fix: add oidc env variables

2025-11-10 04:22:32 +10:00 · 2025-02-14 18:11:54 +11:00
parent 180656978b
commit df8ea09021
5 changed files with 4 additions and 6 deletions
--- a/.env.example
+++ b/.env.example
@ -18,9 +18,6 @@ NEXT_PRIVATE_OIDC_WELL_KNOWN=""
 NEXT_PRIVATE_OIDC_CLIENT_ID=""
 NEXT_PRIVATE_OIDC_CLIENT_SECRET=""
 NEXT_PRIVATE_OIDC_PROVIDER_LABEL="OIDC"
-# This can be used to still allow signups for OIDC connections
-# when signup is disabled via `NEXT_PUBLIC_DISABLE_SIGNUP`
-NEXT_PRIVATE_OIDC_ALLOW_SIGNUP=""
 NEXT_PRIVATE_OIDC_SKIP_VERIFY=""

 # [[URLS]]
--- a/packages/auth/server/config.ts
+++ b/packages/auth/server/config.ts
@ -8,6 +8,7 @@ export type OAuthClientOptions = {
  clientSecret: string;
  wellKnownUrl: string;
  redirectUrl: string;
+  bypassEmailVerification?: boolean;
 };

 export const GoogleAuthOptions: OAuthClientOptions = {
@ -17,6 +18,7 @@ export const GoogleAuthOptions: OAuthClientOptions = {
  clientSecret: env('NEXT_PRIVATE_GOOGLE_CLIENT_SECRET') ?? '',
  redirectUrl: `${NEXT_PUBLIC_WEBAPP_URL()}/api/auth/callback/google`,
  wellKnownUrl: 'https://accounts.google.com/.well-known/openid-configuration',
+  bypassEmailVerification: false,
 };

 export const OidcAuthOptions: OAuthClientOptions = {
@ -26,4 +28,5 @@ export const OidcAuthOptions: OAuthClientOptions = {
  clientSecret: env('NEXT_PRIVATE_OIDC_CLIENT_SECRET') ?? '',
  redirectUrl: `${NEXT_PUBLIC_WEBAPP_URL()}/api/auth/callback/oidc`,
  wellKnownUrl: env('NEXT_PRIVATE_OIDC_WELL_KNOWN') ?? '',
+  bypassEmailVerification: env('NEXT_PRIVATE_OIDC_SKIP_VERIFY') === 'true',
 };
--- a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
+++ b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts
@ -79,7 +79,7 @@ export const handleOAuthCallbackUrl = async (options: HandleOAuthCallbackUrlOpti
    });
  }

-  if (claims.email_verified !== true) {
+  if (claims.email_verified !== true && !clientOptions.bypassEmailVerification) {
    throw new AppError(AuthenticationErrorCode.UnverifiedEmail, {
      message: 'Account email is not verified',
    });
--- a/packages/tsconfig/process-env.d.ts
+++ b/packages/tsconfig/process-env.d.ts
@ -10,7 +10,6 @@ declare namespace NodeJS {
    NEXT_PRIVATE_OIDC_CLIENT_ID?: string;
    NEXT_PRIVATE_OIDC_CLIENT_SECRET?: string;
    NEXT_PRIVATE_OIDC_PROVIDER_LABEL?: string;
-    NEXT_PRIVATE_OIDC_ALLOW_SIGNUP?: string;
    NEXT_PRIVATE_OIDC_SKIP_VERIFY?: string;

    NEXT_PRIVATE_DATABASE_URL: string;
--- a/turbo.json
+++ b/turbo.json
@ -65,7 +65,6 @@
    "NEXT_PRIVATE_OIDC_CLIENT_ID",
    "NEXT_PRIVATE_OIDC_CLIENT_SECRET",
    "NEXT_PRIVATE_OIDC_PROVIDER_LABEL",
-    "NEXT_PRIVATE_OIDC_ALLOW_SIGNUP",
    "NEXT_PRIVATE_OIDC_SKIP_VERIFY",
    "NEXT_PUBLIC_UPLOAD_TRANSPORT",
    "NEXT_PRIVATE_UPLOAD_ENDPOINT",