soconnor/beenvoice
1
0
Fork 0
mirror of https://github.com/soconnor0919/beenvoice.git synced 2026-02-05 00:06:36 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

upd: change plugin for oidc

Browse Source
This commit is contained in:
Sean O'Connor
2026-01-14 03:30:15 -05:00
parent ea9dc35323
commit 01f3b408e9
4 changed files with 23 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/app/auth/signin/page.tsx
View File

@@ -51,8 +51,8 @@ function SignInForm() {
async function handleSocialSignIn() { async function handleSocialSignIn() {
setLoading(true); setLoading(true);
try { try {
await authClient.signIn.sso({ await authClient.signIn.oauth2({
domain: "beenvoice.soconnor.dev", providerId: "authentik",
callbackURL: callbackUrl, callbackURL: callbackUrl,
}); });
// The signIn.sso method will automatically redirect to the SSO provider // The signIn.sso method will automatically redirect to the SSO provider

4
src/app/dashboard/settings/_components/settings-content.tsx
View File

@@ -87,8 +87,8 @@ export function SettingsContent() {
const handleLinkAuthentik = async () => { const handleLinkAuthentik = async () => {
setIsLinking(true); setIsLinking(true);
try { try {
await authClient.signIn.sso({ await authClient.signIn.oauth2({
domain: "beenvoice.soconnor.dev", providerId: "authentik",
callbackURL: "/dashboard/settings", callbackURL: "/dashboard/settings",
}); });
} catch (error) { } catch (error) {

9
src/lib/auth-client.ts
View File

@@ -1,15 +1,12 @@
"use client"; "use client";
import { createAuthClient } from "better-auth/react"; import { createAuthClient } from "better-auth/react";
import { ssoClient } from "@better-auth/sso/client"; import { genericOAuthClient } from "better-auth/client/plugins";
/** /**
* Auth client for better-auth with SSO support. * Auth client configuration
*
* Better-auth handles SSR internally, so we can just create the client directly.
*/ */
export const authClient = createAuthClient({ export const authClient = createAuthClient({
baseURL: process.env.NEXT_PUBLIC_APP_URL, baseURL: process.env.NEXT_PUBLIC_APP_URL,
plugins: [ssoClient()], plugins: [genericOAuthClient()],
}); });

36
src/lib/auth.ts
View File

@@ -1,7 +1,7 @@
import { betterAuth } from "better-auth"; import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle"; import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { nextCookies } from "better-auth/next-js"; import { nextCookies } from "better-auth/next-js";
import { sso } from "@better-auth/sso"; import { genericOAuth } from "better-auth/plugins";
import { db } from "~/server/db"; import { db } from "~/server/db";
import * as schema from "~/server/db/schema"; import * as schema from "~/server/db/schema";
@@ -39,35 +39,21 @@ export const auth = betterAuth({
}, },
plugins: [ plugins: [
nextCookies(), nextCookies(),
sso({ genericOAuth({
// Only configure default SSO if Authentik credentials are provided config: [
defaultSSO:
process.env.AUTHENTIK_ISSUER &&
process.env.AUTHENTIK_CLIENT_ID &&
process.env.AUTHENTIK_CLIENT_SECRET
? [
{ {
providerId: "authentik", providerId: "authentik",
domain: "beenvoice.soconnor.dev", clientId: process.env.AUTHENTIK_CLIENT_ID!,
oidcConfig: { clientSecret: process.env.AUTHENTIK_CLIENT_SECRET!,
issuer: process.env.AUTHENTIK_ISSUER, discoveryUrl: `${process.env.AUTHENTIK_ISSUER}/.well-known/openid-configuration`,
clientId: process.env.AUTHENTIK_CLIENT_ID, // Explicit endpoints to ensure correct routing in production
clientSecret: process.env.AUTHENTIK_CLIENT_SECRET, authorizationUrl: "https://auth.soconnor.dev/application/o/authorize/",
discoveryEndpoint: `${process.env.AUTHENTIK_ISSUER}/.well-known/openid-configuration`, tokenUrl: "https://auth.soconnor.dev/application/o/token/",
// Explicit endpoints to bypass discovery issues userInfoUrl: "https://auth.soconnor.dev/application/o/userinfo/",
authorizationEndpoint: "https://auth.soconnor.dev/application/o/authorize/",
tokenEndpoint: "https://auth.soconnor.dev/application/o/token/",
userInfoEndpoint: "https://auth.soconnor.dev/application/o/userinfo/",
jwksEndpoint: "https://auth.soconnor.dev/application/o/beenvoice/jwks/",
scopes: ["openid", "email", "profile"], scopes: ["openid", "email", "profile"],
pkce: true, pkce: true,
mapping: {
emailVerified: "email_verified",
}, },
}, ],
},
]
: [],
}), }),
], ],
}); });