blsmedia/sign
2
0
Fork 0
Code Issues Packages Releases Activity

fix: add oidc env variables

Browse Source
This commit is contained in:
David Nguyen
2025-02-14 18:11:54 +11:00
parent 180656978b
commit df8ea09021
5 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.env.example
View File

@@ -18,9 +18,6 @@ NEXT_PRIVATE_OIDC_WELL_KNOWN=""
NEXT_PRIVATE_OIDC_CLIENT_ID="" NEXT_PRIVATE_OIDC_CLIENT_ID=""
NEXT_PRIVATE_OIDC_CLIENT_SECRET="" NEXT_PRIVATE_OIDC_CLIENT_SECRET=""
NEXT_PRIVATE_OIDC_PROVIDER_LABEL="OIDC" NEXT_PRIVATE_OIDC_PROVIDER_LABEL="OIDC"
# This can be used to still allow signups for OIDC connections
# when signup is disabled via `NEXT_PUBLIC_DISABLE_SIGNUP`
NEXT_PRIVATE_OIDC_ALLOW_SIGNUP=""
NEXT_PRIVATE_OIDC_SKIP_VERIFY="" NEXT_PRIVATE_OIDC_SKIP_VERIFY=""
# [[URLS]] # [[URLS]]

3
packages/auth/server/config.ts
View File

@@ -8,6 +8,7 @@ export type OAuthClientOptions = {
clientSecret: string; clientSecret: string;
wellKnownUrl: string; wellKnownUrl: string;
redirectUrl: string; redirectUrl: string;
bypassEmailVerification?: boolean;
}; };
export const GoogleAuthOptions: OAuthClientOptions = { export const GoogleAuthOptions: OAuthClientOptions = {
@@ -17,6 +18,7 @@ export const GoogleAuthOptions: OAuthClientOptions = {
clientSecret: env('NEXT_PRIVATE_GOOGLE_CLIENT_SECRET') ?? '', clientSecret: env('NEXT_PRIVATE_GOOGLE_CLIENT_SECRET') ?? '',
redirectUrl: `${NEXT_PUBLIC_WEBAPP_URL()}/api/auth/callback/google`, redirectUrl: `${NEXT_PUBLIC_WEBAPP_URL()}/api/auth/callback/google`,
wellKnownUrl: 'https://accounts.google.com/.well-known/openid-configuration', wellKnownUrl: 'https://accounts.google.com/.well-known/openid-configuration',
bypassEmailVerification: false,
}; };
export const OidcAuthOptions: OAuthClientOptions = { export const OidcAuthOptions: OAuthClientOptions = {
@@ -26,4 +28,5 @@ export const OidcAuthOptions: OAuthClientOptions = {
clientSecret: env('NEXT_PRIVATE_OIDC_CLIENT_SECRET') ?? '', clientSecret: env('NEXT_PRIVATE_OIDC_CLIENT_SECRET') ?? '',
redirectUrl: `${NEXT_PUBLIC_WEBAPP_URL()}/api/auth/callback/oidc`, redirectUrl: `${NEXT_PUBLIC_WEBAPP_URL()}/api/auth/callback/oidc`,
wellKnownUrl: env('NEXT_PRIVATE_OIDC_WELL_KNOWN') ?? '', wellKnownUrl: env('NEXT_PRIVATE_OIDC_WELL_KNOWN') ?? '',
bypassEmailVerification: env('NEXT_PRIVATE_OIDC_SKIP_VERIFY') === 'true',
}; };

2
packages/auth/server/lib/utils/handle-oauth-callback-url.ts
View File

@@ -79,7 +79,7 @@ export const handleOAuthCallbackUrl = async (options: HandleOAuthCallbackUrlOpti
}); });
} }
if (claims.email_verified !== true) { if (claims.email_verified !== true && !clientOptions.bypassEmailVerification) {
throw new AppError(AuthenticationErrorCode.UnverifiedEmail, { throw new AppError(AuthenticationErrorCode.UnverifiedEmail, {
message: 'Account email is not verified', message: 'Account email is not verified',
}); });

1
packages/tsconfig/process-env.d.ts vendored
View File

@@ -10,7 +10,6 @@ declare namespace NodeJS {
NEXT_PRIVATE_OIDC_CLIENT_ID?: string; NEXT_PRIVATE_OIDC_CLIENT_ID?: string;
NEXT_PRIVATE_OIDC_CLIENT_SECRET?: string; NEXT_PRIVATE_OIDC_CLIENT_SECRET?: string;
NEXT_PRIVATE_OIDC_PROVIDER_LABEL?: string; NEXT_PRIVATE_OIDC_PROVIDER_LABEL?: string;
NEXT_PRIVATE_OIDC_ALLOW_SIGNUP?: string;
NEXT_PRIVATE_OIDC_SKIP_VERIFY?: string; NEXT_PRIVATE_OIDC_SKIP_VERIFY?: string;
NEXT_PRIVATE_DATABASE_URL: string; NEXT_PRIVATE_DATABASE_URL: string;

1
turbo.json
View File

@@ -65,7 +65,6 @@
"NEXT_PRIVATE_OIDC_CLIENT_ID", "NEXT_PRIVATE_OIDC_CLIENT_ID",
"NEXT_PRIVATE_OIDC_CLIENT_SECRET", "NEXT_PRIVATE_OIDC_CLIENT_SECRET",
"NEXT_PRIVATE_OIDC_PROVIDER_LABEL", "NEXT_PRIVATE_OIDC_PROVIDER_LABEL",
"NEXT_PRIVATE_OIDC_ALLOW_SIGNUP",
"NEXT_PRIVATE_OIDC_SKIP_VERIFY", "NEXT_PRIVATE_OIDC_SKIP_VERIFY",
"NEXT_PUBLIC_UPLOAD_TRANSPORT", "NEXT_PUBLIC_UPLOAD_TRANSPORT",
"NEXT_PRIVATE_UPLOAD_ENDPOINT", "NEXT_PRIVATE_UPLOAD_ENDPOINT",