feat: SW-158 Magic Link login support

app/[lang]/(live)/(public)/login/route.ts

@@ -96,6 +96,7 @@ export async function GET(
            */
           acr_values:
             "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web",
+          for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "",
         }
       : {
           ui_locales: context.params.lang,
@@ -110,7 +111,7 @@ export async function GET(
            * The `for_origin` param is used to make Curity email login functionality working.
            * Without the parameter Curity gives Internal Error issue for login with Email link.
            */
-          for_origin: env.PUBLIC_URL,
+          for_origin: env.PUBLIC_URL ? env.PUBLIC_URL : "",
         }
     const redirectUrl = await signIn(
       "curity",
@@ -122,6 +123,11 @@ export async function GET(
     )
 
     if (redirectUrl) {
+      // Remove nonce for User to be able to login via Magic Link, but normal login fails as nonce becomes absent in the token response
+      // if (redirectUrl.indexOf("nonce") != -1) {
+      //   redirectUrl = redirectUrl.replace(/nonce=.*&code_challenge=/gi, "&code_challenge=");
+      //   redirectUrl = redirectUrl.replace(/&nonce=.*/gi, "");
+      // }
       return NextResponse.redirect(redirectUrl, {
         headers: redirectHeaders,
       })

app/[lang]/(live)/(public)/verifymagiclink/route.ts

@@ -1,3 +1,4 @@
+import { encode } from "@auth/core/jwt"
 import { NextRequest, NextResponse } from "next/server"
 import { AuthError } from "next-auth"
 
@@ -6,7 +7,6 @@ import { env } from "@/env/server"
 import { internalServerError } from "@/server/errors/next"
 
 import { signIn } from "@/auth"
-// import { encode } from "@auth/core/jwt"
 
 export async function GET(
   request: NextRequest,
@@ -59,19 +59,26 @@ export async function GET(
 
     if (redirectUrl) {
       // Check if needed based on discussion with Curity support for custom nonce
-      // const token = { value };
+      const token = { value }
-      // const secret = env.NEXTAUTH_SECRET;
+      const secret = env.NEXTAUTH_SECRET
-      // const maxAge = 60 * 15;
+      const maxAge = 60 * 15
-      // const name = "authjs.nonce";
+      const name = "authjs.nonce"
-      // const testingCookie = await encode({ secret, maxAge, token, salt: name });
+      const testingCookie = await encode({ secret, maxAge, token, salt: name })
-      // console.log(testingCookie);
+      console.log(testingCookie)
-      // const expires = new Date();
+      const expires = new Date()
-      // expires.setTime(expires.getTime() + maxAge * 1000);
+      expires.setTime(expires.getTime() + maxAge * 1000)
-      // redirectHeaders.append(
+      redirectHeaders.append(
-      //   "set-cookie",
+        "set-cookie",
-      //   "authjs.nonce=" + testingCookie + "; Expires=" + expires + "; Path=/; HttpOnly; SameSite=Lax"
+        "authjs.nonce=" +
-      // )
+          testingCookie +
-      // redirectUrl = redirectUrl.replace(/nonce=.*&code_challenge=/gi, "nonce="+value+"&code_challenge=");
+          "; Expires=" +
+          expires +
+          "; Path=/; HttpOnly; SameSite=Lax"
+      )
+      redirectUrl = redirectUrl.replace(
+        /nonce=.*&code_challenge=/gi,
+        "nonce=" + value + "&code_challenge="
+      )
 
       return NextResponse.redirect(redirectUrl, {
         headers: redirectHeaders,