@sicare/auth-provider NPM

@sicare/auth-provider

A customizable and extensible authentication provider for NextAuth.js, using OpenID Connect (OIDC) and Keycloak. This package enables seamless integration with Keycloak's token exchange and refresh mechanisms, while supporting both JWT and Database session strategies.

✨ Features

🔐 Secure token exchange via Keycloak
🔄 Automatic refresh token handling
🧠 Custom session and JWT callbacks
⚙️ Session strategy support: jwt or database
🍪 Cookie strategy configuration
🧩 Extensible storage using unstorage
📦 Designed for integration with Nuxt or Next.js (via next-auth)

📦 Installation

npm install @sicare/auth-provider

yarn add @sicare/auth-provider

🛠️ Usage

Basic Setup

import { createAuthProvidersOptions } from '@sicare/auth-provider';

const authOptions = createAuthProvidersOptions({
  sessionStrategy: 'jwt', // or 'database'
});

Example with NextAuth

// pages/api/auth/[...nextauth].ts
import NextAuth from 'next-auth';
import { createAuthProvidersOptions } from '@sicare/auth-provider';

const options = createAuthProvidersOptions({
  authSecret: process.env.NEXTAUTH_SECRET,
  sessionStrategy: 'jwt', // or 'database'
  debug: true,
});

export default NextAuth(options);

Example with Nuxt

import { NuxtAuthHandler } from '#auth';
import { createAuthProvidersOptions } from '@sicare/auth-provider';

const options = createAuthProvidersOptions({
  authSecret: process.env.NUXT_AUTH_SECRET,
  sessionStrategy: 'jwt', // or 'database'
  debug: true,
});

export default NuxtAuthHandler(options);

⚙️ Environment Variables

Make sure to define the following environment variables in your .env:

KEYCLOAK_ID=your-client-id
KEYCLOAK_SECRET=your-client-secret
KEYCLOAK_ISSUER=https://your-keycloak-domain/realms/your-realm
SESSION_IDLE_TIMEOUT=1800