soconnor/beenvoice
1
0
Fork 0
mirror of https://github.com/soconnor0919/beenvoice.git synced 2026-02-05 00:06:36 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

upd: change plugin for oidc

Browse Source
This commit is contained in:
Sean O'Connor
2026-01-14 03:30:15 -05:00
parent ea9dc35323
commit 01f3b408e9
4 changed files with 23 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/app/auth/signin/page.tsx
View File

@@ -51,8 +51,8 @@ function SignInForm() {
async function handleSocialSignIn() {
setLoading(true);
try {
await authClient.signIn.sso({
domain: "beenvoice.soconnor.dev",
await authClient.signIn.oauth2({
providerId: "authentik",
callbackURL: callbackUrl,
});
// The signIn.sso method will automatically redirect to the SSO provider

4
src/app/dashboard/settings/_components/settings-content.tsx
View File

@@ -87,8 +87,8 @@ export function SettingsContent() {
const handleLinkAuthentik = async () => {
setIsLinking(true);
try {
await authClient.signIn.sso({
domain: "beenvoice.soconnor.dev",
await authClient.signIn.oauth2({
providerId: "authentik",
callbackURL: "/dashboard/settings",
});
} catch (error) {

9
src/lib/auth-client.ts
View File

@@ -1,15 +1,12 @@
"use client";
import { createAuthClient } from "better-auth/react";
import { ssoClient } from "@better-auth/sso/client";
import { genericOAuthClient } from "better-auth/client/plugins";
/**
* Auth client for better-auth with SSO support.
*
* Better-auth handles SSR internally, so we can just create the client directly.
* Auth client configuration
*/
export const authClient = createAuthClient({
baseURL: process.env.NEXT_PUBLIC_APP_URL,
plugins: [ssoClient()],
plugins: [genericOAuthClient()],
});

36
src/lib/auth.ts
View File

@@ -1,7 +1,7 @@
import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { nextCookies } from "better-auth/next-js";
import { sso } from "@better-auth/sso";
import { genericOAuth } from "better-auth/plugins";
import { db } from "~/server/db";
import * as schema from "~/server/db/schema";
@@ -39,35 +39,21 @@ export const auth = betterAuth({
},
plugins: [
nextCookies(),
sso({
// Only configure default SSO if Authentik credentials are provided
defaultSSO:
process.env.AUTHENTIK_ISSUER &&
process.env.AUTHENTIK_CLIENT_ID &&
process.env.AUTHENTIK_CLIENT_SECRET
? [
genericOAuth({
config: [
{
providerId: "authentik",
domain: "beenvoice.soconnor.dev",
oidcConfig: {
issuer: process.env.AUTHENTIK_ISSUER,
clientId: process.env.AUTHENTIK_CLIENT_ID,
clientSecret: process.env.AUTHENTIK_CLIENT_SECRET,
discoveryEndpoint: `${process.env.AUTHENTIK_ISSUER}/.well-known/openid-configuration`,
// Explicit endpoints to bypass discovery issues
authorizationEndpoint: "https://auth.soconnor.dev/application/o/authorize/",
tokenEndpoint: "https://auth.soconnor.dev/application/o/token/",
userInfoEndpoint: "https://auth.soconnor.dev/application/o/userinfo/",
jwksEndpoint: "https://auth.soconnor.dev/application/o/beenvoice/jwks/",
clientId: process.env.AUTHENTIK_CLIENT_ID!,
clientSecret: process.env.AUTHENTIK_CLIENT_SECRET!,
discoveryUrl: `${process.env.AUTHENTIK_ISSUER}/.well-known/openid-configuration`,
// Explicit endpoints to ensure correct routing in production
authorizationUrl: "https://auth.soconnor.dev/application/o/authorize/",
tokenUrl: "https://auth.soconnor.dev/application/o/token/",
userInfoUrl: "https://auth.soconnor.dev/application/o/userinfo/",
scopes: ["openid", "email", "profile"],
pkce: true,
mapping: {
emailVerified: "email_verified",
},
},
},
]
: [],
],
}),
],
});