WorkClub Automation
49 lines
1.2 KiB
TypeScript
49 lines
1.2 KiB
TypeScript
import NextAuth from "next-auth"
|
|
import KeycloakProvider from "next-auth/providers/keycloak"
|
|
|
|
declare module "next-auth" {
|
|
interface Session {
|
|
user: {
|
|
id: string
|
|
name?: string | null
|
|
email?: string | null
|
|
image?: string | null
|
|
clubs?: Record<string, string>
|
|
}
|
|
accessToken?: string
|
|
}
|
|
|
|
interface JWT {
|
|
clubs?: Record<string, string>
|
|
accessToken?: string
|
|
}
|
|
}
|
|
|
|
export const { handlers, signIn, signOut, auth } = NextAuth({
|
|
providers: [
|
|
KeycloakProvider({
|
|
clientId: process.env.KEYCLOAK_CLIENT_ID!,
|
|
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
|
|
issuer: process.env.KEYCLOAK_ISSUER!,
|
|
})
|
|
],
|
|
callbacks: {
|
|
async jwt({ token, account }) {
|
|
if (account) {
|
|
// Add clubs claim from Keycloak access token
|
|
token.clubs = (account as Record<string, unknown>).clubs as Record<string, string> || {}
|
|
token.accessToken = account.access_token
|
|
}
|
|
return token
|
|
},
|
|
async session({ session, token }) {
|
|
// Expose clubs to client
|
|
if (session.user) {
|
|
session.user.clubs = token.clubs as Record<string, string> | undefined
|
|
}
|
|
session.accessToken = token.accessToken as string | undefined
|
|
return session
|
|
}
|
|
}
|
|
})
|