0.0.25 • Published 3 months ago

@sicare/auth-provider v0.0.25

Weekly downloads
-
License
MIT
Repository
-
Last release
3 months ago

@sicare/auth-provider

A customizable and extensible authentication provider for NextAuth.js, using OpenID Connect (OIDC) and Keycloak. This package enables seamless integration with Keycloak's token exchange and refresh mechanisms, while supporting both JWT and Database session strategies.

✨ Features

  • 🔐 Secure token exchange via Keycloak

  • 🔄 Automatic refresh token handling

  • 🧠 Custom session and JWT callbacks

  • ⚙️ Session strategy support: jwt or database

  • 🍪 Cookie strategy configuration

  • 🧩 Extensible storage using unstorage

  • 📦 Designed for integration with Nuxt or Next.js (via next-auth)

📦 Installation

npm install @sicare/auth-provider

or

yarn add @sicare/auth-provider

🛠️ Usage

Basic Setup

import { createAuthProvidersOptions } from '@sicare/auth-provider';

const authOptions = createAuthProvidersOptions({
  sessionStrategy: 'jwt', // or 'database'
});

Example with NextAuth

// pages/api/auth/[...nextauth].ts
import NextAuth from 'next-auth';
import { createAuthProvidersOptions } from '@sicare/auth-provider';

const options = createAuthProvidersOptions({
  authSecret: process.env.NEXTAUTH_SECRET,
  sessionStrategy: 'jwt', // or 'database'
  debug: true,
});

export default NextAuth(options);

Example with Nuxt

import { NuxtAuthHandler } from '#auth';
import { createAuthProvidersOptions } from '@sicare/auth-provider';

const options = createAuthProvidersOptions({
  authSecret: process.env.NUXT_AUTH_SECRET,
  sessionStrategy: 'jwt', // or 'database'
  debug: true,
});

export default NuxtAuthHandler(options);

⚙️ Environment Variables

Make sure to define the following environment variables in your .env:

KEYCLOAK_ID=your-client-id
KEYCLOAK_SECRET=your-client-secret
KEYCLOAK_ISSUER=https://your-keycloak-domain/realms/your-realm
SESSION_IDLE_TIMEOUT=1800

🧩 Utilities

This package also exposes utility functions:

  • keycloakTokenExchangeHandler - For exchanging tokens via Keycloak.

  • refreshAccessToken - For refreshing expired tokens.

  • keycloakIssuerDiscover - For OIDC issuer discovery.

  • authenticationScope - Default scope: openid email profile.

0.0.25

3 months ago

0.0.24

3 months ago

0.0.23

3 months ago

0.0.22

3 months ago

0.0.21

3 months ago

0.0.20

3 months ago

0.0.19

3 months ago

0.0.18

3 months ago

0.0.17

3 months ago

0.0.16

3 months ago

0.0.15

3 months ago

0.0.14

3 months ago

0.0.13

3 months ago

0.0.12

3 months ago

0.0.11

3 months ago

0.0.10

3 months ago

0.0.9

3 months ago

0.0.8

3 months ago

0.0.7

3 months ago

0.0.6

3 months ago

0.0.5

3 months ago

0.0.4

3 months ago

0.0.3

3 months ago

0.0.2

3 months ago

0.0.1

3 months ago