update Keycloak logout & fullLogout
This commit is contained in:
+141
-102
@@ -1,118 +1,157 @@
|
||||
// import CredentialsProvider from 'next-auth/providers/credentials'
|
||||
import KeycloakProvider from 'next-auth/providers/keycloak'
|
||||
import { NuxtAuthHandler, } from '#auth'
|
||||
import {timestampToDate} from "~/utils/helper"
|
||||
// import {session} from "next-auth/core/routes";
|
||||
// server/api/auth/[...].ts
|
||||
import KeycloakProvider from "next-auth/providers/keycloak";
|
||||
import CredentialsProvider from "next-auth/providers/credentials";
|
||||
import { NuxtAuthHandler } from "#auth";
|
||||
|
||||
export default NuxtAuthHandler({
|
||||
// TODO: SET A STRONG SECRET, SEE https://sidebase.io/nuxt-auth/configuration/nuxt-auth-handler#secret
|
||||
secret: 'my-auth-secret',
|
||||
secret: process.env.AUTH_SECRET || "my-auth-secret",
|
||||
// TODO: ADD YOUR OWN AUTHENTICATION PROVIDER HERE, READ THE DOCS FOR MORE: https://sidebase.io/nuxt-auth
|
||||
providers: [
|
||||
// @ts-expect-error You need to use .default here for it to work during SSR. May be fixed via Vite at some point
|
||||
KeycloakProvider.default({
|
||||
clientId: process.env.KEYCLOAK_ID,
|
||||
clientSecret: process.env.KEYCLOAK_SECRET,
|
||||
clientId: process.env.KEYCLOAK_CLIENT_ID,
|
||||
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET,
|
||||
issuer: process.env.KEYCLOAK_ISSUER,
|
||||
}),
|
||||
|
||||
// // @ts-expect-error You need to use .default here for it to work during SSR. May be fixed via Vite at some point
|
||||
// CredentialsProvider.default({
|
||||
// // The name to display on the sign in form (e.g. 'Sign in with...')
|
||||
// name: 'Credentials',
|
||||
// // The credentials is used to generate a suitable form on the sign in page.
|
||||
// // You can specify whatever fields you are expecting to be submitted.
|
||||
// // e.g. domain, username, password, 2FA token, etc.
|
||||
// // You can pass any HTML attribute to the <input> tag through the object.
|
||||
// credentials: {
|
||||
// username: { label: 'Username', type: 'text', placeholder: '(hint: jsmith)' },
|
||||
// password: { label: 'Password', type: 'password', placeholder: '(hint: hunter2)' }
|
||||
// },
|
||||
// authorize (credentials: any) {
|
||||
// console.warn('ATTENTION: You should replace this with your real providers or credential provider logic! The current setup is not safe')
|
||||
// // You need to provide your own logic here that takes the credentials
|
||||
// // submitted and returns either a object representing a user or value
|
||||
// // that is false/null if the credentials are invalid.
|
||||
// // NOTE: THE BELOW LOGIC IS NOT SAFE OR PROPER FOR AUTHENTICATION!
|
||||
|
||||
// const user = { id: '1', name: 'J Smith', username: 'jsmith', password: 'hunter2' }
|
||||
|
||||
// if (credentials?.username === user.username && credentials?.password === user.password) {
|
||||
// // Any object returned will be saved in `user` property of the JWT
|
||||
// return user
|
||||
// } else {
|
||||
// console.error('Warning: Malicious login attempt registered, bad credentials provided')
|
||||
|
||||
// // If you return null then an error will be displayed advising the user to check their details.
|
||||
// return null
|
||||
|
||||
// // You can also Reject this callback with an Error thus the user will be sent to the error page with the error message as a query parameter
|
||||
// }
|
||||
// }
|
||||
// })
|
||||
],
|
||||
callbacks: {
|
||||
async jwt({ token, account, user }: { token: any; user: any, account: any }) {
|
||||
try {
|
||||
if (account && account.access_token) {
|
||||
token.access_token_payload = JSON.parse(atob(account.access_token.split('.')[1]));
|
||||
token.jwt = account.access_token;
|
||||
}
|
||||
} catch (err) {
|
||||
console.error(err);
|
||||
}
|
||||
if (account) {
|
||||
token.id_token = account.id_token;
|
||||
token.refresh_token = account.refresh_token;
|
||||
token.expires_at = account.expires_at;
|
||||
token.scope = account.scope;
|
||||
}
|
||||
if (user) { token.user = user }
|
||||
return token
|
||||
},
|
||||
async session({ token,session }:{token:any, session:any}) {
|
||||
const user_payload=JSON.parse(atob(token.jwt.split('.')[1]));
|
||||
try {
|
||||
if (token && token.id_token) {
|
||||
// session.session_user_payload = user_payload;
|
||||
session.jwt = token.jwt;
|
||||
}
|
||||
} catch (err) {
|
||||
console.error(err);
|
||||
}
|
||||
if (token) {
|
||||
// session.id_token = token.id_token;
|
||||
session.refresh_token = token.refresh_token;
|
||||
// session.expires_at = token.expires_at;
|
||||
// session.scope = token.scope;
|
||||
session.isAuthenticated = true;
|
||||
session.user_payload = {
|
||||
userName:user_payload.preferred_username,
|
||||
typeUser:user_payload.type_user||user_payload.resource_access[user_payload.azp].roles[0],
|
||||
roleUser:user_payload.resource_access[user_payload.azp],
|
||||
userInfo:{
|
||||
id:user_payload.id,
|
||||
full_name:user_payload.name,
|
||||
givenName:user_payload.given_name,
|
||||
familyName:user_payload.family_name,
|
||||
email:user_payload.email,
|
||||
group:user_payload.group,
|
||||
},
|
||||
expires:{
|
||||
expires_at:token.expires_at,
|
||||
timestamps:new Date(token.expires_at),
|
||||
date:timestampToDate(token.expires_at,'id-ID'),
|
||||
}
|
||||
// authorization: {
|
||||
// params: {
|
||||
// redirect_uri:
|
||||
// "http://meninjar.dev.rssa.id:3000/api/auth/callback/keycloak",
|
||||
// },
|
||||
// },
|
||||
|
||||
profile(profile: any) {
|
||||
// Map Keycloak profile to user object
|
||||
return {
|
||||
id: profile.sub,
|
||||
name: profile.name,
|
||||
email: profile.email,
|
||||
image: profile.picture
|
||||
};
|
||||
}
|
||||
return session
|
||||
}
|
||||
},
|
||||
}),
|
||||
// @ts-expect-error You need to use .default here for it to work during SSR. May be fixed via Vite at some point
|
||||
CredentialsProvider.default({
|
||||
// The name to display on the sign in form (e.g. 'Sign in with...')
|
||||
name: "Credentials",
|
||||
// The credentials is used to generate a suitable form on the sign in page.
|
||||
// You can specify whatever fields you are expecting to be submitted.
|
||||
// e.g. domain, username, password, 2FA token, etc.
|
||||
// You can pass any HTML attribute to the <input> tag through the object.
|
||||
credentials: {
|
||||
username: {
|
||||
label: "Username",
|
||||
type: "text",
|
||||
placeholder: "(hint: jsmith)"
|
||||
},
|
||||
password: {
|
||||
label: "Password",
|
||||
type: "password",
|
||||
placeholder: "(hint: hunter2)"
|
||||
}
|
||||
},
|
||||
authorize(credentials: any) {
|
||||
console.warn(
|
||||
"ATTENTION: You should replace this with your real providers or credential provider logic! The current setup is not safe"
|
||||
);
|
||||
// You need to provide your own logic here that takes the credentials
|
||||
// submitted and returns either a object representing a user or value
|
||||
// that is false/null if the credentials are invalid.
|
||||
// NOTE: THE BELOW LOGIC IS NOT SAFE OR PROPER FOR AUTHENTICATION!
|
||||
|
||||
const user = {
|
||||
id: "1",
|
||||
name: "J Smith",
|
||||
username: "jsmith",
|
||||
password: "hunter2"
|
||||
};
|
||||
|
||||
if (
|
||||
credentials?.username === user.username &&
|
||||
credentials?.password === user.password
|
||||
) {
|
||||
// Any object returned will be saved in `user` property of the JWT
|
||||
return user;
|
||||
} else {
|
||||
console.error(
|
||||
"Warning: Malicious login attempt registered, bad credentials provided"
|
||||
);
|
||||
|
||||
// If you return null then an error will be displayed advising the user to check their details.
|
||||
return null;
|
||||
|
||||
// You can also Reject this callback with an Error thus the user will be sent to the error page with the error message as a query parameter
|
||||
}
|
||||
}
|
||||
})
|
||||
],
|
||||
pages: {
|
||||
signIn: '/auth/Login',
|
||||
// signOut: '/auth/logout',
|
||||
signIn: "/auth/login",
|
||||
signOut: "/auth/logout"
|
||||
// error: '/auth/error',
|
||||
// verifyRequest: '/auth/verify-request',
|
||||
// newUser: '/auth/new-user'
|
||||
},
|
||||
})
|
||||
callbacks: {
|
||||
async jwt({
|
||||
token,
|
||||
user,
|
||||
account
|
||||
}: {
|
||||
token: any;
|
||||
user: any;
|
||||
account: any;
|
||||
}) {
|
||||
try {
|
||||
// Parse access token if it exists
|
||||
if (account && account.access_token) {
|
||||
token.access_token_payload = JSON.parse(
|
||||
atob(account.access_token.split(".")[1])
|
||||
);
|
||||
token.jwt = account.access_token;
|
||||
}
|
||||
} catch (error) {
|
||||
console.error("Error parsing access token:", error);
|
||||
}
|
||||
|
||||
// Merge all relevant Keycloak response data into token
|
||||
if (account) {
|
||||
token.id_token = account.id_token;
|
||||
// Do not overwrite token.access_token after parsing
|
||||
// token.access_token = account.access_token;
|
||||
token.refresh_token = account.refresh_token;
|
||||
token.expires_at = account.expires_at;
|
||||
token.scope = account.scope;
|
||||
}
|
||||
|
||||
if (user) {
|
||||
token.user = user;
|
||||
}
|
||||
|
||||
return token;
|
||||
},
|
||||
async session({ session, token }: { session: any; token: any }) {
|
||||
try {
|
||||
// Include all relevant token data into session
|
||||
session.id_token = token.id_token;
|
||||
session.access_token = token.access_token;
|
||||
session.access_token_payload = token.access_token_payload;
|
||||
session.refresh_token = token.refresh_token;
|
||||
session.expires_at = token.expires_at;
|
||||
session.scope = token.scope;
|
||||
session.user = token.user;
|
||||
session.jwt = token.jwt;
|
||||
|
||||
return session;
|
||||
} catch (error) {
|
||||
console.error("Error in session callback:", error);
|
||||
return session;
|
||||
}
|
||||
},
|
||||
async redirect({ url, baseUrl }: { url: string; baseUrl: string }) {
|
||||
// Redirect to home page after login
|
||||
return baseUrl;
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user