feat: SW-162 MFA for Profile implemented

auth.ts

@@ -1,3 +1,5 @@
+import { decode,encode } from "@auth/core/jwt"
+import { cookies } from "next/headers"
 import NextAuth from "next-auth"
 
 import { env } from "@/env/server"
@@ -55,6 +57,7 @@ const customProvider = {
       sub: profile.sub,
       given_name: profile.given_name,
       login_with: profile.login_with,
+      acr: profile.acr,
     }
   },
 } satisfies OIDCConfig<User>
@@ -114,6 +117,26 @@ export const config = {
       return true
     },
     async jwt({ account, session, token, trigger, user }) {
+      if (
+        user?.acr ==
+        "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web"
+      ) {
+        const cookieStore = cookies()
+        const value = token.access_token
+        const secret = env.NEXTAUTH_SECRET
+        const maxAge = 60 * 15
+        const name = "_SecureMFA-token"
+        const mfaCookie = await encode({
+          secret,
+          maxAge,
+          token: value,
+          salt: name,
+        })
+        cookieStore.set("_SecureMFA-token", mfaCookie.toString(), {
+          maxAge: maxAge,
+        })
+      }
+
       const loginType = getLoginType(user)
       if (account) {
         return {