UNPKG

sst

Version:

github.com/sst/sst

sst/sst

49 lines (48 loc) 1.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import { generators } from "openid-client"; import { getCookie } from "hono/cookie"; export const OidcAdapter = /* @__PURE__ */ (config) => { return async function (routes, ctx) { routes.get("/authorize", async (c) => { const callback = new URL(c.req.url); callback.pathname = callback.pathname.replace(/authorize.*$/, "callback"); callback.search = ""; callback.host = c.req.header("x-forwarded-host") || callback.host; const client = new config.issuer.Client({ client_id: config.clientID, redirect_uris: [callback.toString()], response_types: ["id_token"], }); const nonce = generators.nonce(); const state = generators.state(); const url = client.authorizationUrl({ scope: config.scope, response_mode: "form_post", nonce, state, prompt: config.prompt, }); ctx.cookie(c, "auth_nonce", nonce, 60 * 10); ctx.cookie(c, "auth_state", state, 60 * 10); return c.redirect(url); }); routes.post("/callback", async (c) => { const callback = c.req.url.replace(/authorize\/.*$/, "callback"); const client = new config.issuer.Client({ client_id: config.clientID, redirect_uris: [callback], response_types: ["id_token"], }); const form = await c.req.formData(); const nonce = getCookie(c, "auth_nonce"); const state = getCookie(c, "auth_state"); const tokenset = await client.callback(callback, Object.fromEntries(form), { nonce, state, }); return ctx.success(c, { tokenset, client, }); }); }; };