schnabu/web
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
web/auth.ts

86 lines
2.6 KiB
TypeScript
Raw Normal View History

Readd access token to session
2024-05-19 22:00:24 +02:00
import NextAuth from "next-auth";
Init AuthJS
2024-05-19 00:00:55 +02:00
import Authentik from "next-auth/providers/authentik";
Add PrismaORM preparation for access_token refresh, since JWT cookies cannot be refreshed from the server side
2024-05-19 18:08:47 +02:00
import { PrismaAdapter } from "@auth/prisma-adapter"
import { PrismaClient } from "@prisma/client"
Enable token refresh
2024-05-19 21:34:55 +02:00
import { JWT } from "next-auth/jwt"
Add PrismaORM preparation for access_token refresh, since JWT cookies cannot be refreshed from the server side
2024-05-19 18:08:47 +02:00
const prisma = new PrismaClient()
Init AuthJS
2024-05-19 00:00:55 +02:00
declare module "next-auth" {
Enable token refresh
2024-05-19 21:34:55 +02:00
interface Session {
access_token: string | undefined;
error?: "RefreshAccessTokenError"
}
Init AuthJS
2024-05-19 00:00:55 +02:00
}
Enable token refresh
2024-05-19 21:34:55 +02:00
declare module "next-auth/jwt" {
interface JWT {
access_token: string
expires_at: number
refresh_token: string
error?: "RefreshAccessTokenError"
}
}
Init AuthJS
2024-05-19 00:00:55 +02:00
export const { handlers, auth, signIn, signOut } = NextAuth({
Enable token refresh
2024-05-19 21:34:55 +02:00
adapter: PrismaAdapter(prisma),
providers: [Authentik({
clientId: process.env.AUTH_OIDC_CLIENT_ID,
clientSecret: process.env.AUTH_OIDC_CLIENT_SECRET,
issuer: process.env.AUTH_OIDC_ISSUER,
authorization: { params: { scope: 'openid profile email offline_access' } },
})],
callbacks: {
async session({ session, user }) {
const [authentikAccount] = await prisma.account.findMany({
where: { userId: user.id, provider: "authentik" },
})
Use right access token in session after refresh previously the old token was still being used in the session even though a new one has been saved in the database
2024-05-19 22:26:43 +02:00
let newAccessToken;
Enable token refresh
2024-05-19 21:34:55 +02:00
Readd access token to session
2024-05-19 22:00:24 +02:00
if (!authentikAccount.expires_at || !authentikAccount.refresh_token) {
throw "Expiry time or refresh token not set";
}
Enable token refresh
2024-05-19 21:34:55 +02:00
if (authentikAccount.expires_at * 1000 < Date.now()) {
console.info("refreshing token");
try {
const response = await fetch(process.env.AUTH_OIDC_TOKEN_URL!, {
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: new URLSearchParams({
client_id: process.env.AUTH_OIDC_CLIENT_ID!,
client_secret: process.env.AUTH_OIDC_CLIENT_SECRET!,
grant_type: "refresh_token",
refresh_token: authentikAccount.refresh_token,
}),
method: "POST",
})
Add PrismaORM preparation for access_token refresh, since JWT cookies cannot be refreshed from the server side
2024-05-19 18:08:47 +02:00
Enable token refresh
2024-05-19 21:34:55 +02:00
const tokens = await response.json()
Add PrismaORM preparation for access_token refresh, since JWT cookies cannot be refreshed from the server side
2024-05-19 18:08:47 +02:00
Enable token refresh
2024-05-19 21:34:55 +02:00
if (!response.ok) throw tokens
Use right access token in session after refresh previously the old token was still being used in the session even though a new one has been saved in the database
2024-05-19 22:26:43 +02:00
newAccessToken = tokens.access_token;
Enable token refresh
2024-05-19 21:34:55 +02:00
await prisma.account.update({
data: {
access_token: tokens.access_token,
expires_at: Math.floor(Date.now() / 1000 + tokens.expires_in),
refresh_token:
tokens.refresh_token ?? authentikAccount.refresh_token,
},
where: {
provider_providerAccountId: {
provider: "authentik",
providerAccountId: authentikAccount.providerAccountId,
},
},
})
} catch (error) {
console.error("Error refreshing access token", error)
// The error property will be used client-side to handle the refresh token error
session.error = "RefreshAccessTokenError"
}
}
Use right access token in session after refresh previously the old token was still being used in the session even though a new one has been saved in the database
2024-05-19 22:26:43 +02:00
return { ...session, access_token: newAccessToken ?? authentikAccount.access_token }
Enable token refresh
2024-05-19 21:34:55 +02:00
}
}
Init AuthJS
2024-05-19 00:00:55 +02:00
});
Reference in a new issue Copy permalink