Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

46 refresh token #47

Merged
merged 9 commits into from
Nov 6, 2023
4 changes: 2 additions & 2 deletions .github/workflows/back-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,7 @@ permissions:
contents: read

jobs:
test:
name: Test
backend-tests:
runs-on: ubuntu-latest
steps:
- name: Check out code
Expand All @@ -31,6 +30,7 @@ jobs:

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
if: github.ref == 'refs/heads/main'
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: cover.out
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/docker-back.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
workflow_dispatch:

jobs:
ImageBuild:
BackImageBuild:
name: Build openchokin/back Custom Docker Image
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -62,7 +62,7 @@ jobs:
SucceessNotification:
if: ${{ success() }}
name: Send Success Message
needs: [ImageBuild]
needs: [BackImageBuild]
runs-on: ubuntu-latest
steps:
- name: Send Message to Slack
Expand All @@ -80,7 +80,7 @@ jobs:
FailureAlert:
if: ${{ failure() }}
name: Notify failure
needs: [ImageBuild]
needs: [BackImageBuild]
runs-on: ubuntu-latest
steps:
- name: Send Failure Alert to Slack
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/docker-front.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
workflow_dispatch:

jobs:
ImageBuild:
FrontImageBuild:
name: Build openchokin/front Docker Image
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -53,7 +53,7 @@ jobs:
SucceessNotification:
if: ${{ success() }}
name: Send Success Message
needs: [ImageBuild]
needs: [FrontImageBuild]
runs-on: ubuntu-latest
steps:
- name: Send Message to Slack
Expand All @@ -71,7 +71,7 @@ jobs:
FailureAlert:
if: ${{ failure() }}
name: Notify failure
needs: [ImageBuild]
needs: [FrontImageBuild]
runs-on: ubuntu-latest
steps:
- name: Send Failure Alert to Slack
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/front-test.yaml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
name: Frontend Tests
on:
pull_request:
workflow_dispatch:
pull_request:
jobs:
build:
frontend-buildtests:
runs-on: ubuntu-latest
steps:
- name: checkout
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
name: Lint
on:
pull_request:
workflow_dispatch:
pull_request:
jobs:
build:
frontend-lint:
runs-on: ubuntu-latest
steps:
- name: checkout
Expand Down
51 changes: 47 additions & 4 deletions front/src/app/api/auth/[...nextauth]/options.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ export const authOptions: NextAuthOptions = {
clientId: process.env.ZITADEL_CLIENT_ID as string,
clientSecret: process.env.ZITADEL_CLIENT_SECRET as string,
issuer: process.env.ZITADEL_URL,
authorization: { params: { scope: "openid email profile offline_access" } },
}),
],
callbacks: {
Expand All @@ -23,26 +24,68 @@ export const authOptions: NextAuthOptions = {
account?: any;
profile?: any;
isNewUser?: boolean;
session?: any;
}) => {
//console.log("JWT Callback token", token);
if (user) {
token.user = user;
const u = user as any;
token.role = u.role;
token.role = user.role;
}
if (account) {
token.accessToken = account.access_token;
token.refreshToken = account.refresh_token;
token.idToken = account.id_token;
token.expiresAt = account.expires_at;
}
else if (new Date() > new Date(token.expiresAt as number * 1000)) {
try {
const { id_token, refresh_token, expires_at } = await refreshIDToken(token.refreshToken as string);
token.idToken = id_token;
token.refreshToken = refresh_token;
token.expiresAt = expires_at;
console.log("Refreshed token");
} catch (e) {
console.error(e);
return { ...token, error: "RefreshAccessTokenError" as const }
}
}
//console.debug(token);
return token;
},
session: ({ session, token }: { token: JWT; session?: any }) => {
session.user.role = token.role;
session.user.idToken = token.idToken;
session.user.sub = token.sub;
//console.debug(session);
return session;
},
},
pages: {
signIn: '/signin',
},
};


const refreshIDToken = async (refreshToken: string) => {
const response = await fetch(`${process.env.ZITADEL_URL}/oauth/v2/token`, {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
body: new URLSearchParams({
grant_type: "refresh_token",
client_id: process.env.ZITADEL_CLIENT_ID as string,
client_secret: process.env.ZITADEL_CLIENT_SECRET as string,
refresh_token: refreshToken,
}),
});
const data = await response.json();
//console.log("Data:", data);
if (!response.ok) {
throw new Error(data.error_description || data.error || "Unknown error");
}

return {
id_token: data.id_token,
refresh_token: data.refresh_token,
expires_at: data.expires_at,
}
}
2 changes: 2 additions & 0 deletions front/src/app/next-auth.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ import { DefaultSession } from "next-auth";
declare module "next-auth" {
interface Session {
user: {
refreshToken?: string;
exiresAt?: Date
idToken?: string;
sub?: string;
} & DefaultSession["user"];
Expand Down