UNPKG

@auth/core

Version:

Authentication for the Web.

authjs.dev

nextauthjs/next-auth

102 lines (101 loc) 3.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
/** * Add FusionAuth login to your page. * * ### Setup * * #### Callback URL * ``` * https://example.com/api/auth/callback/fusionauth * ``` * * #### Configuration *```ts * import { Auth } from "@auth/core" * import FusionAuth from "@auth/core/providers/fusionauth" * * const request = new Request(origin) * const response = await Auth(request, { * providers: [ * FusionAuth({ * clientId: FUSIONAUTH_CLIENT_ID, * clientSecret: FUSIONAUTH_CLIENT_SECRET, * tenantId: FUSIONAUTH_TENANT_ID, * issuer: FUSIONAUTH_ISSUER, * }), * ], * }) * ``` * :::warning * If you're using multi-tenancy, you need to pass in the tenantId option to apply the proper theme. * ::: * * ### Resources * * - [FusionAuth OAuth documentation](https://fusionauth.io/docs/v1/tech/oauth/) * * ### Notes * * By default, Auth.js assumes that the FusionAuth provider is * based on the [OAuth 2](https://www.rfc-editor.org/rfc/rfc6749.html) specification. * * ## Configuration * :::tip * An application can be created at https://your-fusionauth-server-url/admin/application. * * For more information, follow the [FusionAuth 5-minute setup guide](https://fusionauth.io/docs/v1/tech/5-minute-setup-guide). * ::: * * In the OAuth settings for your application, configure the following. * * - Redirect URL * - https://localhost:3000/api/auth/callback/fusionauth * - Enabled grants * - Make sure _Authorization Code_ is enabled. * * If using JSON Web Tokens, you need to make sure the signing algorithm is RS256, you can create an RS256 key pair by * going to Settings, Key Master, generate RSA and choosing SHA-256 as algorithm. After that, go to the JWT settings of * your application and select this key as Access Token signing key and Id Token signing key. * :::tip * * The FusionAuth provider comes with a [default configuration](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/fusionauth.ts). * To override the defaults for your use case, check out [customizing a built-in OAuth provider](https://authjs.dev/guides/configuring-oauth-providers). * * ::: * * :::info **Disclaimer** * * If you think you found a bug in the default configuration, you can [open an issue](https://authjs.dev/new/provider-issue). * * Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from * the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec, * we might not pursue a resolution. You can ask for more help in [Discussions](https://authjs.dev/new/github-discussions). * * ::: */ export default function FusionAuth( // tenantId only needed if there is more than one tenant configured on the server options) { return { id: "fusionauth", name: "FusionAuth", type: "oauth", wellKnown: options?.tenantId ? `${options.issuer}/.well-known/openid-configuration?tenantId=${options.tenantId}` : `${options.issuer}/.well-known/openid-configuration`, authorization: { params: { scope: "openid offline_access", ...(options?.tenantId && { tenantId: options.tenantId }), }, }, checks: ["pkce", "state"], profile(profile) { return { id: profile.sub, email: profile.email, name: profile?.preferred_username, }; }, options, }; }