-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth.ts
72 lines (66 loc) · 2.11 KB
/
auth.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import NextAuth from "next-auth"
import "next-auth/jwt"
import { createStorage } from "unstorage"
import memoryDriver from "unstorage/drivers/memory"
import { UnstorageAdapter } from "@auth/unstorage-adapter"
import MicrosoftEntraID from "next-auth/providers/microsoft-entra-id"
const storage = createStorage({
driver: memoryDriver(),
})
export const { handlers, auth, signIn, signOut } = NextAuth({
debug: !!process.env.AUTH_DEBUG,
theme: { logo: "https://authjs.dev/img/logo-sm.png" },
adapter: UnstorageAdapter(storage),
providers: [
MicrosoftEntraID({
clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID ?? '',
clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET ?? '',
//tenantId: process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID ?? '',
issuer: process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID,
authorization: {
url: process.env.AUTH_MICROSOFT_ENTRA_ID_AUTHORIZATION_URL,
params: {
// prompt: 'select_account',
prompt: 'consent',
// scope: 'openid profile email',
// response_type: 'id_token',
// response_mode: 'form_post',
// maxAge: 60,
// grant_type: "authorization_code",
},
},
token: { url: process.env.AUTH_MICROSOFT_ENTRA_ID_TOKEN_URL },
}),
],
// basePath: "/auth",
session: { strategy: "jwt" },
callbacks: {
authorized({ request, auth }) {
const { pathname } = request.nextUrl
if (pathname === "/middleware-example") return !!auth
return true
},
jwt({ token, trigger, session, account }) {
if (trigger === "update") token.name = session.user.name
if (account?.provider === "keycloak") {
return { ...token, accessToken: account.access_token }
}
return token
},
async session({ session, token }) {
if (token?.accessToken) session.accessToken = token.accessToken
return session
},
},
experimental: { enableWebAuthn: true },
})
declare module "next-auth" {
interface Session {
accessToken?: string
}
}
declare module "next-auth/jwt" {
interface JWT {
accessToken?: string
}
}