import NextAuth from "next-auth" import { env } from "@/env/server" import type { NextAuthConfig, User } from "next-auth" import type { OIDCConfig } from "next-auth/providers" const customProvider = { clientId: env.CURITY_CLIENT_ID_USER, clientSecret: env.CURITY_CLIENT_SECRET_USER, id: "curity", name: "Curity", type: "oidc", // FIXME: This is incorrect. We should not hard code this. // It should be ${env.CURITY_ISSUER_USER}. // This change requires sync between Curity deploy and CurrentWeb and NewWeb. issuer: "https://scandichotels.com", authorization: { url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`, params: { scope: ["openid", "profile"].join(" "), /** * The `acr_values` param is used to make Curity display the proper login * page for Scandic. Without the parameter Curity presents some choices * to the user which we do not want. */ acr_values: "acr", }, }, token: { url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`, }, userinfo: { url: `${env.CURITY_ISSUER_USER}/oauth/v2/userinfo`, }, profile(profile) { console.log({ profile }) return { id: profile.id, sub: profile.sub, given_name: profile.given_name, } }, } satisfies OIDCConfig export const config = { debug: env.NEXTAUTH_DEBUG, providers: [customProvider], redirectProxyUrl: env.NEXTAUTH_REDIRECT_PROXY_URL, trustHost: true, session: { strategy: "jwt", }, callbacks: { async signIn() { console.log("****** SIGN IN *******") console.log(arguments) console.log("****** END - SIGN IN *******") return true }, async session({ session, token, user }) { console.log("****** SESSION *******") console.log({ session }) console.log({ token }) console.log({ user }) console.log("****** END - SESSION *******") if (session.user) { return { ...session, token, user: { ...session.user, id: token.sub, }, } } return session }, async redirect({ baseUrl, url }) { if (url.startsWith("/")) { // Allows relative callback URLs return `${baseUrl}${url}` } else { // Assume absolute URL try { const parsedUrl = new URL(url) if ( /\.scandichotels\.(dk|de|com|fi|no|se)$/.test(parsedUrl.hostname) ) { // Allows any subdomains on all top level domains above return url } else if (parsedUrl.origin === baseUrl) { // Allows callback URLs on the same origin return url } } catch (e) { console.error(e) } } return baseUrl }, async authorized({ auth, request }) { console.log("****** AUTHORIZED *******") console.log({ auth }) console.log({ request }) console.log("****** END - AUTHORIZED *******") return true }, async jwt({ session, token, trigger, account }) { console.log("****** JWT *******") console.log({ session, token, trigger, account }) console.log("****** END - JWT *******") if (account) { return { access_token: account.access_token, } } return token }, }, events: { async signIn() { console.log("#### SIGNIN EVENT ARGS ######") console.log(arguments) console.log("#### END - SIGNIN EVENT ARGS ######") }, async session() { console.log("#### SESSION EVENT ARGS ######") console.log(arguments) console.log("#### END - SESSION EVENT ARGS ######") }, }, logger: { error(code, ...message) { console.info("ERROR LOGGER") console.error(code, message) }, warn(code, ...message) { console.info("WARN LOGGER") console.warn(code, message) }, debug(code, ...message) { console.info("DEBUG LOGGER") console.debug(code, message) }, }, } satisfies NextAuthConfig export const { handlers: { GET, POST }, auth, signIn, signOut, } = NextAuth(config)