scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
56ccce346ddcdc7cf4e50672620f74fdb4007030
web/auth.ts
Michael Zetterberg 7be4766c00 feat(WEB-132): add seamless login flow
2024-04-10 12:48:44 +02:00

151 lines
3.9 KiB
TypeScript
Raw Blame History

import NextAuth from "next-auth"
import { env } from "@/env/server"
import type { NextAuthConfig, User } from "next-auth"
import type { OIDCConfig } from "next-auth/providers"
const customProvider = {
clientId: env.CURITY_CLIENT_ID_USER,
clientSecret: env.CURITY_CLIENT_SECRET_USER,
id: "curity",
name: "Curity",
type: "oidc",
// FIXME: This is incorrect. We should not hard code this.
// It should be ${env.CURITY_ISSUER_USER}.
// This change requires sync between Curity deploy and CurrentWeb and NewWeb.
issuer: "https://scandichotels.com",
authorization: {
url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
params: {
scope: ["openid"],
/**
* The `acr_values` param is used to make Curity display the proper login
* page for Scandic. Without the parameter Curity presents some choices
* to the user which we do not want.
*/
acr_values: "acr",
},
},
token: {
url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`,
},
userinfo: {
url: `${env.CURITY_ISSUER_USER}/oauth/v2/userinfo`,
},
profile(profile) {
console.log({ profile })
return {
id: profile.id,
sub: profile.sub,
given_name: profile.given_name,
}
},
} satisfies OIDCConfig<User>
export const config = {
providers: [customProvider],
redirectProxyUrl: env.NEXTAUTH_REDIRECT_PROXY_URL,
trustHost: true,
session: {
strategy: "jwt",
},
callbacks: {
async signIn(...args) {
console.log("****** SIGN IN *******")
console.log(args)
console.log("****** END - SIGN IN *******")
return true
},
async session({ session, token, user }) {
console.log("****** SESSION *******")
console.log({ session })
console.log({ token })
console.log({ user })
console.log("****** END - SESSION *******")
if (session.user) {
return {
...session,
user: {
...session.user,
id: token.sub,
},
}
}
return session
},
async redirect({ baseUrl, url }) {
if (url.startsWith("/")) {
// Allows relative callback URLs
return `${baseUrl}${url}`
} else {
// Assume absolute URL
try {
const parsedUrl = new URL(url)
if (
/\.scandichotels\.(dk|de|com|fi|no|se)$/.test(parsedUrl.hostname)
) {
// Allows any subdomains on all top level domains above
return url
} else if (parsedUrl.origin === baseUrl) {
// Allows callback URLs on the same origin
return url
}
} catch (e) {
console.error(e)
}
}
return baseUrl
},
async authorized({ auth, request }) {
console.log("****** AUTHORIZED *******")
console.log({ auth })
console.log({ request })
console.log("****** END - AUTHORIZED *******")
return true
},
async jwt({ session, token, trigger }) {
console.log("****** JWT *******")
console.log({ session, token, trigger })
console.log("****** END - JWT *******")
return token
},
},
events: {
async signIn(...args) {
console.log("#### SIGNIN EVENT ARGS ######")
console.log(args)
console.log("#### END - SIGNIN EVENT ARGS ######")
},
async session(...args) {
console.log("#### SESSION EVENT ARGS ######")
console.log(args)
console.log("#### END - SESSION EVENT ARGS ######")
},
},
logger: {
error(code, ...message) {
console.info("ERROR LOGGER")
console.error(code, message)
},
warn(code, ...message) {
console.info("WARN LOGGER")
console.warn(code, message)
},
debug(code, ...message) {
console.info("DEBUG LOGGER")
console.debug(code, message)
},
},
} satisfies NextAuthConfig
export const {
handlers: { GET, POST },
auth,
signIn,
signOut,
} = NextAuth(config)
Reference in New Issue View Git Blame Copy Permalink