feat: SW-158 Updated new param loginKey and callback url support

app/[lang]/(live)/(public)/verifymagiclink/route.ts

@@ -1,4 +1,3 @@
-import { encode } from "@auth/core/jwt"
 import { NextRequest, NextResponse } from "next/server"
 import { AuthError } from "next-auth"
 
@@ -14,12 +13,10 @@ export async function GET(
 ) {
   let redirectHeaders: Headers | undefined = undefined
   let redirectTo: string
-  let value: string
+  let loginKey: string
 
   redirectTo =
-    request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware
+    request.cookies.get("Scandic-auth.callback-url")?.value || "/" // Cookie gets set by NextAuth from login initiation
-    request.nextUrl.searchParams.get("redirectTo") ||
-    "/"
 
   // Make relative URL to absolute URL
   if (redirectTo.startsWith("/")) {
@@ -29,13 +26,14 @@ export async function GET(
     redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
   }
 
-  // Clean up cookie from authRequired middleware
+  // Remove Seamless login as it doesn't work with Magic link login
-  redirectHeaders = new Headers()
+  if (redirectTo.indexOf("updatelogin?returnurl") !== -1) {
-  redirectHeaders.append(
+    // Additional URL decode required as url in the query parameter is encoded twice due to passed in query param and further in cookie value.
-    "set-cookie",
+    redirectTo = decodeURIComponent(
-    "redirectTo=; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Path=/; HttpOnly; SameSite=Lax"
+      redirectTo.substring(redirectTo.indexOf("returnurl") + 10)
-  )
+    )
-  value = "" + request.nextUrl.searchParams.get("nonce")?.toString()
+  }
+  loginKey = "" + request.nextUrl.searchParams.get("loginKey")?.toString()
 
   try {
     /**
@@ -50,39 +48,16 @@ export async function GET(
         redirectTo,
         redirect: false,
       },
-      [
+      {
-        ["ui_locales", context.params.lang],
+        ui_locales: context.params.lang,
-        ["nonce", value],
+        loginKey: loginKey,
-        ["acr_values", "cat"],
+        acr_values: "cat",
-      ]
+        prompt: "login",
+      }
     )
 
     if (redirectUrl) {
-      // Check if needed based on discussion with Curity support for custom nonce
+      return NextResponse.redirect(redirectUrl)
-      const token = { value }
-      const secret = env.NEXTAUTH_SECRET
-      const maxAge = 60 * 15
-      const name = "authjs.nonce"
-      const testingCookie = await encode({ secret, maxAge, token, salt: name })
-      console.log(testingCookie)
-      const expires = new Date()
-      expires.setTime(expires.getTime() + maxAge * 1000)
-      redirectHeaders.append(
-        "set-cookie",
-        "authjs.nonce=" +
-          testingCookie +
-          "; Expires=" +
-          expires +
-          "; Path=/; HttpOnly; SameSite=Lax"
-      )
-      redirectUrl = redirectUrl.replace(
-        /nonce=.*&code_challenge=/gi,
-        "nonce=" + value + "&code_challenge="
-      )
-
-      return NextResponse.redirect(redirectUrl, {
-        headers: redirectHeaders,
-      })
     }
   } catch (error) {
     if (error instanceof AuthError) {

auth.ts

@@ -95,7 +95,6 @@ const curityProvider = {
   authorization: {
     url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
   },
-  checks: ["pkce", "nonce"],
   token: {
     url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`,
   },
@@ -195,6 +194,17 @@ export const config = {
       return token
     },
   },
+  cookies: {
+    callbackUrl: {
+      name: `Scandic-auth.callback-url`,
+      options: {
+        sameSite: "lax",
+        path: "/",
+        secure: true,
+        maxAge: 900,
+      },
+    },
+  },
   // events: {
   //   async signIn() {
   //     console.log("#### SIGNIN EVENT ARGS ######")