platform/portal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ci/registry-meghsakha-orca-webhook
portal/src/auth.ts
T
sharang e7a1290246
ci / shared (push) Successful in 4s
Details
ci / test (push) Successful in 26s
Details
ci / e2e (push) Has been skipped
Details
ci / image (push) Has been skipped
Details
feat(app): Next.js 16 + Auth.js v5 portal skeleton 
Next.js 16 + Auth.js v5 skeleton: host→slug middleware, tenant-context layout, OIDC sign-in flow against breakpilot-dev realm. 100% coverage on src/lib. Bumps next to 16.2.6 to clear trivy CVEs in 15.0.3.
2026-05-19 09:35:05 +00:00

60 lines
2.1 KiB
TypeScript
Raw Permalink Blame History

// Auth.js v5 — Keycloak provider.
//
// Dev uses the breakpilot-dev realm from platform/orca-platform/dev. The
// realm's dev-portal client is a public PKCE client; we still pass a
// non-empty clientSecret because the Keycloak provider requires it
// structurally — it's unused in the auth code grant for public clients
// when PKCE is enabled.
import NextAuth from "next-auth";
import Keycloak from "next-auth/providers/keycloak";
export const { handlers, auth, signIn, signOut } = NextAuth({
providers: [
Keycloak({
clientId: process.env.KEYCLOAK_CLIENT_ID ?? "dev-portal",
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET ?? "unused-public-client",
issuer:
process.env.KEYCLOAK_ISSUER ??
"http://localhost:8080/realms/breakpilot-dev",
}),
],
callbacks: {
async jwt({ token, profile }) {
// Pass the breakpilot-dev realm's custom claims through to the session.
if (profile) {
token.tenant_id = (profile as Record<string, unknown>).tenant_id as
| string
| undefined;
token.tenant_slug = (profile as Record<string, unknown>).tenant_slug as
| string
| undefined;
token.org_roles = (profile as Record<string, unknown>).org_roles as
| string[]
| undefined;
token.products = (profile as Record<string, unknown>).products as
| string[]
| undefined;
token.plan = (profile as Record<string, unknown>).plan as
| string
| undefined;
token.tenant_status = (profile as Record<string, unknown>)
.tenant_status as string | undefined;
}
return token;
},
async session({ session, token }) {
session.user = session.user ?? { name: null, email: null, image: null };
Object.assign(session, {
tenant_id: token.tenant_id,
tenant_slug: token.tenant_slug,
org_roles: token.org_roles,
products: token.products,
plan: token.plan,
tenant_status: token.tenant_status,
});
return session;
},
},
});
Reference in New Issue View Git Blame Copy Permalink