31 lines
927 B
TypeScript
31 lines
927 B
TypeScript
import { SvelteKitAuth } from "@auth/sveltekit"
|
|
import Authentik from "@auth/core/providers/authentik"
|
|
import { AUTHENTIK_ID, AUTHENTIK_SECRET, AUTHENTIK_ISSUER } from "$env/static/private";
|
|
|
|
export const { handle, signIn, signOut } = SvelteKitAuth({
|
|
providers: [
|
|
Authentik({
|
|
clientId: AUTHENTIK_ID,
|
|
clientSecret: AUTHENTIK_SECRET,
|
|
issuer: AUTHENTIK_ISSUER,
|
|
})],
|
|
callbacks: {
|
|
// this feels like an extremely hacky way to get nickname and groups into the session object
|
|
// TODO: investigate if there's a better way to do this
|
|
jwt: async ({token, profile}) => {
|
|
if(profile){
|
|
token.nickname = profile.nickname;
|
|
token.groups = profile.groups;
|
|
}
|
|
return token;
|
|
},
|
|
session: async ({session, token}) => {
|
|
session.user.nickname = token.nickname as string;
|
|
session.user.groups = token.groups as string[];
|
|
return session;
|
|
},
|
|
|
|
},
|
|
trustHost: true // needed for reverse proxy setups
|
|
})
|