Merged in feat/curity-changes (pull request #1190)

Feat/curity changes * Changed curity stuff * Use env.var * Merge branch 'master' into feat/curity-changes * Merged master into feat/curity-changes
2025-01-20 11:44:58 +00:00
parent 8a3314b6d5
commit 814b010569
3 changed files with 7 additions and 14 deletions
--- a/app/[lang]/(live)/(public)/login/route.ts
+++ b/app/[lang]/(live)/(public)/login/route.ts
@@ -123,7 +123,7 @@ export async function GET(
       * page for Scandic. Without the parameter Curity presents some choices
       * to the user which we do not want.
       */
-      acr_values: "acr",
+      acr_values: "urn:com:scandichotels:scandic",

      /**
       * Both of the below two params are required to send for initiating login as well
@@ -142,10 +142,9 @@ export async function GET(
       * The below acr value is required as for New Web same Curity Client is used for MFA
       * while in current web it is being setup using different Curity Client
       */
-      params.acr_values =
-        "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web"
+      params.acr_values = "urn:com:scandichotels:scandic-otp"
    } else if (isSeamlessMagicLink) {
-      params.acr_values = "abc"
+      params.acr_values = "urn:com:scandichotels:scandic-email"
    }
    params.scope = params.scope.join(" ")
    /**
--- a/app/[lang]/(live)/(public)/verifymagiclink/route.ts
+++ b/app/[lang]/(live)/(public)/verifymagiclink/route.ts
@@ -68,7 +68,7 @@ export async function GET(
        scope: ["openid", "profile"].join(" "),
        loginKey: loginKey,
        for_origin: publicURL,
-        acr_values: "abc",
+        acr_values: "urn:com:scandichotels:scandic-email",
        version: "2",
      }
    )
--- a/auth.ts
+++ b/auth.ts
@@ -1,11 +1,10 @@
-import NextAuth from "next-auth"
+import NextAuth, { type NextAuthConfig, type User } from "next-auth"

 import { PRE_REFRESH_TIME_IN_SECONDS } from "@/constants/auth"
 import { env } from "@/env/server"

 import { LoginTypeEnum } from "./types/components/tracking"

-import type { NextAuthConfig, User } from "next-auth"
 import type { JWT } from "next-auth/jwt"
 import type { OIDCConfig } from "next-auth/providers"

@@ -85,10 +84,7 @@ const curityProvider = {
  type: "oidc",
  clientId: env.CURITY_CLIENT_ID_USER,
  clientSecret: env.CURITY_CLIENT_SECRET_USER,
-  // FIXME: This is incorrect. We should not hard code this.
-  //        It should be ${env.CURITY_ISSUER_USER}.
-  //        This change requires sync between Curity deploy and CurrentWeb and NewWeb.
-  issuer: "https://scandichotels.com",
+  issuer: env.CURITY_ISSUER_SERVICE,
  authorization: {
    url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
  },
@@ -170,9 +166,7 @@ export const config = {
    async jwt({ account, session, token, trigger, user, profile }) {
      const loginType = getLoginType(user)
      if (trigger === "signIn" && account) {
-        const mfa_scope =
-          profile?.amr ==
-          "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web"
+        const mfa_scope = profile?.amr == "urn:com:scandichotels:scandic-otp"
        const tokenExpiry = account.expires_at
          ? account.expires_at * 1000
          : undefined