added openidconnect provider

2025-08-11 21:23:54 -04:00 · 2024-09-28 14:03:15 -04:00 · 2024-09-28 14:03:15 -04:00 · fbca8cb193
commit fbca8cb193
parent 56c4ed1f10
1 changed files with 69 additions and 0 deletions
--- a/server/auth/modules/passport-providers/oidc.js
+++ b/server/auth/modules/passport-providers/oidc.js
@ -0,0 +1,69 @@
+var OpenIDConnectStrategy = require('passport-openidconnect')
+
+class PassportOpenIDConnect {
+    register(app, passport, name, provider) {
+        passport.use(name, new OpenIDConnectStrategy({
+            issuer: provider.issuer_url,
+            authorizationURL: provider.authorization_url,
+            tokenURL: provider.token_url,
+            userInfoURL: provider.userinfo_url,
+            clientID: provider.client_id,
+            clientSecret: provider.client_secret,
+            callbackURL: `http://localhost/api/auth/${name}/callback`,
+            passReqToCallback: true
+        },
+        async function(req, issuer, accessToken, refreshToken, params, profile, done) {
+            try {
+                const userInfo = (await fetch(provider.userinfo_url, {
+                    headers: { 'Authorization': `Bearer ${accessToken}` }
+                }))
+                .json();
+
+                const user = {
+                    id: userInfo.sub,
+                    email: userInfo.email,
+                    name: userInfo.name,
+                    accessToken: accessToken,
+                    refreshToken: refreshToken,
+                    expiresIn: params.expires_in
+                };
+
+                // Store the tokens in the session
+                req.session.oauth2Tokens = {
+                    accessToken: accessToken,
+                    refreshToken: refreshToken,
+                    expiresIn: params.expires_in
+                };
+
+                return done(null, user);
+            } catch (error) {
+            }
+        }));
+
+        app.get(`/api/auth/${name}`, (req, res, next) => {
+            passport.authenticate(name, {
+                scope: provider.scopes.join(' ') ?? 'openid profile email offline_access',
+                prompt: 'consent'
+            }) (req, res, next);
+        });
+
+        app.get(`/api/auth/${name}/callback`, (req, res, next) => {
+            passport.authenticate(name, {
+                failureRedirect: '/login'
+            }) (req, res, next);
+            },
+
+            (req, res) => {
+                if (req.user) {
+                    res.json(req.user);
+                }
+                else {
+                    // create error in errorCodes.js
+                    res.status(401).json({ error: 'Authentication failed' });
+                }
+            }
+        );
+    }
+}
+
+module.exports = PassportOpenIDConnect;