init

2026-06-18 11:02:31 +02:00
parent d00a5a42ac
commit 047e580da0
32 changed files with 735 additions and 189 deletions
--- a/auth.ts
+++ b/auth.ts
@@ -0,0 +1,34 @@
+import NextAuth from "next-auth";
+import Keycloak from "next-auth/providers/keycloak";
+
+export const { handlers, signIn, signOut, auth } = NextAuth({
+  providers: [
+    Keycloak({
+      clientId: process.env.KEYCLOAK_CLIENT_ID!,
+      clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
+      issuer: process.env.KEYCLOAK_ISSUER!,
+    }),
+  ],
+  callbacks: {
+    authorized({ auth }) {
+      return !!auth;
+    },
+    jwt({ token, account }) {
+      if (account) {
+        // providerAccountId = Keycloak sub UUID, guaranteed on every login
+        token.keycloakId = account.providerAccountId;
+        token.accessToken = account.access_token;
+        token.idToken = account.id_token;
+      }
+      return token;
+    },
+    session({ session, token }) {
+      session.user.id = (token.keycloakId ?? token.sub) as string;
+      session.idToken = token.idToken as string | undefined;
+      return session;
+    },
+  },
+  pages: {
+    signIn: "/login",
+  },
+});