wildflock/src/services/auth-oidc/auth-oidc.class.ts

import type { Params, ServiceInterface } from '@feathersjs/feathers'

import type { Application } from '../../declarations'

import { Issuer, generators } from 'openid-client'
import config from 'config';


type AuthOidcResponse = string
type AuthOidcQuery = any

export type { AuthOidcResponse as AuthOidc, AuthOidcQuery }

export interface AuthOidcServiceOptions {
  app: Application
}

export interface AuthOidcParams extends Params<AuthOidcQuery> {
  session?: any
}

export class AuthOidcService<ServiceParams extends AuthOidcParams = AuthOidcParams>
  implements ServiceInterface<AuthOidcResponse, ServiceParams>
{
  constructor(public options: AuthOidcServiceOptions) { }

  async find(params: ServiceParams): Promise<AuthOidcResponse> {
    const issuer = await Issuer.discover(config.get('oidc.gatewayUri'));
    const client = new issuer.Client({
      client_id: config.get('oidc.clientId'),
      client_secret: config.get('oidc.clientSecret'),
      redirect_uris: [config.get('oidc.redirectUris')],
      response_types: ['code'],
    })
    const codeVerifier = generators.codeVerifier();
    const codeChallenge = generators.codeChallenge(codeVerifier);

    const url = client.authorizationUrl({
      redirect_uri: config.get('clientUrl') + '/auth-oidc/callback',
      scope: 'openid profile offline_access',
      response_type: 'code',
      code_challenge: codeChallenge,
      code_challenge_method: 'S256',
    });

    params.session.codeVerifier = codeVerifier;
    return url;
  }
}

export const getOptions = (app: Application) => {
  return { app }
}