diff options
| author | joonhoekim <26rote@gmail.com> | 2025-06-20 11:47:15 +0000 |
|---|---|---|
| committer | joonhoekim <26rote@gmail.com> | 2025-06-20 11:47:15 +0000 |
| commit | abd9f950bbd95b9ad713a26d3fd8a7e0282b7c51 (patch) | |
| tree | aafc71d5ff23962c2d6d5e902c66ee070b7ac068 /app/api/auth/[...nextauth]/route.ts | |
| parent | 994defd6446ce20c4b4e0d6cc91688b0e64230a4 (diff) | |
(김준회) SAML 2.0 SSO (Knox Portal) 추가
Diffstat (limited to 'app/api/auth/[...nextauth]/route.ts')
| -rw-r--r-- | app/api/auth/[...nextauth]/route.ts | 63 |
1 files changed, 33 insertions, 30 deletions
diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts index 4673d8ae..969263ea 100644 --- a/app/api/auth/[...nextauth]/route.ts +++ b/app/api/auth/[...nextauth]/route.ts @@ -9,6 +9,7 @@ import { JWT } from "next-auth/jwt" import CredentialsProvider from 'next-auth/providers/credentials' import { verifyExternalCredentials, verifyOtp, verifyOtpTemp } from '@/lib/users/verifyOtp' +import { SAMLProvider } from './saml/provider' // 1) 모듈 보강 선언 declare module "next-auth" { @@ -44,6 +45,18 @@ declare module "next-auth" { } } +// JWT 타입 확장 +declare module "next-auth/jwt" { + interface JWT { + id?: string + imageUrl?: string | null + companyId?: number | null + techCompanyId?: number | null + domain?: string | null + } +} + + // (2) authOptions에 NextAuthOptions 타입 지정 export const authOptions: NextAuthOptions = { providers: [ @@ -68,36 +81,11 @@ export const authOptions: NextAuthOptions = { imageUrl: user.imageUrl ?? null, name: user.name, // DB에서 가져온 실제 이름 companyId: user.companyId, // DB에서 가져온 실제 이름 - techCompanyId: (user as any).techCompanyId, // techVendor ID + techCompanyId: user.techCompanyId as number | undefined, // techVendor ID domain: user.domain, // DB에서 가져온 실제 이름 } }, }), - // CredentialsProvider({ - // name: 'Credentials', - // credentials: { - // email: { label: 'Email', type: 'text' }, - // code: { label: 'OTP code', type: 'text' }, - // }, - // async authorize(credentials, req) { - // const { email, code } = credentials ?? {} - - // // OTP 검증 - // const user = await verifyOtp(email ?? '', code ?? '') - // if (!user) { - // return null - // } - - // return { - // id: String(user.id ?? email ?? "dts"), - // email: user.email, - // imageUrl: user.imageUrl ?? null, - // name: user.name, // DB에서 가져온 실제 이름 - // companyId: user.companyId, // DB에서 가져온 실제 이름 - // domain: user.domain, // DB에서 가져온 실제 이름 - // } - // }, - // }), // 새로 추가할 ID/비밀번호 provider CredentialsProvider({ id: 'credentials-password', @@ -136,6 +124,22 @@ export const authOptions: NextAuthOptions = { return null; } } + }), + // SAML Provider 추가 (CredentialsProvider 기반) + SAMLProvider({ + id: "credentials-saml", + name: "SAML SSO", + idp: { + sso_login_url: process.env.SAML_IDP_SSO_URL!, + sso_logout_url: process.env.SAML_IDP_SLO_URL || '', // 선택적 + certificates: [process.env.SAML_IDP_CERT!] + }, + sp: { + entity_id: process.env.SAML_SP_ENTITY_ID!, + private_key: process.env.SAML_SP_PRIVATE_KEY || '', + certificate: process.env.SAML_SP_CERT || '', + assert_endpoint: process.env.SAML_SP_CALLBACK_URL || `${process.env.NEXTAUTH_URL}/api/saml/callback` + } }) ], // (3) session.strategy는 'jwt'가 되도록 선언 @@ -155,7 +159,7 @@ export const authOptions: NextAuthOptions = { token.companyId = user.companyId token.techCompanyId = user.techCompanyId token.domain = user.domain - ; (token as any).imageUrl = (user as any).imageUrl + token.imageUrl = user.imageUrl } return token }, @@ -168,7 +172,7 @@ export const authOptions: NextAuthOptions = { domain: token.domain as string, companyId: token.companyId as number, techCompanyId: token.techCompanyId as number, - image: (token as any).imageUrl ?? null + image: token.imageUrl ?? null } } return session @@ -185,8 +189,7 @@ export const authOptions: NextAuthOptions = { } // 그 외에는 baseUrl로 리다이렉트 return baseUrl; - } - + }, }, } |