123 lines
3.1 KiB
TypeScript
123 lines
3.1 KiB
TypeScript
import NextAuth from "next-auth"
|
|
|
|
import { env } from "@/env/server"
|
|
|
|
import type { NextAuthConfig, User } from "next-auth"
|
|
import type { OIDCConfig } from "next-auth/providers"
|
|
|
|
const customProvider = {
|
|
clientId: env.CURITY_CLIENT_ID_USER,
|
|
clientSecret: env.CURITY_CLIENT_SECRET_USER,
|
|
id: "curity",
|
|
name: "Curity",
|
|
type: "oidc",
|
|
// FIXME: This is incorrect. We should not hard code this.
|
|
// It should be ${env.CURITY_ISSUER_USER}.
|
|
// This change requires sync between Curity deploy and CurrentWeb and NewWeb.
|
|
issuer: "https://scandichotels.com",
|
|
authorization: {
|
|
url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
|
|
params: {
|
|
scope: ["openid"],
|
|
},
|
|
},
|
|
token: {
|
|
url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`,
|
|
},
|
|
userinfo: {
|
|
url: `${env.CURITY_ISSUER_USER}/oauth/v2/userinfo`,
|
|
},
|
|
|
|
profile(profile) {
|
|
console.log({ profile })
|
|
return {
|
|
id: profile.id,
|
|
sub: profile.sub,
|
|
given_name: profile.given_name,
|
|
}
|
|
},
|
|
} satisfies OIDCConfig<User>
|
|
|
|
export const config = {
|
|
// basePath: "/api/auth",
|
|
// pages: {
|
|
// signIn: "/auth/login",
|
|
// },
|
|
providers: [customProvider],
|
|
redirectProxyUrl: env.NEXTAUTH_REDIRECT_PROXY_URL,
|
|
trustHost: true,
|
|
|
|
session: {
|
|
strategy: "jwt",
|
|
},
|
|
callbacks: {
|
|
async signIn(...args) {
|
|
console.log("****** SIGN IN *******")
|
|
console.log(args)
|
|
return true
|
|
},
|
|
async session(...args) {
|
|
console.log("****** SESSION *******")
|
|
console.log(args)
|
|
return args[0].session
|
|
},
|
|
async redirect({ baseUrl, url }) {
|
|
console.log("****** REDIRECT *******")
|
|
console.log({ url })
|
|
console.log({ baseUrl })
|
|
// Allows relative callback URLs
|
|
if (url.startsWith("/")) {
|
|
return `${baseUrl}${url}`
|
|
} else if (new URL(url).origin === baseUrl) {
|
|
// Allows callback URLs on the same origin
|
|
return url
|
|
}
|
|
return baseUrl
|
|
},
|
|
async authorized({ auth, request }) {
|
|
console.log("****** AUTHORIZED *******")
|
|
console.log({ request, auth })
|
|
// const { pathname } = request.nextUrl
|
|
// if (pathname === "/middleware-example") return !!auth
|
|
return true
|
|
},
|
|
async jwt({ session, token, trigger }) {
|
|
console.log("****** JWT *******")
|
|
// if (trigger === "update") token.name = session.user.name
|
|
console.log({ token, trigger, session })
|
|
return token
|
|
},
|
|
},
|
|
events: {
|
|
async signIn(...args) {
|
|
console.log("#### SIGNIN EVENT ARGS ######")
|
|
console.log(args)
|
|
},
|
|
async session(...args) {
|
|
console.log("#### SESSION EVENT ARGS ######")
|
|
console.log(args)
|
|
},
|
|
},
|
|
logger: {
|
|
error(code, ...message) {
|
|
console.info("ERROR LOGGER")
|
|
console.error(code, message)
|
|
},
|
|
warn(code, ...message) {
|
|
console.info("WARN LOGGER")
|
|
console.warn(code, message)
|
|
},
|
|
debug(code, ...message) {
|
|
console.info("DEBUG LOGGER")
|
|
console.debug(code, message)
|
|
},
|
|
},
|
|
} satisfies NextAuthConfig
|
|
|
|
export const {
|
|
handlers: { GET, POST },
|
|
auth,
|
|
signIn,
|
|
signOut,
|
|
} = NextAuth(config)
|