added openidconnect provider

2025-08-11 21:23:54 -04:00 · 2024-09-28 14:03:15 -04:00 · 2024-09-28 14:03:15 -04:00 · fbca8cb193
commit fbca8cb193
parent 56c4ed1f10
1 changed files with 69 additions and 0 deletions
--- a/server/auth/modules/passport-providers/oidc.js
+++ b/server/auth/modules/passport-providers/oidc.js
@ -0,0 +1,69 @@
 var OpenIDConnectStrategy = require('passport-openidconnect')
 class PassportOpenIDConnect {
    register(app, passport, name, provider) {
        passport.use(name, new OpenIDConnectStrategy({
            issuer: provider.issuer_url,
            authorizationURL: provider.authorization_url,
            tokenURL: provider.token_url,
            userInfoURL: provider.userinfo_url,
            clientID: provider.client_id,
            clientSecret: provider.client_secret,
            callbackURL: `http://localhost/api/auth/${name}/callback`,
            passReqToCallback: true
        },
        async function(req, issuer, accessToken, refreshToken, params, profile, done) {
            try {
                const userInfo = (await fetch(provider.userinfo_url, {
                    headers: { 'Authorization': `Bearer ${accessToken}` }
                }))
                .json();
                const user = {
                    id: userInfo.sub,
                    email: userInfo.email,
                    name: userInfo.name,
                    accessToken: accessToken,
                    refreshToken: refreshToken,
                    expiresIn: params.expires_in
                };
                // Store the tokens in the session
                req.session.oauth2Tokens = {
                    accessToken: accessToken,
                    refreshToken: refreshToken,
                    expiresIn: params.expires_in
                };
                return done(null, user);
            } catch (error) {
            }
        }));
        app.get(`/api/auth/${name}`, (req, res, next) => {
            passport.authenticate(name, {
                scope: provider.scopes.join(' ') ?? 'openid profile email offline_access',
                prompt: 'consent'
            }) (req, res, next);
        });
        app.get(`/api/auth/${name}/callback`, (req, res, next) => {
            passport.authenticate(name, {
                failureRedirect: '/login'
            }) (req, res, next);
            },
            (req, res) => {
                if (req.user) {
                    res.json(req.user);
                }
                else {
                    // create error in errorCodes.js
                    res.status(401).json({ error: 'Authentication failed' });
                }
            }
        );
    }
 }
 module.exports = PassportOpenIDConnect;