35 lines
1.2 KiB
TypeScript
35 lines
1.2 KiB
TypeScript
import NextAuth from "next-auth"
|
|
import ZITADEL from "next-auth/providers/zitadel"
|
|
|
|
export const { handlers, auth, signIn, signOut } = NextAuth({
|
|
trustHost: true,
|
|
providers: [
|
|
ZITADEL({
|
|
clientId: process.env.ZITADEL_CLIENT_ID!,
|
|
clientSecret: process.env.ZITADEL_CLIENT_SECRET!,
|
|
issuer: process.env.ZITADEL_ISSUER,
|
|
}),
|
|
],
|
|
callbacks: {
|
|
async jwt({ token, account }) {
|
|
// account is only present on the initial sign-in
|
|
if (account?.access_token) {
|
|
const res = await fetch(
|
|
`${process.env.ZITADEL_ISSUER}/oidc/v1/userinfo`,
|
|
{ headers: { Authorization: `Bearer ${account.access_token}` } }
|
|
)
|
|
const userinfo = await res.json()
|
|
console.log("[auth] ZITADEL userinfo:", JSON.stringify(userinfo, null, 2))
|
|
const fullName = userinfo.given_name || userinfo.family_name
|
|
? [userinfo.given_name, userinfo.family_name].filter(Boolean).join(" ")
|
|
: null
|
|
token.name = userinfo.name || fullName || userinfo.preferred_username || userinfo.email || token.name
|
|
}
|
|
return token
|
|
},
|
|
session({ session, token }) {
|
|
if (token.name) session.user.name = token.name as string
|
|
return session
|
|
},
|
|
},
|
|
})
|