keligrubb/kestrelos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
b7046dc0e624523a70e0f14d9dd0ed5b7e4676eb
kestrelos/server/api/auth/oidc/authorize.get.js
Madison Grubb b7046dc0e6 initial commit
2026-02-10 23:32:26 -05:00

42 lines
1.2 KiB
JavaScript
Raw Blame History

import { getAuthConfig } from '../../../utils/authConfig.js'
import {
getOidcConfig,
getOidcRedirectUri,
createOidcParams,
getCodeChallenge,
buildAuthorizeUrl,
} from '../../../utils/oidc.js'
const SCOPES = process.env.OIDC_SCOPES || 'openid profile email'
export default defineEventHandler(async (event) => {
const { oidc: { enabled } } = getAuthConfig()
if (!enabled) throw createError({ statusCode: 400, message: 'OIDC not enabled' })
const config = await getOidcConfig()
if (!config) throw createError({ statusCode: 500, message: 'OIDC not configured' })
const redirectUri = getOidcRedirectUri()
const { state, nonce, codeVerifier } = createOidcParams()
const codeChallenge = await getCodeChallenge(codeVerifier)
const params = {
redirect_uri: redirectUri,
scope: SCOPES,
state,
nonce,
code_challenge: codeChallenge,
code_challenge_method: 'S256',
}
const url = buildAuthorizeUrl(config, params)
setCookie(event, 'oidc_state', JSON.stringify({ state, nonce, codeVerifier }), {
httpOnly: true,
sameSite: 'lax',
path: '/',
maxAge: 600,
secure: process.env.NODE_ENV === 'production',
})
return sendRedirect(event, url.href, 302)
})
Reference in New Issue View Git Blame Copy Permalink