80 lines
2.7 KiB
TypeScript
80 lines
2.7 KiB
TypeScript
import NextAuth, { NextAuthOptions } from "next-auth";
|
|
import KeycloakProvider from "next-auth/providers/keycloak";
|
|
|
|
export const authOptions: NextAuthOptions = {
|
|
providers: [
|
|
KeycloakProvider({
|
|
clientId: process.env.KEYCLOAK_CLIENT_ID!,
|
|
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
|
|
issuer: process.env.KEYCLOAK_ISSUER!,
|
|
// Personnalisation de la fonction profile pour inclure le rôle de Keycloak
|
|
profile(profileData) {
|
|
return {
|
|
id: profileData.sub,
|
|
first_name: profileData.given_name,
|
|
last_name: profileData.family_name,
|
|
username: profileData.preferred_username,
|
|
email: profileData.email,
|
|
role: profileData.realm_roles,
|
|
};
|
|
},
|
|
}),
|
|
],
|
|
callbacks: {
|
|
async jwt({ token, account, profile }) {
|
|
console.log("Token", token);
|
|
console.log("Account", account);
|
|
console.log("Profile", profile);
|
|
// Au moment de la première connexion, sauvegarde de l'access token et du rôle dans le JWT
|
|
if (account && profile) {
|
|
token.accessToken = account.access_token;
|
|
token.refreshToken = account.refresh_token;
|
|
token.first_name = profile.given_name;
|
|
token.last_name = profile.family_name;
|
|
token.username = profile.preferred_username;
|
|
token.role = profile.realm_roles;
|
|
}
|
|
return token;
|
|
},
|
|
async session({ session, token }) {
|
|
// On injecte l'access token et le rôle dans la session accessible côté client
|
|
session.accessToken = token.accessToken as string;
|
|
session.user.first_name = token.first_name as string;
|
|
session.user.last_name = token.last_name as string;
|
|
session.user.username = token.username as string;
|
|
session.user.role = token.role as string[];
|
|
return session;
|
|
},
|
|
},
|
|
session: {
|
|
strategy: "jwt",
|
|
},
|
|
events: {
|
|
async signOut({ token }) {
|
|
try {
|
|
console.log("Déconnexion Keycloak");
|
|
console.log("Token", token);
|
|
const issuerUrl = process.env.KEYCLOAK_ISSUER!;
|
|
const logoutUrl = `${issuerUrl}/protocol/openid-connect/logout`;
|
|
await fetch(logoutUrl, {
|
|
method: "POST",
|
|
headers: {
|
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
},
|
|
body: new URLSearchParams({
|
|
client_id: process.env.KEYCLOAK_CLIENT_ID!,
|
|
client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
|
|
refresh_token: token.refreshToken as string,
|
|
}),
|
|
});
|
|
} catch (error) {
|
|
console.error("Erreur lors de la déconnexion Keycloak:", error);
|
|
}
|
|
},
|
|
},
|
|
};
|
|
|
|
const handler = NextAuth(authOptions);
|
|
|
|
export { handler as GET, handler as POST };
|