diff --git a/packages/lib/next-auth/auth-options.ts b/packages/lib/next-auth/auth-options.ts index e05fae573..107548e9b 100644 --- a/packages/lib/next-auth/auth-options.ts +++ b/packages/lib/next-auth/auth-options.ts @@ -139,19 +139,24 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = { { id: 'oidc', name: 'OIDC', + type: 'oauth', + wellKnown: process.env.NEXT_PRIVATE_OIDC_WELL_KNOWN, clientId: process.env.NEXT_PRIVATE_OIDC_CLIENT_ID, clientSecret: process.env.NEXT_PRIVATE_OIDC_CLIENT_SECRET, + authorization: { params: { scope: 'openid email profile' } }, - idToken: true, checks: ['pkce', 'state'], - type: 'oauth', + + idToken: true, allowDangerousEmailAccountLinking: true, + profile(profile) { return { - id: Number(profile.sub), - email: profile.email, + id: profile.sub, + email: profile.email || profile.preferred_username, name: profile.name || `${profile.given_name} ${profile.family_name}`.trim(), + emailVerified: profile.email_verified ? new Date().toISOString() : null, }; }, }, diff --git a/packages/prisma/migrations/20240530120101_add_missing_fields_to_account_model_for_oidc/migration.sql b/packages/prisma/migrations/20240530120101_add_missing_fields_to_account_model_for_oidc/migration.sql new file mode 100644 index 000000000..6d7bc841a --- /dev/null +++ b/packages/prisma/migrations/20240530120101_add_missing_fields_to_account_model_for_oidc/migration.sql @@ -0,0 +1,3 @@ +-- AlterTable +ALTER TABLE "Account" ADD COLUMN "created_at" INTEGER, +ADD COLUMN "ext_expires_in" INTEGER; diff --git a/packages/prisma/schema.prisma b/packages/prisma/schema.prisma index f9902ab35..908bb10c1 100644 --- a/packages/prisma/schema.prisma +++ b/packages/prisma/schema.prisma @@ -233,6 +233,10 @@ model Account { refresh_token String? @db.Text access_token String? @db.Text expires_at Int? + // Some providers return created_at so we need to make it optional + created_at Int? + // Stops next-auth from crashing when dealing with AzureAD + ext_expires_in Int? token_type String? scope String? id_token String? @db.Text