sameSite: "lax",
-        path: "/",
-        secure: true,
-        maxAge: 900,
-      },
-    },
-  },
   // events: {
   //   async signIn() {
   //     console.log("#### SIGNIN EVENT ARGS ######")