chore: improve oidc provider support

Adds fields to the Account model to support various pieces
of data returned by OIDC providers such as AzureAD and GitLab.

Additionally passes through the email verification status and handles
retrieving the email for providers such as AzureAD who use a different
claim instead.

packages/lib/next-auth/auth-options.ts

@@ -139,19 +139,24 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
     {
       id: 'oidc',
       name: 'OIDC',
+      type: 'oauth',
+
       wellKnown: process.env.NEXT_PRIVATE_OIDC_WELL_KNOWN,
       clientId: process.env.NEXT_PRIVATE_OIDC_CLIENT_ID,
       clientSecret: process.env.NEXT_PRIVATE_OIDC_CLIENT_SECRET,
+
       authorization: { params: { scope: 'openid email profile' } },
-      idToken: true,
       checks: ['pkce', 'state'],
-      type: 'oauth',
+
+      idToken: true,
       allowDangerousEmailAccountLinking: true,
+
       profile(profile) {
         return {
-          id: Number(profile.sub),
+          id: profile.sub,
-          email: profile.email,
+          email: profile.email || profile.preferred_username,
           name: profile.name || `${profile.given_name} ${profile.family_name}`.trim(),
+          emailVerified: profile.email_verified ? new Date().toISOString() : null,
         };
       },
     },

packages/prisma/migrations/20240530120101_add_missing_fields_to_account_model_for_oidc/migration.sql

@@ -0,0 +1,3 @@
+-- AlterTable
+ALTER TABLE "Account" ADD COLUMN     "created_at" INTEGER,
+ADD COLUMN     "ext_expires_in" INTEGER;

packages/prisma/schema.prisma

@@ -233,6 +233,10 @@ model Account {
   refresh_token     String? @db.Text
   access_token      String? @db.Text
   expires_at        Int?
+  // Some providers return created_at so we need to make it optional
+  created_at        Int?
+  // Stops next-auth from crashing when dealing with AzureAD
+  ext_expires_in    Int?
   token_type        String?
   scope             String?
   id_token          String? @db.Text