import NextAuth from "next-auth"; import { KeycloakProvider } from "@auth/keycloak"; import { NextAuthOptions } from "next-auth"; declare module "next-auth" { interface User { id: string; name?: string | null; email?: string | null; image?: string | null; username: string; first_name: string; last_name: string; role: string[]; } interface Session { user: User; accessToken: string; refreshToken: string; } interface JWT { accessToken: string; refreshToken: string; accessTokenExpires: number; role: string[]; username: string; first_name: string; last_name: string; } } export const authOptions: NextAuthOptions = { providers: [ KeycloakProvider({ clientId: process.env.KEYCLOAK_CLIENT_ID!, clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!, issuer: process.env.KEYCLOAK_ISSUER, }) ], session: { strategy: 'jwt', }, pages: { signIn: '/signin', }, callbacks: { async jwt({ token, account, profile }) { if (account) { token.accessToken = account.access_token ?? ''; token.refreshToken = account.refresh_token ?? ''; token.accessTokenExpires = account.expires_at ?? 0; } if (profile) { token.username = profile.preferred_username ?? ''; token.first_name = profile.given_name ?? ''; token.last_name = profile.family_name ?? ''; token.role = profile.groups ?? []; } return token; }, async session({ session, token }) { session.user = { id: token.sub ?? '', name: token.name ?? null, email: token.email ?? null, image: token.picture ?? null, username: token.username, first_name: token.first_name, last_name: token.last_name, role: token.role, }; session.accessToken = token.accessToken; session.refreshToken = token.refreshToken; return session; } } }; const handler = NextAuth(authOptions); export { handler as GET, handler as POST };