Skip to content
This repository has been archived by the owner on Dec 25, 2024. It is now read-only.

Commit

Permalink
Add refresh token functionality to NextAuth
Browse files Browse the repository at this point in the history
options
  • Loading branch information
walnuts1018 committed Nov 6, 2023
1 parent 362f0fb commit 64240ed
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 4 deletions.
48 changes: 44 additions & 4 deletions front/src/app/api/auth/[...nextauth]/options.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ export const authOptions: NextAuthOptions = {
clientId: process.env.ZITADEL_CLIENT_ID as string,
clientSecret: process.env.ZITADEL_CLIENT_SECRET as string,
issuer: process.env.ZITADEL_URL,
authorization: { params: { scope: "openid email profile offline_access" } },
}),
],
callbacks: {
Expand All @@ -23,26 +24,65 @@ export const authOptions: NextAuthOptions = {
account?: any;
profile?: any;
isNewUser?: boolean;
session?: any;
}) => {
if (user) {
token.user = user;
const u = user as any;
token.role = u.role;
token.role = user.role;
}
if (account) {
token.accessToken = account.access_token;
token.refreshToken = account.refresh_token;
token.idToken = account.id_token;
token.expiresAt = account.expires_at;
}
else if (new Date() > new Date(token.expiresAt as number * 1000)) {
try {
const { id_token, refresh_token, expires_at } = await refreshIDToken(token.refreshToken as string);
token.idToken = id_token;
token.refreshToken = refresh_token;
token.expiresAt = expires_at;
} catch (e) {
console.error(e);
return { ...token, error: "RefreshAccessTokenError" as const }
}
}
//console.debug(token);
return token;
},
session: ({ session, token }: { token: JWT; session?: any }) => {
session.user.role = token.role;
session.user.idToken = token.idToken;
session.user.sub = token.sub;
//console.debug(session);
return session;
},
},
pages: {
signIn: '/signin',
},
};


const refreshIDToken = async (refreshToken: string) => {
const response = await fetch(`${process.env.ZITADEL_URL}/oauth/v2/token`, {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
body: new URLSearchParams({
grant_type: "refresh_token",
client_id: process.env.ZITADEL_CLIENT_ID as string,
client_secret: process.env.ZITADEL_CLIENT_SECRET as string,
refresh_token: refreshToken,
}),
});
const data = await response.json();
if (!response.ok) {
throw new Error(data.error_description || "Unknown error");
}

return {
id_token: data.id_token,
refresh_token: data.refresh_token,
expires_at: data.expires_at,
}
}
2 changes: 2 additions & 0 deletions front/src/app/next-auth.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ import { DefaultSession } from "next-auth";
declare module "next-auth" {
interface Session {
user: {
refreshToken?: string;
exiresAt?: Date
idToken?: string;
sub?: string;
} & DefaultSession["user"];
Expand Down

0 comments on commit 64240ed

Please sign in to comment.