feat: add oidc support

2025-11-15 01:01:49 +10:00 · 2024-04-13 20:46:08 -04:00
parent 80c758fb62
commit e0440fd8a2
12 changed files with 163 additions and 9 deletions
--- a/packages/lib/constants/auth.ts
+++ b/packages/lib/constants/auth.ts
@ -5,12 +5,19 @@ export const SALT_ROUNDS = 12;
 export const IDENTITY_PROVIDER_NAME: { [key in IdentityProvider]: string } = {
  [IdentityProvider.DOCUMENSO]: 'Documenso',
  [IdentityProvider.GOOGLE]: 'Google',
+  [IdentityProvider.OIDC]: 'OIDC',
 };

 export const IS_GOOGLE_SSO_ENABLED = Boolean(
  process.env.NEXT_PRIVATE_GOOGLE_CLIENT_ID && process.env.NEXT_PRIVATE_GOOGLE_CLIENT_SECRET,
 );

+export const IS_OIDC_SSO_ENABLED = Boolean(
+  process.env.NEXT_PRIVATE_OIDC_WELL_KNOWN &&
+    process.env.NEXT_PRIVATE_OIDC_CLIENT_ID &&
+    process.env.NEXT_PRIVATE_OIDC_CLIENT_SECRET,
+);
+
 export const USER_SECURITY_AUDIT_LOG_MAP: { [key in UserSecurityAuditLogType]: string } = {
  [UserSecurityAuditLogType.ACCOUNT_SSO_LINK]: 'Linked account to SSO',
  [UserSecurityAuditLogType.ACCOUNT_PROFILE_UPDATE]: 'Profile updated',
--- a/packages/lib/next-auth/auth-options.ts
+++ b/packages/lib/next-auth/auth-options.ts
@ -136,6 +136,25 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
        };
      },
    }),
+    {
+      id: 'oidc',
+      name: 'OIDC',
+      wellKnown: process.env.NEXT_PRIVATE_OIDC_WELL_KNOWN,
+      clientId: process.env.NEXT_PRIVATE_OIDC_CLIENT_ID,
+      clientSecret: process.env.NEXT_PRIVATE_OIDC_CLIENT_SECRET,
+      authorization: { params: { scope: 'openid email profile' } },
+      idToken: true,
+      checks: ['pkce', 'state'],
+      type: 'oauth',
+      allowDangerousEmailAccountLinking: true,
+      profile(profile) {
+        return {
+          id: Number(profile.sub),
+          email: profile.email,
+          name: profile.name || `${profile.given_name} ${profile.family_name}`.trim(),
+        };
+      },
+    },
    CredentialsProvider({
      id: 'webauthn',
      name: 'Keypass',