Merged in feat/curity-changes (pull request #1190)

Feat/curity changes

* Changed curity stuff

* Use env.var

* Merge branch 'master' into feat/curity-changes

* Merged master into feat/curity-changes

app/[lang]/(live)/(public)/login/route.ts

@@ -123,7 +123,7 @@ export async function GET(
        * page for Scandic. Without the parameter Curity presents some choices
        * to the user which we do not want.
        */
-      acr_values: "acr",
+      acr_values: "urn:com:scandichotels:scandic",
 
       /**
        * Both of the below two params are required to send for initiating login as well
@@ -142,10 +142,9 @@ export async function GET(
        * The below acr value is required as for New Web same Curity Client is used for MFA
        * while in current web it is being setup using different Curity Client
        */
-      params.acr_values =
+      params.acr_values = "urn:com:scandichotels:scandic-otp"
-        "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web"
     } else if (isSeamlessMagicLink) {
-      params.acr_values = "abc"
+      params.acr_values = "urn:com:scandichotels:scandic-email"
     }
     params.scope = params.scope.join(" ")
     /**

app/[lang]/(live)/(public)/verifymagiclink/route.ts

@@ -68,7 +68,7 @@ export async function GET(
         scope: ["openid", "profile"].join(" "),
         loginKey: loginKey,
         for_origin: publicURL,
-        acr_values: "abc",
+        acr_values: "urn:com:scandichotels:scandic-email",
         version: "2",
       }
     )

auth.ts

@@ -1,11 +1,10 @@
-import NextAuth from "next-auth"
+import NextAuth, { type NextAuthConfig, type User } from "next-auth"
 
 import { PRE_REFRESH_TIME_IN_SECONDS } from "@/constants/auth"
 import { env } from "@/env/server"
 
 import { LoginTypeEnum } from "./types/components/tracking"
 
-import type { NextAuthConfig, User } from "next-auth"
 import type { JWT } from "next-auth/jwt"
 import type { OIDCConfig } from "next-auth/providers"
 
@@ -85,10 +84,7 @@ const curityProvider = {
   type: "oidc",
   clientId: env.CURITY_CLIENT_ID_USER,
   clientSecret: env.CURITY_CLIENT_SECRET_USER,
-  // FIXME: This is incorrect. We should not hard code this.
+  issuer: env.CURITY_ISSUER_SERVICE,
-  //        It should be ${env.CURITY_ISSUER_USER}.
-  //        This change requires sync between Curity deploy and CurrentWeb and NewWeb.
-  issuer: "https://scandichotels.com",
   authorization: {
     url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
   },
@@ -170,9 +166,7 @@ export const config = {
     async jwt({ account, session, token, trigger, user, profile }) {
       const loginType = getLoginType(user)
       if (trigger === "signIn" && account) {
-        const mfa_scope =
+        const mfa_scope = profile?.amr == "urn:com:scandichotels:scandic-otp"
-          profile?.amr ==
-          "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web"
         const tokenExpiry = account.expires_at
           ? account.expires_at * 1000
           : undefined