🕷️

Author: quochuydev

app1/ui/Home.tsx

@@ -28,9 +28,6 @@ export default function Home() {
               onSelectAccount={(session) => console.log(session)}
               session={sessions[0]}
               sessions={sessions}
-              signOut={() => {
-                window.location.href = `https://auth.example.local/auth/signout?id_token_hint=${sessions[0]?.idToken}&return_url=https://app.example.local/app1`;
-              }}
             />
           </div>
         </nav>

app1/ui/components/ProfileImage.tsx

@@ -8,9 +8,8 @@ export default function ProfileImage(props: {
   session: any;
   sessions: any[];
   onSelectAccount: (session: any) => void;
-  signOut: (sessionId: string) => void;
 }) {
-  const { session, sessions, onSelectAccount, signOut } = props;
+  const { session, sessions } = props;
   const router = useRouter();
 
   const user = {
@@ -50,7 +49,6 @@ export default function ProfileImage(props: {
               {() => (
                 <button
                   onClick={() => {
-                    // onSelectAccount(session);
                     router.push(`/account/${index}`);
                   }}
                   className={`group flex items-center w-full px-2 py-2 text-sm`}
@@ -76,7 +74,6 @@ export default function ProfileImage(props: {
                 className={`group flex justify-center items-center w-full px-2 py-2 text-sm`}
                 onClick={() => {
                   const params = new URLSearchParams({
-                    // login_hint: 'username',
                     prompt: "select_account",
                     scope: [
                       "openid",
@@ -91,7 +88,7 @@ export default function ProfileImage(props: {
                     return_url: "https://app.example.local/app1",
                   });
 
-                  window.location.href = `https://auth.example.local/auth/signin?${params}`;
+                  window.location.href = `https://auth.example.local/auth/signin/portal?${params}`;
                 }}
               >
                 + Add other account
@@ -103,7 +100,17 @@ export default function ProfileImage(props: {
             {() => (
               <button
                 className={`group flex justify-center items-center w-full px-2 py-2 text-sm`}
-                onClick={() => signOut(session.id)}
+                onClick={() => {
+                  const params = new URLSearchParams({
+                    return_url: "https://app.example.local/app1",
+                  });
+
+                  if (session?.idToken) {
+                    params.set("id_token_hint", session.idToken);
+                  }
+
+                  window.location.href = `https://auth.example.local/auth/signout/portal?${params}`;
+                }}
               >
                 Logout
               </button>

app2/ui/Home.tsx

@@ -2,7 +2,7 @@
 import { useEffect, useState } from "react";
 
 export default function Home() {
-  const [sessions, setSessions] = useState([]);
+  const [sessions, setSessions] = useState<any[]>([]);
 
   useEffect(() => {
     reloadSessions();
@@ -37,7 +37,7 @@ export default function Home() {
             return_url: "https://app.example.local/app2",
           });
 
-          window.location.href = `https://auth.example.local/auth/signin?${params}`;
+          window.location.href = `https://auth.example.local/auth/signin/zitadel?${params}`;
         }}
       >
         Login
@@ -48,7 +48,11 @@ export default function Home() {
             return_url: "https://app.example.local/app2",
           });
 
-          window.location.href = `https://auth.example.local/auth/signout?${params}`;
+          if (sessions[0]?.idToken) {
+            params.set("id_token_hint", sessions[0].idToken);
+          }
+
+          window.location.href = `https://auth.example.local/auth/signout/zitadel?${params}`;
         }}
       >
         Logout

auth/app/api/auth/callback/route.ts renamed to auth/app/api/auth/callback/[provider]/route.ts

@@ -14,7 +14,10 @@ import { NextRequest, NextResponse } from "next/server";
 import { URLSearchParams } from "url";
 import { v4 as uuid } from "uuid";
 
-async function handler(request: NextRequest) {
+async function handler(
+  request: NextRequest,
+  { params }: { params: { provider: "portal" | "zitadel" } }
+) {
   try {
     const code = request.nextUrl.searchParams.get("code");
     const state = request.nextUrl.searchParams.get("state");
@@ -36,15 +39,18 @@ async function handler(request: NextRequest) {
     if (redirectCookie.value !== configuration.redirectUrl)
       throw new Error("Invalid redirect url");
 
+    const provider = params.provider;
+    if (!provider) throw new Error("provider not found");
+
     const tokenParams = new URLSearchParams();
     tokenParams.append("code", code as string);
     tokenParams.append("grant_type", "authorization_code");
-    tokenParams.append("client_id", configuration.portal.clientId);
+    tokenParams.append("client_id", configuration[provider].clientId);
     tokenParams.append("redirect_uri", configuration.redirectUrl);
     tokenParams.append("code_verifier", codeVerifierCookie.value);
 
     const wellKnownResponse = await fetch(
-      `${configuration.portal.issuer}/.well-known/openid-configuration`
+      `${configuration[provider].issuer}/.well-known/openid-configuration`
     );
 
     const wellKnown = (await wellKnownResponse.json()) as {

auth/app/api/auth/signin/route.ts renamed to auth/app/api/auth/signin/[provider]/route.ts

@@ -16,7 +16,10 @@ import { cookies } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
 import { URLSearchParams } from "url";
 
-export async function POST(request: NextRequest) {
+export async function POST(
+  request: NextRequest,
+  { params }: { params: { provider: "portal" | "zitadel" } }
+) {
   const body = (await request.json()) as {
     csrfToken: string;
     scope: string;
@@ -26,14 +29,17 @@ export async function POST(request: NextRequest) {
   };
   const { csrfToken, scope, returnUrl, prompt, loginHint } = body;
 
+  const provider = params.provider;
+  if (!provider) throw new Error("provider not found");
+
   const requestCookie = cookies();
 
   const csrfTokenCookie = requestCookie.get(csrfTokenCookieName);
   if (!csrfTokenCookie) throw new Error("csrfToken cookie not found");
   if (csrfTokenCookie.value !== csrfToken) throw new Error("Invalid csrfToken");
 
   const wellKnownResponse = await fetch(
-    `${configuration.portal.issuer}/.well-known/openid-configuration`
+    `${configuration[provider].issuer}/.well-known/openid-configuration`
   );
 
   const wellKnown = (await wellKnownResponse.json()) as {
@@ -52,18 +58,18 @@ export async function POST(request: NextRequest) {
   const codeChallenge = generateCodeChallenge(codeVerifier);
   const state = generateState();
 
-  const params = new URLSearchParams({
+  const requestParams = new URLSearchParams({
     code_challenge: codeChallenge,
     code_challenge_method: "S256",
-    client_id: configuration.portal.clientId,
+    client_id: configuration[provider].clientId,
     redirect_uri: configuration.redirectUrl,
     response_type: "code",
     scope,
     state,
   });
 
-  if (prompt) params.set("prompt", prompt);
-  if (loginHint) params.set("login_hint", loginHint);
+  if (prompt) requestParams.set("prompt", prompt);
+  if (loginHint) requestParams.set("login_hint", loginHint);
 
   if (returnUrl) setShortLiveCookie(returnUrlCookieName, returnUrl);
   setShortLiveCookie(stateCookieName, state);

auth/app/api/auth/signout/route.ts renamed to auth/app/api/auth/signout/[provider]/route.ts

@@ -6,7 +6,10 @@ import { Prisma } from "@prisma/client";
 import { cookies } from "next/headers";
 import { NextRequest, NextResponse } from "next/server";
 
-export async function POST(request: NextRequest) {
+export async function POST(
+  request: NextRequest,
+  { params }: { params: { provider: "portal" | "zitadel" } }
+) {
   try {
     const body = (await request.json()) as {
       returnUrl?: string;
@@ -17,12 +20,11 @@ export async function POST(request: NextRequest) {
     };
     const { returnUrl, idTokenHint, state } = body;
 
-    const requestCookie = cookies();
-    const authSessionCookie = requestCookie.get(authSessionCookieName);
-    const authSession = authSessionCookie?.value;
+    const provider = params.provider;
+    if (!provider) throw new Error("provider not found");
 
     const wellKnownResponse = await fetch(
-      `${configuration.portal.issuer}/.well-known/openid-configuration`
+      `${configuration[provider].issuer}/.well-known/openid-configuration`
     );
 
     const wellKnown = (await wellKnownResponse.json()) as {
@@ -37,28 +39,33 @@ export async function POST(request: NextRequest) {
       throw { code: wellKnownResponse.status, details: wellKnown };
     }
 
-    const params = new URLSearchParams({
-      client_id: configuration.portal.clientId,
+    const requestParams = new URLSearchParams({
+      client_id: configuration[provider].clientId,
       post_logout_redirect_uri: configuration.postLogoutRedirectUri,
     });
 
-    if (state) params.set("state", state);
+    if (state) requestParams.set("state", state);
+    if (idTokenHint) requestParams.set("id_token_hint", idTokenHint);
 
-    const sessionWhereInput: Prisma.SessionWhereInput = {
-      authSession: authSessionCookie?.value,
-    };
+    const requestCookie = cookies();
+    const authSessionCookie = requestCookie.get(authSessionCookieName);
 
-    if (idTokenHint) {
-      params.set("id_token_hint", idTokenHint);
-      sessionWhereInput.idToken = idTokenHint;
-    }
+    if (authSessionCookie?.value) {
+      const sessionWhereInput: Prisma.SessionWhereInput = {
+        authSession: authSessionCookie.value,
+      };
 
-    await prisma.session.updateMany({
-      where: sessionWhereInput,
-      data: {
-        deletedAt: new Date(),
-      },
-    });
+      if (idTokenHint) {
+        sessionWhereInput.idToken = idTokenHint;
+      }
+
+      await prisma.session.updateMany({
+        where: sessionWhereInput,
+        data: {
+          deletedAt: new Date(),
+        },
+      });
+    }
 
     if (returnUrl) setShortLiveCookie(returnUrlCookieName, returnUrl);
 

auth/app/auth/signin/page.tsx renamed to auth/app/auth/signin/[provider]/page.tsx

@@ -2,16 +2,19 @@ import SignIn from "@/ui/SignIn";
 
 export default async function Page({
   searchParams,
+  params,
 }: {
   searchParams: {
     return_url?: string;
     prompt?: string;
     scope?: string;
     login_hint?: string;
   };
+  params: { provider: string };
 }) {
   return (
     <SignIn
+      provider={params.provider}
       returnUrl={searchParams.return_url}
       prompt={searchParams.prompt}
       scope={searchParams.scope}

auth/app/auth/signout/page.tsx renamed to auth/app/auth/signout/[provider]/page.tsx

@@ -2,6 +2,7 @@ import SignOut from "@/ui/SignOut";
 
 export default async function Page({
   searchParams,
+  params,
 }: {
   searchParams: {
     return_url?: string;
@@ -10,9 +11,12 @@ export default async function Page({
     post_logoutRedirect_uri?: string;
     state?: string;
   };
+  params: { provider: string };
 }) {
+  console.log(`debug:params`, params);
   return (
     <SignOut
+      provider={params.provider}
       returnUrl={searchParams.return_url}
       idTokenHint={searchParams.id_token_hint}
       clientId={searchParams.client_id}

auth/configuration.ts

@@ -24,8 +24,13 @@ const schema = z.object({
   portal: z.object({
     clientId: z.string(),
     issuer: z.string(),
-    redirectUrl: z.string(),
   }),
+  zitadel: z.object({
+    clientId: z.string(),
+    issuer: z.string(),
+  }),
+  redirectUrl: z.string(),
+  postLogoutRedirectUri: z.string(),
 });
 
 const configuration = {

auth/prisma/dev.db

@@ -3,13 +3,14 @@ import { useEffect } from "react";
 import { useRouter } from "next/navigation";
 
 export default function SignIn(props: {
+  provider: string;
   returnUrl?: string;
   prompt?: string;
   scope?: string;
   loginHint?: string;
 }) {
   const router = useRouter();
-  const { returnUrl, prompt, scope, loginHint } = props;
+  const { provider, returnUrl, prompt, scope, loginHint } = props;
 
   useEffect(() => {
     fetch(`https://auth.example.local/api/auth/csrf`, {
@@ -19,7 +20,7 @@ export default function SignIn(props: {
       .then(async ({ csrfToken }) => {
         if (csrfToken) {
           const result = await fetch(
-            `https://auth.example.local/api/auth/signin`,
+            `https://auth.example.local/api/auth/signin/${provider}`,
             {
               method: "POST",
               body: JSON.stringify({
@@ -35,7 +36,7 @@ export default function SignIn(props: {
           if (result.authorizeUrl) router.replace(result.authorizeUrl);
         }
       });
-  }, [loginHint, prompt, returnUrl, router, scope]);
+  }, [loginHint, prompt, provider, returnUrl, router, scope]);
 
   return <div>Loading...</div>;
 }

auth/ui/SignIn.tsx

@@ -3,18 +3,25 @@ import { useEffect } from "react";
 import { useRouter } from "next/navigation";
 
 export default function SignOut(props: {
+  provider: string;
   returnUrl?: string;
   idTokenHint?: string;
   clientId?: string;
   postLogoutRedirectUri?: string;
   state?: string;
 }) {
-  const { returnUrl, idTokenHint, clientId, postLogoutRedirectUri, state } =
-    props;
+  const {
+    provider,
+    returnUrl,
+    idTokenHint,
+    clientId,
+    postLogoutRedirectUri,
+    state,
+  } = props;
   const router = useRouter();
 
   useEffect(() => {
-    fetch(`https://auth.example.local/api/auth/signout`, {
+    fetch(`https://auth.example.local/api/auth/signout/${provider}`, {
       method: "POST",
       body: JSON.stringify({
         returnUrl,
@@ -28,7 +35,15 @@ export default function SignOut(props: {
       .then(({ endSessionUrl }) => {
         if (endSessionUrl) router.replace(endSessionUrl);
       });
-  }, [clientId, idTokenHint, postLogoutRedirectUri, returnUrl, router, state]);
+  }, [
+    clientId,
+    idTokenHint,
+    postLogoutRedirectUri,
+    provider,
+    returnUrl,
+    router,
+    state,
+  ]);
 
   return <div>Loading...</div>;
 }