changes: unified front claim with local login and SSO
This commit is contained in:
@@ -6,6 +6,8 @@
|
||||
import NextAuth from 'next-auth';
|
||||
import type { NextAuthConfig } from 'next-auth';
|
||||
import Credentials from 'next-auth/providers/credentials';
|
||||
import { postApiTokenauthAuthenticate } from '@/api/hooks/usePostApiTokenauthAuthenticate';
|
||||
import { getApiServicesAppSessionGetcurrentlogininformations } from '@/api/hooks/useGetApiServicesAppSessionGetcurrentlogininformations';
|
||||
|
||||
export const authConfig: NextAuthConfig = {
|
||||
providers: [
|
||||
@@ -18,9 +20,32 @@ export const authConfig: NextAuthConfig = {
|
||||
password: { label: 'Password', type: 'password' }
|
||||
},
|
||||
async authorize(credentials) {
|
||||
// This is handled in the custom-sign-in-form.tsx component
|
||||
// using the ASP.NET Boilerplate backend API
|
||||
return null;
|
||||
if (!credentials?.userNameOrEmailAddress || !credentials?.password) {
|
||||
return null;
|
||||
}
|
||||
|
||||
try {
|
||||
// Call ASP.NET Boilerplate authentication endpoint
|
||||
const result = await postApiTokenauthAuthenticate({
|
||||
userNameOrEmailAddress: credentials.userNameOrEmailAddress as string,
|
||||
password: credentials.password as string,
|
||||
rememberClient: false
|
||||
});
|
||||
|
||||
// Check if authentication was successful
|
||||
if (result?.accessToken && result?.userId) {
|
||||
return {
|
||||
id: result.userId.toString(),
|
||||
accessToken: result.accessToken,
|
||||
expireInSeconds: result.expireInSeconds,
|
||||
};
|
||||
}
|
||||
|
||||
return null;
|
||||
} catch (error) {
|
||||
console.error('Authentication error:', error);
|
||||
return null;
|
||||
}
|
||||
},
|
||||
}),
|
||||
// Authentik OIDC Provider (from environment variables)
|
||||
@@ -44,6 +69,48 @@ export const authConfig: NextAuthConfig = {
|
||||
signIn: '/auth/sign-in',
|
||||
},
|
||||
callbacks: {
|
||||
async jwt({ token, user, account }) {
|
||||
// Initial sign in - store backend access token and fetch user info
|
||||
if (user) {
|
||||
token.accessToken = (user as any).accessToken;
|
||||
token.userId = user.id;
|
||||
token.expireInSeconds = (user as any).expireInSeconds;
|
||||
|
||||
// Fetch complete user information from backend
|
||||
try {
|
||||
const userInfo = await getApiServicesAppSessionGetcurrentlogininformations({
|
||||
headers: {
|
||||
Authorization: `Bearer ${(user as any).accessToken}`
|
||||
}
|
||||
});
|
||||
|
||||
if (userInfo?.user) {
|
||||
token.name = userInfo.user.name || '';
|
||||
token.surname = userInfo.user.surname || '';
|
||||
token.userName = userInfo.user.userName || '';
|
||||
token.email = userInfo.user.emailAddress || '';
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Error fetching user info:', error);
|
||||
}
|
||||
}
|
||||
return token;
|
||||
},
|
||||
async session({ session, token }) {
|
||||
// Add backend access token and user info to session
|
||||
if (token.accessToken) {
|
||||
session.user = {
|
||||
...session.user,
|
||||
id: token.userId as string,
|
||||
name: token.name as string,
|
||||
email: token.email as string,
|
||||
accessToken: token.accessToken as string,
|
||||
userName: token.userName as string,
|
||||
surname: token.surname as string,
|
||||
};
|
||||
}
|
||||
return session;
|
||||
},
|
||||
authorized({ auth, request: { nextUrl } }) {
|
||||
const isLoggedIn = !!auth?.user;
|
||||
const isOnDashboard = nextUrl.pathname.startsWith('/dashboard');
|
||||
|
||||
@@ -28,7 +28,7 @@ export function UserAvatarProfile({
|
||||
<div className='grid flex-1 text-left text-sm leading-tight'>
|
||||
<span className='truncate font-semibold'>{user?.fullName || ''}</span>
|
||||
<span className='truncate text-xs'>
|
||||
{user?.emailAddresses[0].emailAddress || ''}
|
||||
{user?.emailAddresses?.[0]?.emailAddress || ''}
|
||||
</span>
|
||||
</div>
|
||||
)}
|
||||
|
||||
Reference in New Issue
Block a user