48 lines
1.3 KiB
TypeScript
48 lines
1.3 KiB
TypeScript
import NextAuth, { type NextAuthOptions } from "next-auth";
|
|
import type { OAuthConfig } from "next-auth/providers/oauth";
|
|
import {
|
|
getAuthMode,
|
|
getOidcProviderName,
|
|
getRequiredAuthSecret,
|
|
mapOidcProfile,
|
|
type OidcProfile,
|
|
} from "@/lib/auth-config";
|
|
|
|
const authMode = getAuthMode();
|
|
|
|
function oidcProvider(): OAuthConfig<OidcProfile> {
|
|
return {
|
|
id: "oidc",
|
|
name: getOidcProviderName(),
|
|
type: "oauth",
|
|
wellKnown: `${process.env.OIDC_ISSUER}/.well-known/openid-configuration`,
|
|
authorization: { params: { scope: "openid profile email" } },
|
|
checks: ["pkce", "state"],
|
|
clientId: process.env.OIDC_CLIENT_ID,
|
|
clientSecret: process.env.OIDC_CLIENT_SECRET,
|
|
idToken: true,
|
|
profile(profile) {
|
|
return mapOidcProfile(profile);
|
|
},
|
|
};
|
|
}
|
|
|
|
const authOptions: NextAuthOptions = {
|
|
providers: authMode.enabled ? [oidcProvider()] : [],
|
|
secret: authMode.enabled ? getRequiredAuthSecret() : "auth-disabled",
|
|
session: {
|
|
strategy: "jwt",
|
|
},
|
|
};
|
|
|
|
const handler = authMode.enabled
|
|
? NextAuth(authOptions)
|
|
: function authDisabled() {
|
|
return Response.json(
|
|
{ error: authMode.error ?? "OIDC authentication is not configured." },
|
|
{ status: authMode.error ? 500 : 404 }
|
|
);
|
|
};
|
|
|
|
export { handler as GET, handler as POST };
|