dc75ffb9e6
* wip: sso * feat: add ldap client and provider * feat: implement login form * feat: finish sso * fix: lint and format issue * chore: address pull request feedback * fix: build not working * fix: oidc is redirected to internal docker container hostname * fix: build not working * refactor: migrate to ldapts * fix: format and frozen lock file * fix: deepsource issues * fix: unit tests for ldap authorization not working * refactor: remove unnecessary args from dockerfile * chore: address pull request feedback * fix: use console instead of logger in auth env.mjs * fix: default value for auth provider of wrong type * fix: broken lock file * fix: format issue
38 lines
1.1 KiB
TypeScript
38 lines
1.1 KiB
TypeScript
import type { ReadonlyHeaders } from "next/dist/server/web/spec-extension/adapters/headers";
|
|
import type { OIDCConfig } from "next-auth/providers";
|
|
|
|
import { env } from "../../env.mjs";
|
|
import { createRedirectUri } from "../../redirect";
|
|
|
|
interface Profile {
|
|
sub: string;
|
|
name: string;
|
|
email: string;
|
|
groups: string[];
|
|
preferred_username: string;
|
|
email_verified: boolean;
|
|
}
|
|
|
|
export const OidcProvider = (headers: ReadonlyHeaders | null): OIDCConfig<Profile> => ({
|
|
id: "oidc",
|
|
name: env.AUTH_OIDC_CLIENT_NAME,
|
|
type: "oidc",
|
|
clientId: env.AUTH_OIDC_CLIENT_ID,
|
|
clientSecret: env.AUTH_OIDC_CLIENT_SECRET,
|
|
issuer: env.AUTH_OIDC_ISSUER,
|
|
authorization: {
|
|
params: {
|
|
scope: env.AUTH_OIDC_SCOPE_OVERWRITE,
|
|
redirect_uri: createRedirectUri(headers, "/api/auth/callback/oidc"),
|
|
},
|
|
},
|
|
profile(profile) {
|
|
return {
|
|
id: profile.sub,
|
|
// Use the name as the username if the preferred_username is an email address
|
|
name: profile.preferred_username.includes("@") ? profile.name : profile.preferred_username,
|
|
email: profile.email,
|
|
};
|
|
},
|
|
});
|