44 lines
1.2 KiB
TypeScript
44 lines
1.2 KiB
TypeScript
import type { OAuth2Tokens } from 'arctic'
|
|
import { decodeJwt } from 'jose'
|
|
import { Authenticator } from 'remix-auth'
|
|
import { CodeChallengeMethod, OAuth2Strategy } from 'remix-auth-oauth2'
|
|
|
|
export type User = {
|
|
sub: string
|
|
email: string
|
|
name: string
|
|
scope: string
|
|
email_verified: boolean
|
|
accessToken: string
|
|
refreshToken: string
|
|
}
|
|
|
|
export function createAuth(env: Env) {
|
|
const authenticator = new Authenticator()
|
|
const strategy = new OAuth2Strategy(
|
|
{
|
|
clientId: env.CLIENT_ID,
|
|
clientSecret: env.CLIENT_SECRET,
|
|
redirectURI: env.REDIRECT_URI,
|
|
authorizationEndpoint: `${env.ISSUER_URL}/authorize`,
|
|
tokenEndpoint: `${env.ISSUER_URL}/token`,
|
|
tokenRevocationEndpoint: `${env.ISSUER_URL}/revoke`,
|
|
scopes: env.SCOPE.split(' '),
|
|
codeChallengeMethod: CodeChallengeMethod.S256
|
|
},
|
|
async ({ tokens }: { tokens: OAuth2Tokens }) => {
|
|
const user = decodeJwt(tokens.idToken())
|
|
|
|
return {
|
|
...user,
|
|
accessToken: tokens.accessToken(),
|
|
refreshToken: tokens.hasRefreshToken() ? tokens.refreshToken() : null
|
|
}
|
|
}
|
|
)
|
|
|
|
authenticator.use(strategy, 'oidc')
|
|
|
|
return authenticator
|
|
}
|