From d8cf6af5b5f74f99d0825e57a39cefa17eac52b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emrik=20=C3=96stling?= Date: Mon, 21 Oct 2024 21:53:53 +0200 Subject: [PATCH] working auth --- app/api/auth/[...nextauth]/route.ts | 117 +++++++++++++++++- app/games/page.tsx | 3 + app/page.tsx | 17 +-- auth.ts | 13 -- package-lock.json | 183 +++++++++++++++++----------- package.json | 2 +- 6 files changed, 242 insertions(+), 93 deletions(-) create mode 100644 app/games/page.tsx delete mode 100644 auth.ts diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts index fa39f10..abe7b63 100644 --- a/app/api/auth/[...nextauth]/route.ts +++ b/app/api/auth/[...nextauth]/route.ts @@ -1,3 +1,116 @@ -import { handlers } from "@/auth"; // Referring to the auth.ts we just created +// import { handlers } from "@/auth"; // Referring to the auth.ts we just created -export const { GET, POST } = handlers; +// export const { GET, POST } = handlers; + +import NextAuth, { NextAuthOptions } from "next-auth"; +import BoxyHQSAMLProvider from "next-auth/providers/boxyhq-saml"; + +const samlLoginUrl = process.env.AUTH_BOXYHQ_SAML_ISSUER; + +// For more information on each option (and a full list of options) go to +// https://next-auth.js.org/configuration/options + +export const authOptions: NextAuthOptions = { + // https://next-auth.js.org/configuration/providers/oauth + providers: [ + // OAuth flow + BoxyHQSAMLProvider({ + authorization: { params: { scope: "" } }, + issuer: samlLoginUrl, + clientId: process.env.AUTH_BOXYHQ_SAML_ID || "dummy", + clientSecret: process.env.AUTH_BOXYHQ_SAML_SECRET || "dummy", + }), + // // Open Id connect flow + // BoxyHQSAMLProvider({ + // name: "BoxyHQ OIDC", + // id: "boxyhq-saml-oidc", + // issuer: samlLoginUrl, + // wellKnown: `${samlLoginUrl}/.well-known/openid-configuration`, + // authorization: { params: { scope: "openid email" } }, + // clientId: process.env.AUTH_BOXYHQ_SAML_ID || "dummy", + // clientSecret: process.env.AUTH_BOXYHQ_SAML_SECRET || "dummy", + // }), + // CredentialsProvider({ + // id: "boxyhq-idp", + // // The name to display on the sign in form (e.g. 'Sign in with...') + // name: "IdP Login", + // // The credentials is used to generate a suitable form on the sign in page. + // // You can specify whatever fields you are expecting to be submitted. + // // e.g. domain, username, password, 2FA token, etc. + // // You can pass any HTML attribute to the tag through the object. + // credentials: { + // code: { + // label: + // "Code: Go to https://mocksaml.com/saml/login to initiate SAML IdP login", + // type: "text", + // placeholder: "Enter code", + // }, + // }, + // async authorize(credentials) { + // const { code } = credentials || {}; + + // if (!code) { + // return null; + // } + + // const res = await fetch(`${samlLoginUrl}/api/oauth/token`, { + // method: "POST", + // body: JSON.stringify({ + // grant_type: "authorization_code", + // client_id: process.env.AUTH_BOXYHQ_SAML_ID || "dummy", + // client_secret: process.env.AUTH_BOXYHQ_SAML_SECRET || "dummy", + // redirect_uri: process.env.NEXTAUTH_URL + "/games", + // code, + // }), + // headers: { + // "Content-Type": "application/json", + // }, + // }); + + // if (res.status !== 200) { + // return null; + // } + + // const json = await res.json(); + // if (!json?.access_token) { + // return null; + // } + + // const resUserInfo = await fetch(`${samlLoginUrl}/api/oauth/userinfo`, { + // headers: { + // Authorization: `Bearer ${json.access_token}`, + // }, + // }); + + // if (resUserInfo.status !== 200) { + // return null; + // } + // const profile = await resUserInfo.json(); + + // console.log(profile); + + // if (profile?.id && profile?.email) { + // return { + // id: profile.id, + // email: profile.email, + // name: [profile.firstName, profile.lastName] + // .filter(Boolean) + // .join(" "), + // image: null, + // }; + // } + + // return null; + // }, + // }), + ], + // callbacks: { + // async jwt({ token }) { + // token.userRole = "admin"; + // return token; + // }, + // }, +}; + +const handler = NextAuth(authOptions); +export { handler as GET, handler as POST }; diff --git a/app/games/page.tsx b/app/games/page.tsx new file mode 100644 index 0000000..48233c5 --- /dev/null +++ b/app/games/page.tsx @@ -0,0 +1,3 @@ +export default function Page() { + return

Games

; +} diff --git a/app/page.tsx b/app/page.tsx index 7b12806..4845eab 100644 --- a/app/page.tsx +++ b/app/page.tsx @@ -4,15 +4,12 @@ import { signIn } from "next-auth/react"; import Image from "next/image"; import Link from "next/link"; - - import chs from "../public/chs.png"; import minecraft from "../public/games/minecraft.png"; import gud from "../public/gud-clean.png"; - -const tenant = "gaming.chs.se"; -const product = "gud-gaming"; +const tenant = "boxyhq.com"; +const product = "saml-demo.boxyhq.com"; export default function Home() { return ( @@ -37,7 +34,13 @@ export default function Home() { `} onClick={async (event) => { event.preventDefault(); - signIn("boxyhq-saml", {}, { tenant, product }); + signIn( + "boxyhq-saml", + { + redirectTo: "http://localhost:3000/games", + }, + { tenant, product }, + ); }} > Get Started @@ -135,4 +138,4 @@ export default function Home() { ); -} \ No newline at end of file +} diff --git a/auth.ts b/auth.ts deleted file mode 100644 index 550c3a7..0000000 --- a/auth.ts +++ /dev/null @@ -1,13 +0,0 @@ -import NextAuth from "next-auth"; -import BoxyHQ from "next-auth/providers/boxyhq-saml"; - -export const { handlers, auth, signIn, signOut } = NextAuth({ - providers: [ - BoxyHQ({ - authorization: { params: { scope: "" } }, // This is needed for OAuth 2.0 flow, otherwise default to openid - clientId: process.env.AUTH_BOXYHQ_SAML_ID, - clientSecret: process.env.AUTH_BOXYHQ_SAML_SECRET, - issuer: process.env.AUTH_BOXYHQ_SAML_ISSUER, - }), - ], -}); diff --git a/package-lock.json b/package-lock.json index 2f94f13..8deec38 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "0.1.0", "dependencies": { "next": "14.2.13", - "next-auth": "^5.0.0-beta.22", + "next-auth": "^4.24.8", "react": "^18", "react-dom": "^18", "sharp": "^0.33.5" @@ -58,37 +58,6 @@ "node": ">=6.0.0" } }, - "node_modules/@auth/core": { - "version": "0.35.3", - "resolved": "https://registry.npmjs.org/@auth/core/-/core-0.35.3.tgz", - "integrity": "sha512-g6qfiqU4OtyvIEZ8J7UoIwAxEnNnLJV0/f/DW41U+4G5nhBlaCrnKhawJIJpU0D3uavXLeDT3B0BkjtiimvMDA==", - "license": "ISC", - "dependencies": { - "@panva/hkdf": "^1.1.1", - "@types/cookie": "0.6.0", - "cookie": "0.6.0", - "jose": "^5.1.3", - "oauth4webapi": "^2.10.4", - "preact": "10.11.3", - "preact-render-to-string": "5.2.3" - }, - "peerDependencies": { - "@simplewebauthn/browser": "^9.0.1", - "@simplewebauthn/server": "^9.0.2", - "nodemailer": "^6.8.0" - }, - "peerDependenciesMeta": { - "@simplewebauthn/browser": { - "optional": true - }, - "@simplewebauthn/server": { - "optional": true - }, - "nodemailer": { - "optional": true - } - } - }, "node_modules/@babel/code-frame": { "version": "7.24.7", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.7.tgz", @@ -421,6 +390,18 @@ "node": ">=6.0.0" } }, + "node_modules/@babel/runtime": { + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.7.tgz", + "integrity": "sha512-FjoyLe754PMiYsFaN5C94ttGiOmBNYTf6pLr4xXHAT5uctHb092PBszndLDR5XA/jghQvn4n7JMHl7dmTgbm9w==", + "license": "MIT", + "dependencies": { + "regenerator-runtime": "^0.14.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, "node_modules/@babel/template": { "version": "7.25.0", "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.0.tgz", @@ -1342,12 +1323,6 @@ "tslib": "^2.4.0" } }, - "node_modules/@types/cookie": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.6.0.tgz", - "integrity": "sha512-4Kh9a6B2bQciAhf7FSuMRRkUWecJgJu9nPnx3yzpsfXX/c50REIqpHY4C82bXP90qrLtXtkDxTZosYO3UpOwlA==", - "license": "MIT" - }, "node_modules/@types/json-schema": { "version": "7.0.15", "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", @@ -2340,9 +2315,9 @@ "license": "MIT" }, "node_modules/cookie": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", - "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", + "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", "license": "MIT", "engines": { "node": ">= 0.6" @@ -4376,9 +4351,9 @@ } }, "node_modules/jose": { - "version": "5.9.4", - "resolved": "https://registry.npmjs.org/jose/-/jose-5.9.4.tgz", - "integrity": "sha512-WBBl6au1qg6OHj67yCffCgFR3BADJBXN8MdRvCgJDuMv3driV2nHr7jdGvaKX9IolosAsn+M0XRArqLXUhyJHQ==", + "version": "4.15.9", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz", + "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==", "license": "MIT", "funding": { "url": "https://github.com/sponsors/panva" @@ -4740,25 +4715,30 @@ } }, "node_modules/next-auth": { - "version": "5.0.0-beta.22", - "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-5.0.0-beta.22.tgz", - "integrity": "sha512-QGBo9HGOjmnJBHGXvtFztl0tM5tL0porDlk74HVoCCzXd986ApOlIW3EmiCuho7YzEopgkFiwwmcXpoCrHAtYw==", + "version": "4.24.8", + "resolved": "https://registry.npmjs.org/next-auth/-/next-auth-4.24.8.tgz", + "integrity": "sha512-SLt3+8UCtklsotnz2p+nB4aN3IHNmpsQFAZ24VLxGotWGzSxkBh192zxNhm/J5wgkcrDWVp0bwqvW0HksK/Lcw==", "license": "ISC", "dependencies": { - "@auth/core": "0.35.3" + "@babel/runtime": "^7.20.13", + "@panva/hkdf": "^1.0.2", + "cookie": "^0.5.0", + "jose": "^4.15.5", + "oauth": "^0.9.15", + "openid-client": "^5.4.0", + "preact": "^10.6.3", + "preact-render-to-string": "^5.1.19", + "uuid": "^8.3.2" }, "peerDependencies": { - "@simplewebauthn/browser": "^9.0.1", - "@simplewebauthn/server": "^9.0.2", - "next": "^14.0.0-0 || ^15.0.0-0", + "@auth/core": "0.34.2", + "next": "^12.2.5 || ^13 || ^14", "nodemailer": "^6.6.5", - "react": "^18.2.0 || ^19.0.0-0" + "react": "^17.0.2 || ^18", + "react-dom": "^17.0.2 || ^18" }, "peerDependenciesMeta": { - "@simplewebauthn/browser": { - "optional": true - }, - "@simplewebauthn/server": { + "@auth/core": { "optional": true }, "nodemailer": { @@ -4886,14 +4866,11 @@ "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/oauth4webapi": { - "version": "2.17.0", - "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-2.17.0.tgz", - "integrity": "sha512-lbC0Z7uzAFNFyzEYRIC+pkSVvDHJTbEW+dYlSBAlCYDe6RxUkJ26bClhk8ocBZip1wfI9uKTe0fm4Ib4RHn6uQ==", - "license": "MIT", - "funding": { - "url": "https://github.com/sponsors/panva" - } + "node_modules/oauth": { + "version": "0.9.15", + "resolved": "https://registry.npmjs.org/oauth/-/oauth-0.9.15.tgz", + "integrity": "sha512-a5ERWK1kh38ExDEfoO6qUHJb32rd7aYmPHuyCu3Fta/cnICvYmgd2uhuKXvPD+PXB+gCEYYEaQdIRAjCOwAKNA==", + "license": "MIT" }, "node_modules/object-assign": { "version": "4.1.1", @@ -5041,6 +5018,15 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/oidc-token-hash": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz", + "integrity": "sha512-IF4PcGgzAr6XXSff26Sk/+P4KZFJVuHAJZj3wgO3vX2bMdNVp/QXTP3P7CEm9V1IdG8lDLY3HhiqpsE/nOwpPw==", + "license": "MIT", + "engines": { + "node": "^10.13.0 || >=12.0.0" + } + }, "node_modules/once": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", @@ -5051,6 +5037,48 @@ "wrappy": "1" } }, + "node_modules/openid-client": { + "version": "5.7.0", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.7.0.tgz", + "integrity": "sha512-4GCCGZt1i2kTHpwvaC/sCpTpQqDnBzDzuJcJMbH+y1Q5qI8U8RBvoSh28svarXszZHR5BAMXbJPX1PGPRE3VOA==", + "license": "MIT", + "dependencies": { + "jose": "^4.15.9", + "lru-cache": "^6.0.0", + "object-hash": "^2.2.0", + "oidc-token-hash": "^5.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "node_modules/openid-client/node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "license": "ISC", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/openid-client/node_modules/object-hash": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", + "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==", + "license": "MIT", + "engines": { + "node": ">= 6" + } + }, + "node_modules/openid-client/node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "license": "ISC" + }, "node_modules/optionator": { "version": "0.9.4", "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz", @@ -5404,9 +5432,9 @@ "license": "MIT" }, "node_modules/preact": { - "version": "10.11.3", - "resolved": "https://registry.npmjs.org/preact/-/preact-10.11.3.tgz", - "integrity": "sha512-eY93IVpod/zG3uMF22Unl8h9KkrcKIRs2EGar8hwLZZDU1lkjph303V9HZBwufh2s736U6VXuhD109LYqPoffg==", + "version": "10.24.3", + "resolved": "https://registry.npmjs.org/preact/-/preact-10.24.3.tgz", + "integrity": "sha512-Z2dPnBnMUfyQfSQ+GBdsGa16hz35YmLmtTLhM169uW944hYL6xzTYkJjC07j+Wosz733pMWx0fgON3JNw1jJQA==", "license": "MIT", "funding": { "type": "opencollective", @@ -5414,9 +5442,9 @@ } }, "node_modules/preact-render-to-string": { - "version": "5.2.3", - "resolved": "https://registry.npmjs.org/preact-render-to-string/-/preact-render-to-string-5.2.3.tgz", - "integrity": "sha512-aPDxUn5o3GhWdtJtW0svRC2SS/l8D9MAgo2+AWml+BhDImb27ALf04Q2d+AHqUUOc6RdSXFIBVa2gxzgMKgtZA==", + "version": "5.2.6", + "resolved": "https://registry.npmjs.org/preact-render-to-string/-/preact-render-to-string-5.2.6.tgz", + "integrity": "sha512-JyhErpYOvBV1hEPwIxc/fHWXPfnEGdRKxc8gFdAZ7XV4tlzyzG847XAyEZqoDnynP88akM4eaHcSOzNcLWFguw==", "license": "MIT", "dependencies": { "pretty-format": "^3.8.0" @@ -5591,6 +5619,12 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/regenerator-runtime": { + "version": "0.14.1", + "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.1.tgz", + "integrity": "sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw==", + "license": "MIT" + }, "node_modules/regexp.prototype.flags": { "version": "1.5.2", "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.2.tgz", @@ -6588,6 +6622,15 @@ "dev": true, "license": "MIT" }, + "node_modules/uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "license": "MIT", + "bin": { + "uuid": "dist/bin/uuid" + } + }, "node_modules/which": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", diff --git a/package.json b/package.json index 312a06d..99e18fb 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ }, "dependencies": { "next": "14.2.13", - "next-auth": "^5.0.0-beta.22", + "next-auth": "^4.24.8", "react": "^18", "react-dom": "^18", "sharp": "^0.33.5"