59 lines
1.4 KiB
TypeScript
59 lines
1.4 KiB
TypeScript
import NextAuth, { NextAuthOptions } from "next-auth";
|
|
import KeycloakProvider from "next-auth/providers/keycloak";
|
|
|
|
// Simple, minimal implementation - NO REFRESH TOKEN LOGIC
|
|
export const authOptions: NextAuthOptions = {
|
|
providers: [
|
|
KeycloakProvider({
|
|
clientId: process.env.KEYCLOAK_CLIENT_ID || "",
|
|
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET || "",
|
|
issuer: process.env.KEYCLOAK_ISSUER || "",
|
|
}),
|
|
],
|
|
session: {
|
|
strategy: "jwt",
|
|
maxAge: 8 * 60 * 60, // 8 hours only
|
|
},
|
|
callbacks: {
|
|
// Simple JWT callback - no refresh logic
|
|
async jwt({ token, account }) {
|
|
if (account) {
|
|
// Initial sign-in, store tokens
|
|
token.accessToken = account.access_token;
|
|
token.sub = account.providerAccountId;
|
|
}
|
|
return token;
|
|
},
|
|
// Simple session callback
|
|
async session({ session, token }) {
|
|
session.accessToken = token.accessToken;
|
|
if (session.user) {
|
|
session.user.id = token.sub || "";
|
|
}
|
|
return session;
|
|
}
|
|
},
|
|
// Redirect to signin page for any errors
|
|
pages: {
|
|
signIn: '/signin',
|
|
error: '/signin',
|
|
},
|
|
// Set reasonable cookie options
|
|
cookies: {
|
|
sessionToken: {
|
|
name: 'next-auth.session-token',
|
|
options: {
|
|
httpOnly: true,
|
|
sameSite: 'none',
|
|
path: '/',
|
|
secure: true,
|
|
},
|
|
},
|
|
},
|
|
debug: false,
|
|
};
|
|
|
|
const handler = NextAuth(authOptions);
|
|
export { handler as GET, handler as POST };
|
|
|