Merge pull request #4 from eaudeweb/permissions_in_next-auth_jwe

permissions in next auth jwe
eaudeweb · Jun 12, 2024 · ba1fc34 · ba1fc34
2 parents ab39882 + 3e44087
commit ba1fc34
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 5 deletions.
diff --git a/packages/next-drupal/package.json b/packages/next-drupal/package.json
@@ -31,6 +31,7 @@
     "html-react-parser": "^5.1.10",
     "isomorphic-dompurify": "^2.7.0",
     "jsona": "^1.12.1",
+    "jwt-decode": "^4.0.0",
     "lodash": "^4.17.21",
     "next": "^13.5.6",
     "next-auth": "4.24.7",
@@ -41,6 +42,7 @@
   },
   "devDependencies": {
     "@csstools/postcss-global-data": "^2.1.1",
+    "@edw/config-release-it": "workspace:*",
     "@release-it/conventional-changelog": "^8.0.1",
     "@testing-library/dom": "^10.0.0",
     "@testing-library/jest-dom": "^6.4.2",
@@ -63,7 +65,6 @@
     "release-it": "^17.2.1",
     "sass": "^1.75.0",
     "tsconfig": "workspace:*",
-    "@edw/config-release-it": "workspace:*",
     "typescript": "5.4.5"
   }
 }
diff --git a/packages/next-drupal/src/@types/next-auth.d.ts b/packages/next-drupal/src/@types/next-auth.d.ts
@@ -1,4 +1,7 @@
-import { Session as NextAuthSession, User as NextAuthUser } from 'next-auth'
+import type {
+  Session as NextAuthSession,
+  User as NextAuthUser,
+} from 'next-auth'
 
 declare module 'next-auth' {
   interface User extends NextAuthUser {
@@ -14,6 +17,12 @@ declare module 'next-auth' {
       message: string
       statusCode: number
     }
+    user?: {
+      email?: null | string
+      image?: null | string
+      name?: null | string
+      permissions?: Record<string, boolean>
+    }
   }
 }
 

diff --git a/packages/next-drupal/src/lib/auth/index.ts b/packages/next-drupal/src/lib/auth/index.ts
@@ -1,6 +1,7 @@
 /* eslint-disable turbo/no-undeclared-env-vars */
 import type { NextAuthOptions, Session } from 'next-auth'
 
+import { jwtDecode } from 'jwt-decode'
 import NextAuth from 'next-auth'
 import { JWT } from 'next-auth/jwt'
 import {
@@ -95,7 +96,6 @@ async function refreshAccessToken(token: JWT) {
   const data = await response.json()
 
   if (!response.ok) {
-    console.log(response)
     return {
       error: {
         message: response.statusText,
@@ -116,21 +116,32 @@ async function refreshAccessToken(token: JWT) {
 export const authOptions = {
   callbacks: {
     async jwt({ account, token, user }) {
+      let data: any = {}
+      try {
+        data = jwtDecode(user?.access_token || token?.access_token || '')
+      } catch (e) {
+        console.log(e)
+      }
       // Initial sign in
       if (account && user) {
         return {
           access_token: user.access_token,
-          email: user.email,
+          email: data.mail || user.email,
           expires_in: Date.now() + (user.expires_in || 0) * 1000,
           // expires_in: Date.now() + 5 * 1000,
           name: user.name,
+          permissions: data.permissions,
           refresh_token: user.refresh_token,
         }
       }
 
       // Return previous token if the access token has not expired yet
       if (Date.now() < (token.expires_in || 0)) {
-        return token
+        return {
+          ...token,
+          email: data.mail,
+          permissions: data.permissions,
+        }
       }
 
       // Access token has expired, try to update it
@@ -144,9 +155,11 @@ export const authOptions = {
           error: token.error,
         }
       }
+
       session.user = {
         email: token.email,
         name: token.name,
+        permissions: (token.permissions || {}) as Record<string, boolean>,
       }
       session.access_token = token.access_token
       session.access_token_expires = token.expires_in

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml