api9nin / src /app /api /auth /oidc /start /route.js
github-actions[bot]
deploy from github actions 2026-06-18
c8ae75d
Raw
History Blame Contribute Delete
1.69 kB
import { NextResponse } from "next/server";
import { cookies } from "next/headers";
import {
buildOidcAuthorizationUrl,
createOidcNonce,
createOidcState,
createPkcePair,
fetchOidcDiscovery,
getOidcRuntimeConfig,
getPublicOrigin,
} from "@/lib/auth/oidc";
import { shouldUseSecureCookie } from "@/lib/auth/dashboardSession";
export async function GET(request) {
try {
const config = await getOidcRuntimeConfig();
if (!config) {
return NextResponse.redirect(new URL("/login?error=oidc_not_configured", getPublicOrigin(request)));
}
const discovery = await fetchOidcDiscovery(config.issuerUrl);
const state = createOidcState();
const nonce = createOidcNonce();
const { verifier, challenge } = createPkcePair();
const redirectUri = `${getPublicOrigin(request)}/api/auth/oidc/callback`;
const authUrl = buildOidcAuthorizationUrl({
authorizationEndpoint: discovery.authorization_endpoint,
clientId: config.clientId,
redirectUri,
scopes: config.scopes,
state,
nonce,
codeChallenge: challenge,
});
const cookieStore = await cookies();
const baseOptions = {
httpOnly: true,
secure: shouldUseSecureCookie(request),
sameSite: "lax",
path: "/",
maxAge: 10 * 60,
};
cookieStore.set("oidc_state", state, baseOptions);
cookieStore.set("oidc_nonce", nonce, baseOptions);
cookieStore.set("oidc_code_verifier", verifier, baseOptions);
return NextResponse.redirect(authUrl);
} catch (error) {
return NextResponse.redirect(new URL(`/login?error=${encodeURIComponent(error.message || "oidc_start_failed")}`, getPublicOrigin(request)));
}
}