ti.sil/sourcebot
1
0
Fork 0
mirror of https://github.com/sourcebot-dev/sourcebot.git synced 2025-12-12 04:15:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

wip on updating access_token

Browse source
This commit is contained in:
bkellam 2025-11-28 21:47:09 -08:00
parent cbc2cfc190
commit d022066529
2 changed files with 114 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
packages/web/src/app/components/authMethodSelector.tsx
View file

@ -29,9 +29,20 @@ export const AuthMethodSelector = ({
// Call the optional analytics callback first // Call the optional analytics callback first
onProviderClick?.(provider); onProviderClick?.(provider);
signIn(provider, { // @nocheckin
redirectTo: callbackUrl ?? "/" signIn(
}); provider,
{
redirectTo: callbackUrl ?? "/",
},
// @see: https://github.com/nextauthjs/next-auth/issues/2066
// @see: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
// @see: https://next-auth.js.org/getting-started/client#additional-parameters
{
prompt: 'consent',
scope: 'read:user user:email repo'
}
);
}, [callbackUrl, onProviderClick]); }, [callbackUrl, onProviderClick]);
// Separate OAuth providers from special auth methods // Separate OAuth providers from special auth methods

36
packages/web/src/auth.ts
View file

@ -60,7 +60,8 @@ export const getProviders = () => {
const providers: IdentityProvider[] = eeIdentityProviders; const providers: IdentityProvider[] = eeIdentityProviders;
if (env.SMTP_CONNECTION_URL && env.EMAIL_FROM_ADDRESS && env.AUTH_EMAIL_CODE_LOGIN_ENABLED === 'true') { if (env.SMTP_CONNECTION_URL && env.EMAIL_FROM_ADDRESS && env.AUTH_EMAIL_CODE_LOGIN_ENABLED === 'true') {
providers.push({ provider: EmailProvider({ providers.push({
provider: EmailProvider({
server: env.SMTP_CONNECTION_URL, server: env.SMTP_CONNECTION_URL,
from: env.EMAIL_FROM_ADDRESS, from: env.EMAIL_FROM_ADDRESS,
maxAge: 60 * 10, maxAge: 60 * 10,
@ -84,11 +85,13 @@ export const getProviders = () => {
throw new Error(`Email(s) (${failed.join(", ")}) could not be sent`); throw new Error(`Email(s) (${failed.join(", ")}) could not be sent`);
} }
} }
}), purpose: "sso"}); }), purpose: "sso"
});
} }
if (env.AUTH_CREDENTIALS_LOGIN_ENABLED === 'true') { if (env.AUTH_CREDENTIALS_LOGIN_ENABLED === 'true') {
providers.push({ provider: Credentials({ providers.push({
provider: Credentials({
credentials: { credentials: {
email: {}, email: {},
password: {} password: {}
@ -141,7 +144,8 @@ export const getProviders = () => {
}; };
} }
} }
}), purpose: "sso"}); }), purpose: "sso"
});
} }
return providers; return providers;
@ -156,7 +160,29 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
trustHost: true, trustHost: true,
events: { events: {
createUser: onCreateUser, createUser: onCreateUser,
signIn: async ({ user }) => { signIn: async ({ user, account }) => {
// Explicitly update the Account record with the OAuth token details.
// This is necessary to update the access token when the user
// re-authenticates.
if (account && account.provider && account.providerAccountId) {
await prisma.account.update({
where: {
provider_providerAccountId: {
provider: account.provider,
providerAccountId: account.providerAccountId,
},
},
data: {
refresh_token: account.refresh_token,
access_token: account.access_token,
expires_at: account.expires_at,
token_type: account.token_type,
scope: account.scope,
id_token: account.id_token,
}
})
}
if (user.id) { if (user.id) {
await auditService.createAudit({ await auditService.createAudit({
action: "user.signed_in", action: "user.signed_in",