Toogether/Webapp
2
0
Fork 0
Code Issues Pull Requests Actions Releases Activity
f9aef69cfa
Webapp/src/authOptions.ts

107 lines
2.7 KiB
TypeScript
Raw Normal View History

feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
import axios from "axios";
import moment from "moment";
feat: integrate openid well-known
2024-12-11 17:51:23 +00:00
import { AuthOptions, Session } from "next-auth";
feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
import { JWT } from "next-auth/jwt";
ref: remove comments, move authOptions, add somes Types
2024-11-24 17:22:28 +00:00
Refactor: Update moment locale to French in axios.ts and authOptions.ts
2024-12-13 13:42:34 +00:00
moment.locale("fr");
ref: remove comments, move authOptions, add somes Types
2024-11-24 17:22:28 +00:00
export const authOptions: AuthOptions = {
providers: [
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
{
feat: Auth implementation - Add Login & Logout page - Add middleware to protect pages - Add Header Server Side Component
2024-12-12 14:12:57 +00:00
id: "oauth",
name: process.env.OAUTH_PROVIDER_NAME,
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
type: "oauth",
clientId: process.env.OAUTH_CLIENT_ID,
clientSecret: process.env.OAUTH_CLIENT_SECRET,
authorization: {
url: process.env.OAUTH_AUTHORIZATION_URL,
params: {
feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
scope: "openid profile offline_access",
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
response_type: "code",
},
},
feat: integrate openid well-known
2024-12-11 17:51:23 +00:00
checks: ["pkce", "state"],
idToken: true,
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
token: process.env.OAUTH_TOKEN_URL,
userinfo: process.env.OAUTH_USERINFO_URL,
issuer: process.env.OAUTH_ISSUER,
jwks_endpoint: process.env.OAUTH_JWKS_ENDPOINT,
feat: integrate openid well-known
2024-12-11 17:51:23 +00:00
profile(profile: Session["user"]) {
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
return {
id: profile.sub || profile.id,
name:
feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
profile.name ||
profile.preferred_username ||
`${profile.given_name} ${profile.family_name}`,
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
};
},
},
ref: remove comments, move authOptions, add somes Types
2024-11-24 17:22:28 +00:00
],
callbacks: {
async jwt({ token, account, user }) {
feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
if (account && user) {
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
token.accessToken = account.access_token;
feat: Auth implementation - Add Login & Logout page - Add middleware to protect pages - Add Header Server Side Component
2024-12-12 14:12:57 +00:00
token.accessTokenExpires = moment(account.expires_at * 1000).subtract(5, "s");
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
token.refreshToken = account.refresh_token;
feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
token.user = user;
return token;
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
}
feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
if (moment().isBefore(moment(token.accessTokenExpires))) {
return token;
ref: remove comments, move authOptions, add somes Types
2024-11-24 17:22:28 +00:00
}
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
return refreshAccessToken(token);
ref: remove comments, move authOptions, add somes Types
2024-11-24 17:22:28 +00:00
},
async session({ session, token }) {
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
if (token) {
feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
session.user = token.user;
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
session.accessToken = token.accessToken;
feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
session.accessTokenExpires = token.accessTokenExpires;
session.error = token.error;
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
}
ref: remove comments, move authOptions, add somes Types
2024-11-24 17:22:28 +00:00
return session;
},
},
feat: Auth implementation - Add Login & Logout page - Add middleware to protect pages - Add Header Server Side Component
2024-12-12 14:12:57 +00:00
pages: {
signIn: "/auth/login",
signOut: "/auth/logout",
}
feat: switch to JWKS verification
2024-12-10 23:41:55 +00:00
};
feat: refresh token when access token has expired
2024-12-11 23:45:32 +00:00
const refreshAccessToken = async (token: JWT): Promise<JWT> => {
const response = await axios.post<{
access_token: string;
expires_in: number;
refresh_token: string;
error_description?: string;
}>(
process.env.OAUTH_TOKEN_URL,
{
grant_type: "refresh_token",
refresh_token: token.refreshToken,
client_id: process.env.OAUTH_CLIENT_ID,
client_secret: process.env.OAUTH_CLIENT_SECRET,
},
{
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
}
);
if (response.status != 200) {
throw new Error(
response.data.error_description || "Failed to refresh access token"
);
}
return {
...token,
accessToken: response.data.access_token,
accessTokenExpires: moment().add(response.data.expires_in, "seconds").subtract(5, "s"),
refreshToken: response.data.refresh_token,
};
};
Reference in New Issue Copy Permalink