From 3ac29ae9094e62a7491e7021d91420df6de4a612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi?= Date: Tue, 7 Jan 2025 10:49:08 +0100 Subject: [PATCH] feat: add OAUTH_SCOPES to environment types and update authOptions for dynamic scope handling --- .env.example | 3 ++- src/app/types/env.d.ts | 1 + src/app/types/next-auth.d.ts | 2 +- src/authOptions.ts | 11 ++++++----- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.env.example b/.env.example index 73f3013..6e2f324 100644 --- a/.env.example +++ b/.env.example @@ -9,4 +9,5 @@ OAUTH_ISSUER= OAUTH_AUTHORIZATION_URL= OAUTH_TOKEN_URL= OAUTH_USERINFO_URL= -OAUTH_JWKS_ENDPOINT= \ No newline at end of file +OAUTH_JWKS_ENDPOINT= +OAUTH_SCOPES="openid email profile offline_access" \ No newline at end of file diff --git a/src/app/types/env.d.ts b/src/app/types/env.d.ts index e33577d..6746c47 100644 --- a/src/app/types/env.d.ts +++ b/src/app/types/env.d.ts @@ -8,5 +8,6 @@ declare namespace NodeJS { OAUTH_USERINFO_URL: string; OAUTH_ISSUER: string; OAUTH_JWKS_ENDPOINT: string; + OAUTH_SCOPES: string; } } diff --git a/src/app/types/next-auth.d.ts b/src/app/types/next-auth.d.ts index f262b7a..bb658ee 100644 --- a/src/app/types/next-auth.d.ts +++ b/src/app/types/next-auth.d.ts @@ -56,7 +56,7 @@ declare module "next-auth/jwt" { accessToken: string; accessTokenExpires: Moment; refreshToken: string; - refreshTokenExpires: Moment; + refreshTokenExpires: Moment | undefined; error?: string; user: User | AdapterUser; } diff --git a/src/authOptions.ts b/src/authOptions.ts index 443b8b5..45b760e 100644 --- a/src/authOptions.ts +++ b/src/authOptions.ts @@ -18,7 +18,7 @@ export const authOptions: AuthOptions = { authorization: { url: process.env.OAUTH_AUTHORIZATION_URL, params: { - scope: "openid email profile", + scope: process.env.OAUTH_SCOPES, response_type: "code", }, }, @@ -49,10 +49,11 @@ export const authOptions: AuthOptions = { token.refreshToken = account.refresh_token; token.accessTokenExpires = moment.unix(account.expires_at); - token.refreshTokenExpires = moment().add( - account.refresh_expires_in, - "seconds", - ); + + token.refreshTokenExpires = + account.refresh_expires_in != 0 + ? moment().add(account.refresh_expires_in, "seconds") + : undefined; const accessTokenDecode = jsonwebtoken.decode( account.access_token,