cortex-auth 1.3.4 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import type { User } from '../types';
|
|
2
2
|
import type { SanitizedConfig } from 'payload';
|
|
3
|
-
import type { NextAuthConfig } from "next-auth";
|
|
4
3
|
type AccountType = NonNullable<User['accounts']>[number];
|
|
5
4
|
declare function profileRoles(profile: {
|
|
6
5
|
sub: string;
|
|
@@ -13,40 +12,38 @@ declare function profileRoles(profile: {
|
|
|
13
12
|
id: string;
|
|
14
13
|
role: string;
|
|
15
14
|
};
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
linkAccount({ user, account }: {
|
|
31
|
-
user: {
|
|
32
|
-
id: string;
|
|
33
|
-
};
|
|
34
|
-
account: AccountType;
|
|
35
|
-
}): Promise<void>;
|
|
36
|
-
signIn({ user, account }: {
|
|
37
|
-
user: {
|
|
38
|
-
id: string;
|
|
15
|
+
declare function persistTokens(userId: string, account: AccountType, payloadConfig: SanitizedConfig): Promise<void>;
|
|
16
|
+
export declare const payloadAuthConfig: {
|
|
17
|
+
userCollectionDatabaseFields: ({
|
|
18
|
+
name: string;
|
|
19
|
+
type: string;
|
|
20
|
+
options: {
|
|
21
|
+
label: string;
|
|
22
|
+
value: string;
|
|
23
|
+
}[];
|
|
24
|
+
defaultValue: string;
|
|
25
|
+
required: boolean;
|
|
26
|
+
admin: {
|
|
27
|
+
description: string;
|
|
28
|
+
disabled?: undefined;
|
|
39
29
|
};
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
30
|
+
label?: undefined;
|
|
31
|
+
fields?: undefined;
|
|
32
|
+
} | {
|
|
33
|
+
name: string;
|
|
34
|
+
type: string;
|
|
35
|
+
label: string;
|
|
36
|
+
defaultValue: boolean;
|
|
37
|
+
options?: undefined;
|
|
38
|
+
required?: undefined;
|
|
39
|
+
admin?: undefined;
|
|
40
|
+
fields?: undefined;
|
|
41
|
+
} | {
|
|
46
42
|
name: string;
|
|
47
43
|
type: string;
|
|
48
44
|
admin: {
|
|
49
45
|
disabled: boolean;
|
|
46
|
+
description?: undefined;
|
|
50
47
|
};
|
|
51
48
|
fields: ({
|
|
52
49
|
name: string;
|
|
@@ -66,21 +63,12 @@ export declare const payloadAuthConfig: (payloadConfig: SanitizedConfig) => {
|
|
|
66
63
|
};
|
|
67
64
|
required?: undefined;
|
|
68
65
|
})[];
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
account: AccountType;
|
|
76
|
-
}): Promise<void>;
|
|
77
|
-
signIn({ user, account }: {
|
|
78
|
-
user: {
|
|
79
|
-
id: string;
|
|
80
|
-
};
|
|
81
|
-
account: AccountType | null;
|
|
82
|
-
}): Promise<void>;
|
|
83
|
-
};
|
|
66
|
+
options?: undefined;
|
|
67
|
+
defaultValue?: undefined;
|
|
68
|
+
required?: undefined;
|
|
69
|
+
label?: undefined;
|
|
70
|
+
})[];
|
|
71
|
+
persistTokens: typeof persistTokens;
|
|
84
72
|
profileRoles: typeof profileRoles;
|
|
85
73
|
};
|
|
86
74
|
export {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"configuration.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AACnC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"configuration.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AACnC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAI9C,KAAK,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;AAkCxD,iBAAS,YAAY,CAAC,OAAO,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,EAAE,MAAM,EAAE;IAAE,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE;SAA3F,MAAM;;;EAQ3C;AAED,iBAAe,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,iBAuBhG;AA8CD,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAM7B,CAAC"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import { decodeJwt } from 'jose';
|
|
2
2
|
import { getPayload } from 'payload';
|
|
3
|
-
import KeycloakProvider from "next-auth/providers/keycloak";
|
|
4
3
|
function upsertAccount(existing = [], account) {
|
|
5
4
|
const provider = account.provider;
|
|
6
5
|
const providerAccountId = account.providerAccountId;
|
|
@@ -57,73 +56,51 @@ async function persistTokens(userId, account, payloadConfig) {
|
|
|
57
56
|
overrideAccess: true,
|
|
58
57
|
});
|
|
59
58
|
}
|
|
60
|
-
const
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
clientId: process.env.OAUTH_CLIENT_ID,
|
|
68
|
-
clientSecret: process.env.OAUTH_CLIENT_SECRET,
|
|
69
|
-
issuer: process.env.OAUTH_ISSUER,
|
|
70
|
-
authorization: { params: { scope: authConfig?.oauth.scope ?? "openid profile email offline_access" } },
|
|
71
|
-
profile(profile, tokens) {
|
|
72
|
-
let role = 'user'; // default role
|
|
73
|
-
if (tokens && tokens.access_token) {
|
|
74
|
-
const decodedJWT = decodeJwt(tokens.access_token);
|
|
75
|
-
const permissions = decodedJWT.resource_access?.[process.env.OAUTH_CLIENT_ID]?.roles;
|
|
76
|
-
role = permissions?.[0] || 'user';
|
|
77
|
-
}
|
|
78
|
-
return { id: profile.sub, role, ...profile };
|
|
59
|
+
const userCollectionDatabaseFields = [{
|
|
60
|
+
name: 'role',
|
|
61
|
+
type: 'select',
|
|
62
|
+
options: [
|
|
63
|
+
{
|
|
64
|
+
label: 'User',
|
|
65
|
+
value: 'user',
|
|
79
66
|
},
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
67
|
+
{
|
|
68
|
+
label: 'Admin',
|
|
69
|
+
value: 'admin',
|
|
70
|
+
},
|
|
71
|
+
{
|
|
72
|
+
label: 'Digital Colleague',
|
|
73
|
+
value: 'digital-colleague',
|
|
74
|
+
},
|
|
75
|
+
],
|
|
76
|
+
defaultValue: 'user',
|
|
77
|
+
required: true,
|
|
78
|
+
admin: {
|
|
79
|
+
description: 'The role of the user',
|
|
91
80
|
},
|
|
92
81
|
},
|
|
93
|
-
}
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
};
|
|
112
|
-
export const
|
|
113
|
-
// fires when an OAuth account is linked [NextAuth](https://next-auth.js.org/configuration/events)
|
|
114
|
-
async linkAccount({ user, account }) {
|
|
115
|
-
await persistTokens(user.id, account, payloadConfig);
|
|
116
|
-
},
|
|
117
|
-
// fires on every sign-in [NextAuth](https://next-auth.js.org/configuration/events)
|
|
118
|
-
async signIn({ user, account }) {
|
|
119
|
-
if (account)
|
|
120
|
-
await persistTokens(user.id, account, payloadConfig);
|
|
121
|
-
},
|
|
122
|
-
});
|
|
123
|
-
export const payloadAuthConfig = (payloadConfig) => ({
|
|
124
|
-
databaseWithBackend: (authConfig) => databaseWithBackend(payloadConfig, authConfig),
|
|
82
|
+
{ name: 'enabled', type: 'checkbox', label: 'Enabled', defaultValue: true },
|
|
83
|
+
{
|
|
84
|
+
name: "accounts",
|
|
85
|
+
type: "array",
|
|
86
|
+
admin: { disabled: false }, // optional
|
|
87
|
+
fields: [
|
|
88
|
+
{ name: "provider", type: "text", required: true },
|
|
89
|
+
{ name: "providerAccountId", type: "text", required: true },
|
|
90
|
+
{ name: "type", type: "text" },
|
|
91
|
+
// Add these:
|
|
92
|
+
{ name: "access_token", type: "text", admin: { disabled: true } },
|
|
93
|
+
{ name: "refresh_token", type: "text", admin: { disabled: true } },
|
|
94
|
+
{ name: "expires_at", type: "number", admin: { disabled: true } },
|
|
95
|
+
{ name: "id_token", type: "text", admin: { disabled: true } },
|
|
96
|
+
{ name: "token_type", type: "text", admin: { disabled: true } },
|
|
97
|
+
{ name: "scope", type: "text", admin: { disabled: true } },
|
|
98
|
+
{ name: "session_state", type: "text", admin: { disabled: true } },
|
|
99
|
+
],
|
|
100
|
+
}];
|
|
101
|
+
export const payloadAuthConfig = {
|
|
125
102
|
userCollectionDatabaseFields,
|
|
126
|
-
|
|
103
|
+
persistTokens,
|
|
127
104
|
profileRoles
|
|
128
|
-
}
|
|
105
|
+
};
|
|
129
106
|
//# sourceMappingURL=configuration.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AAIpC,SAAS,aAAa,CAAC,WAA0B,EAAE,EAAE,OAAoB;IACvE,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;IACjC,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;IAEnD,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAC5B,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,iBAAiB,KAAK,iBAAiB,CACzF,CAAA;IAED,MAAM,OAAO,GAAG;QACd,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClC,QAAQ;QACR,iBAAiB;QACjB,IAAI,EAAE,OAAO,CAAC,IAAI;QAElB,yDAAyD;QACzD,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI;QAC1C,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI;QAC5C,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;QACtC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,IAAI;QAClC,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;QACtC,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;QAC5B,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI;KAC7C,CAAA;IAED,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAA;QAC1B,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,CAAC,GAAG,QAAQ,EAAE,OAAO,CAAC,CAAA;AAC/B,CAAC;AAED,SAAS,YAAY,CAAC,OAAgD,EAAE,MAAyD;IAC/H,IAAI,IAAI,GAAG,MAAM,CAAC,CAAC,eAAe;IAClC,IAAI,MAAM,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAClD,MAAM,WAAW,GAAK,UAAU,CAAC,eAAwD,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC,EAAE,KAA8B,CAAC;QAC1J,IAAI,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IACpC,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAA;AAC9C,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,MAAc,EAAE,OAAoB,EAAE,aAA8B;IAC/F,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAA;IAE3D,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC;QACtC,UAAU,EAAE,OAAO;QACnB,EAAE,EAAE,MAAM;QACV,KAAK,EAAE,CAAC;KACT,CAAC,CAAA;IAEF,MAAM,QAAQ,GAAI,QAAiB,CAAC,QAAQ,IAAI,EAAE,CAAA;IAClD,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACjD,IAAI,IAAI,GAAG,MAAM,CAAC,CAAC,eAAe;IAClC,IAAI,OAAO,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,WAAW,GAAK,UAAU,CAAC,eAAwD,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC,EAAE,KAA8B,CAAC;QAC1J,IAAI,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IACpC,CAAC;IACD,MAAM,OAAO,CAAC,MAAM,CAAC;QACnB,UAAU,EAAE,OAAO;QACnB,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;QACxB,cAAc,EAAE,IAAI;KACrB,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,4BAA4B,GAAG,CAAC;QAChC,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE;YACP;gBACE,KAAK,EAAE,MAAM;gBACb,KAAK,EAAE,MAAM;aACd;YACD;gBACE,KAAK,EAAE,OAAO;gBACd,KAAK,EAAE,OAAO;aACf;YACD;gBACE,KAAK,EAAE,mBAAmB;gBAC1B,KAAK,EAAE,mBAAmB;aAC3B;SACF;QACD,YAAY,EAAE,MAAM;QACpB,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE;YACL,WAAW,EAAE,sBAAsB;SACpC;KACF;IACD,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,IAAI,EAAE;IAC3E;QACE,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,WAAW;QACvC,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;YAClD,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC3D,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE;YAE9B,aAAa;YACb,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YACjE,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YAClE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YACjE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YAC7D,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YAC/D,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;YAC1D,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;SACnE;KACF,CAAC,CAAC;AAEP,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAE/B,4BAA4B;IAC5B,aAAa;IAEb,YAAY;CACb,CAAC"}
|