35 lines
959 B
TypeScript
35 lines
959 B
TypeScript
import NextAuth from "next-auth";
|
|
import Keycloak from "next-auth/providers/keycloak";
|
|
|
|
export const { handlers, signIn, signOut, auth } = NextAuth({
|
|
providers: [
|
|
Keycloak({
|
|
clientId: process.env.KEYCLOAK_CLIENT_ID!,
|
|
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
|
|
issuer: process.env.KEYCLOAK_ISSUER!,
|
|
}),
|
|
],
|
|
callbacks: {
|
|
authorized({ auth }) {
|
|
return !!auth;
|
|
},
|
|
jwt({ token, account }) {
|
|
if (account) {
|
|
// providerAccountId = Keycloak sub UUID, guaranteed on every login
|
|
token.keycloakId = account.providerAccountId;
|
|
token.accessToken = account.access_token;
|
|
token.idToken = account.id_token;
|
|
}
|
|
return token;
|
|
},
|
|
session({ session, token }) {
|
|
session.user.id = (token.keycloakId ?? token.sub) as string;
|
|
session.idToken = token.idToken as string | undefined;
|
|
return session;
|
|
},
|
|
},
|
|
pages: {
|
|
signIn: "/login",
|
|
},
|
|
});
|