From df8ea09021ac97630cf6a916a1f860de50990ba6 Mon Sep 17 00:00:00 2001 From: David Nguyen Date: Fri, 14 Feb 2025 18:11:54 +1100 Subject: [PATCH] fix: add oidc env variables --- .env.example | 3 --- packages/auth/server/config.ts | 3 +++ packages/auth/server/lib/utils/handle-oauth-callback-url.ts | 2 +- packages/tsconfig/process-env.d.ts | 1 - turbo.json | 1 - 5 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.env.example b/.env.example index a157040c9..41145424c 100644 --- a/.env.example +++ b/.env.example @@ -18,9 +18,6 @@ NEXT_PRIVATE_OIDC_WELL_KNOWN="" NEXT_PRIVATE_OIDC_CLIENT_ID="" NEXT_PRIVATE_OIDC_CLIENT_SECRET="" NEXT_PRIVATE_OIDC_PROVIDER_LABEL="OIDC" -# This can be used to still allow signups for OIDC connections -# when signup is disabled via `NEXT_PUBLIC_DISABLE_SIGNUP` -NEXT_PRIVATE_OIDC_ALLOW_SIGNUP="" NEXT_PRIVATE_OIDC_SKIP_VERIFY="" # [[URLS]] diff --git a/packages/auth/server/config.ts b/packages/auth/server/config.ts index 995272570..a91f91d9f 100644 --- a/packages/auth/server/config.ts +++ b/packages/auth/server/config.ts @@ -8,6 +8,7 @@ export type OAuthClientOptions = { clientSecret: string; wellKnownUrl: string; redirectUrl: string; + bypassEmailVerification?: boolean; }; export const GoogleAuthOptions: OAuthClientOptions = { @@ -17,6 +18,7 @@ export const GoogleAuthOptions: OAuthClientOptions = { clientSecret: env('NEXT_PRIVATE_GOOGLE_CLIENT_SECRET') ?? '', redirectUrl: `${NEXT_PUBLIC_WEBAPP_URL()}/api/auth/callback/google`, wellKnownUrl: 'https://accounts.google.com/.well-known/openid-configuration', + bypassEmailVerification: false, }; export const OidcAuthOptions: OAuthClientOptions = { @@ -26,4 +28,5 @@ export const OidcAuthOptions: OAuthClientOptions = { clientSecret: env('NEXT_PRIVATE_OIDC_CLIENT_SECRET') ?? '', redirectUrl: `${NEXT_PUBLIC_WEBAPP_URL()}/api/auth/callback/oidc`, wellKnownUrl: env('NEXT_PRIVATE_OIDC_WELL_KNOWN') ?? '', + bypassEmailVerification: env('NEXT_PRIVATE_OIDC_SKIP_VERIFY') === 'true', }; diff --git a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts index d13748900..30f1dd929 100644 --- a/packages/auth/server/lib/utils/handle-oauth-callback-url.ts +++ b/packages/auth/server/lib/utils/handle-oauth-callback-url.ts @@ -79,7 +79,7 @@ export const handleOAuthCallbackUrl = async (options: HandleOAuthCallbackUrlOpti }); } - if (claims.email_verified !== true) { + if (claims.email_verified !== true && !clientOptions.bypassEmailVerification) { throw new AppError(AuthenticationErrorCode.UnverifiedEmail, { message: 'Account email is not verified', }); diff --git a/packages/tsconfig/process-env.d.ts b/packages/tsconfig/process-env.d.ts index 78a0f2810..dc00ef57b 100644 --- a/packages/tsconfig/process-env.d.ts +++ b/packages/tsconfig/process-env.d.ts @@ -10,7 +10,6 @@ declare namespace NodeJS { NEXT_PRIVATE_OIDC_CLIENT_ID?: string; NEXT_PRIVATE_OIDC_CLIENT_SECRET?: string; NEXT_PRIVATE_OIDC_PROVIDER_LABEL?: string; - NEXT_PRIVATE_OIDC_ALLOW_SIGNUP?: string; NEXT_PRIVATE_OIDC_SKIP_VERIFY?: string; NEXT_PRIVATE_DATABASE_URL: string; diff --git a/turbo.json b/turbo.json index ab2eb749e..a5adf232a 100644 --- a/turbo.json +++ b/turbo.json @@ -65,7 +65,6 @@ "NEXT_PRIVATE_OIDC_CLIENT_ID", "NEXT_PRIVATE_OIDC_CLIENT_SECRET", "NEXT_PRIVATE_OIDC_PROVIDER_LABEL", - "NEXT_PRIVATE_OIDC_ALLOW_SIGNUP", "NEXT_PRIVATE_OIDC_SKIP_VERIFY", "NEXT_PUBLIC_UPLOAD_TRANSPORT", "NEXT_PRIVATE_UPLOAD_ENDPOINT",