packages/lib/constants/auth.ts

import { env } from '../utils/env';

export const SALT_ROUNDS = 12;

export const IDENTITY_PROVIDER_NAME: Record<string, string> = {
  DOCUMENSO: 'Documenso',
  GOOGLE: 'Google',
  OIDC: 'OIDC',
};

export const IS_GOOGLE_SSO_ENABLED = Boolean(
  env('NEXT_PRIVATE_GOOGLE_CLIENT_ID') && env('NEXT_PRIVATE_GOOGLE_CLIENT_SECRET'),
);

export const IS_OIDC_SSO_ENABLED = Boolean(
  env('NEXT_PRIVATE_OIDC_WELL_KNOWN') &&
    env('NEXT_PRIVATE_OIDC_CLIENT_ID') &&
    env('NEXT_PRIVATE_OIDC_CLIENT_SECRET'),
);

export const OIDC_PROVIDER_LABEL = env('NEXT_PRIVATE_OIDC_PROVIDER_LABEL');

export const USER_SECURITY_AUDIT_LOG_MAP: Record<string, string> = {
  ACCOUNT_SSO_LINK: 'Linked account to SSO',
  ACCOUNT_PROFILE_UPDATE: 'Profile updated',
  AUTH_2FA_DISABLE: '2FA Disabled',
  AUTH_2FA_ENABLE: '2FA Enabled',
  PASSKEY_CREATED: 'Passkey created',
  PASSKEY_DELETED: 'Passkey deleted',
  PASSKEY_UPDATED: 'Passkey updated',
  PASSWORD_RESET: 'Password reset',
  PASSWORD_UPDATE: 'Password updated',
  SIGN_OUT: 'Signed Out',
  SIGN_IN: 'Signed In',
  SIGN_IN_FAIL: 'Sign in attempt failed',
  SIGN_IN_PASSKEY_FAIL: 'Passkey sign in failed',
  SIGN_IN_2FA_FAIL: 'Sign in 2FA attempt failed',
};

/**
 * The duration to wait for a passkey to be verified in MS.
 */
export const PASSKEY_TIMEOUT = 60000;

/**
 * The maximum number of passkeys are user can have.
 */
export const MAXIMUM_PASSKEYS = 50;

export const useSecureCookies =
  env('NODE_ENV') === 'production' && String(env('NEXTAUTH_URL')).startsWith('https://');

const secureCookiePrefix = useSecureCookies ? '__Secure-' : '';

export const formatSecureCookieName = (name: string) => `${secureCookiePrefix}${name}`;
fix: wip 2025-01-31 14:09:02 +11:00			`import { env } from '../utils/env';`
fix: visibility of security fields using identityprovider (#709) fixes #690 2024-01-24 06:04:30 +05:30
wip: refresh design 2023-06-09 18:21:18 +10:00			`export const SALT_ROUNDS = 12;`
fix: add conditional rendering of OAuth providers (#736) Now google OAuth provider is not rendered if client id is not provided 2024-01-23 11:38:48 +05:30
wip 2025-01-02 15:33:37 +11:00			`export const IDENTITY_PROVIDER_NAME: Record<string, string> = {`
			`DOCUMENSO: 'Documenso',`
			`GOOGLE: 'Google',`
			`OIDC: 'OIDC',`
fix: visibility of security fields using identityprovider (#709) fixes #690 2024-01-24 06:04:30 +05:30			`};`

fix: add conditional rendering of OAuth providers (#736) Now google OAuth provider is not rendered if client id is not provided 2024-01-23 11:38:48 +05:30			`export const IS_GOOGLE_SSO_ENABLED = Boolean(`
fix: wip 2025-01-31 14:09:02 +11:00			`env('NEXT_PRIVATE_GOOGLE_CLIENT_ID') && env('NEXT_PRIVATE_GOOGLE_CLIENT_SECRET'),`
fix: add conditional rendering of OAuth providers (#736) Now google OAuth provider is not rendered if client id is not provided 2024-01-23 11:38:48 +05:30			`);`
feat: add user security audit logs 2024-01-30 17:31:27 +11:00
feat: add oidc support 2024-04-13 20:46:08 -04:00			`export const IS_OIDC_SSO_ENABLED = Boolean(`
fix: wip 2025-01-31 14:09:02 +11:00			`env('NEXT_PRIVATE_OIDC_WELL_KNOWN') &&`
			`env('NEXT_PRIVATE_OIDC_CLIENT_ID') &&`
			`env('NEXT_PRIVATE_OIDC_CLIENT_SECRET'),`
feat: add oidc support 2024-04-13 20:46:08 -04:00			`);`

fix: wip 2025-01-31 14:09:02 +11:00			`export const OIDC_PROVIDER_LABEL = env('NEXT_PRIVATE_OIDC_PROVIDER_LABEL');`
feat: make oidc sign in button text configurable (#1209) Adds a configurable label for the OIDC connection's button. 2024-07-31 14:22:52 +02:00
wip 2025-01-02 15:33:37 +11:00			`export const USER_SECURITY_AUDIT_LOG_MAP: Record<string, string> = {`
			`ACCOUNT_SSO_LINK: 'Linked account to SSO',`
			`ACCOUNT_PROFILE_UPDATE: 'Profile updated',`
			`AUTH_2FA_DISABLE: '2FA Disabled',`
			`AUTH_2FA_ENABLE: '2FA Enabled',`
			`PASSKEY_CREATED: 'Passkey created',`
			`PASSKEY_DELETED: 'Passkey deleted',`
			`PASSKEY_UPDATED: 'Passkey updated',`
			`PASSWORD_RESET: 'Password reset',`
			`PASSWORD_UPDATE: 'Password updated',`
			`SIGN_OUT: 'Signed Out',`
			`SIGN_IN: 'Signed In',`
			`SIGN_IN_FAIL: 'Sign in attempt failed',`
			`SIGN_IN_PASSKEY_FAIL: 'Passkey sign in failed',`
			`SIGN_IN_2FA_FAIL: 'Sign in 2FA attempt failed',`
feat: add user security audit logs 2024-01-30 17:31:27 +11:00			`};`
feat: add passkeys (#989) ## Description Add support to login with passkeys. Passkeys can be added via the user security settings page. Note: Currently left out adding the type of authentication method for the 'user security audit logs' because we're using the `signIn` next-auth event which doesn't appear to provide the context. Will look into it at another time. ## Changes Made - Add passkeys to login - Add passkeys feature flag - Add page to manage passkeys - Add audit logs relating to passkeys - Updated prisma schema to support passkeys & anonymous verification tokens ## Testing Performed To be done. MacOS: - Safari ✅ - Chrome ✅ - Firefox ✅ Windows: - Chrome [Untested] - Firefox [Untested] Linux: - Chrome [Untested] - Firefox [Untested] iOS: - Safari ✅ ## Checklist <!--- Please check the boxes that apply to this pull request. --> <!--- You can add or remove items as needed. --> - [X] I have tested these changes locally and they work as expected. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Introduced Passkey authentication, including creation, sign-in, and management of passkeys. - Added a Passkeys section in Security Settings for managing user passkeys. - Implemented UI updates for Passkey authentication, including a new dialog for creating passkeys and a data table for managing them. - Enhanced security settings with server-side feature flags to conditionally display new security features. - Bug Fixes - Improved UI consistency in the Settings Security Activity Page. - Updated button styling in the 2FA Recovery Codes component for better visibility. - Refactor - Streamlined authentication options to include WebAuthn credentials provider. - Chores - Updated database schema to support passkeys and related functionality. - Added new audit log types for passkey-related activities. - Enhanced server-only authentication utilities for passkey registration and management. <!-- end of auto-generated comment: release notes by coderabbit.ai --> 2024-03-26 21:11:59 +08:00
			`/**`
			`* The duration to wait for a passkey to be verified in MS.`
			`*/`
			`export const PASSKEY_TIMEOUT = 60000;`

			`/**`
			`* The maximum number of passkeys are user can have.`
			`*/`
			`export const MAXIMUM_PASSKEYS = 50;`
fix: secure passkey cookies (#1533) 2024-12-12 01:16:29 +09:00
			`export const useSecureCookies =`
fix: wip 2025-01-31 14:09:02 +11:00			`env('NODE_ENV') === 'production' && String(env('NEXTAUTH_URL')).startsWith('https://');`
fix: secure passkey cookies (#1533) 2024-12-12 01:16:29 +09:00
			`const secureCookiePrefix = useSecureCookies ? '__Secure-' : '';`

			export const formatSecureCookieName = (name: string) => `${secureCookiePrefix}${name}`;