-
Notifications
You must be signed in to change notification settings - Fork 3
/
adfs.ts
78 lines (68 loc) · 1.7 KB
/
adfs.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import { OAuthConfig, OAuthUserConfig } from "next-auth/providers";
export interface ADFSProfile extends Record<string, any> {
/**
* The subject of the JWT (user)
*/
sub: string;
/**
* The display name of the user
*/
unique_name: string;
/**
* The company email address of the user.
*/
email: string;
/**
* The assigned role(s) of the user.
*/
role: string | string[];
}
/**
* Configures Active Directory Federation Services as a NextAuth provider.
*/
export default function ADFS<P extends ADFSProfile>(
options: OAuthUserConfig<P> & {
/**
* The OAuth Authorize URL
*/
authorizeUrl: string;
}
): OAuthConfig<P> {
return {
id: "adfs",
name: "eIAM (ADFS)",
type: "oauth",
authorization: {
url: options.authorizeUrl,
params: {
scope: "openid",
},
},
idToken: true,
async profile(profile: P, tokens) {
// Usually the user only has one role, which is a string.
let role = profile.role;
if (Array.isArray(profile.role)) {
// In rare occasions where the user has multiple roles,
// the 'Admin' role is the leading role.
const opRole = profile.role.find((x) => x == "Admin");
// If the user has the 'Admin' role, this will be the assigned role.
if (opRole != undefined) {
role = opRole;
}
// Otherwise, take the first occurrence in the list.
else {
role = profile.role[0];
}
}
return {
id: profile.sub,
name: `${profile.given_name} ${profile.family_name}`,
email: profile.email,
role: role,
idToken: tokens.id_token,
};
},
options,
};
}