Skip to content

Commit 45810f6

Browse files
larsrickertlarsrickert
committed
make userinfo endpoint optional
1 parent 058514e commit 45810f6

File tree

2 files changed

+13
-16
lines changed

2 files changed

+13
-16
lines changed

src/module.ts

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -498,7 +498,6 @@ export default defineNuxtModule<ModuleOptions>({
498498
// OIDC OAuth
499499
runtimeConfig.oauth.oidc = defu(runtimeConfig.oauth.oidc, {
500500
clientId: '',
501-
clientSecret: '',
502501
configUrl: '',
503502
redirectUrl: '',
504503
scope: [],

src/runtime/server/lib/oauth/oidc.ts

Lines changed: 13 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,6 @@ export interface OAuthOidcConfig {
1313
* @default process.env.NUXT_OAUTH_OIDC_CLIENT_ID
1414
*/
1515
clientId?: string
16-
/**
17-
* OAuth Client Secret
18-
*
19-
* @default process.env.NUXT_OAUTH_OIDC_CLIENT_SECRET
20-
*/
21-
clientSecret?: string
2216
/**
2317
* URL to the OpenID Configuration endpoint. Used to fetch the endpoint URLs from.
2418
*
@@ -247,11 +241,11 @@ export function defineOAuthOidcEventHandler<TUser = OidcUser>({ config, onSucces
247241
return onError(event, error)
248242
}
249243

250-
if (!config.clientId || !config.clientSecret || !config.configUrl) {
251-
return handleMissingConfiguration(event, 'oidc', ['clientId', 'clientSecret', 'configUrl'], onError)
244+
if (!config.clientId || !config.configUrl) {
245+
return handleMissingConfiguration(event, 'oidc', ['clientId', 'configUrl'], onError)
252246
}
253247

254-
const oidcConfig = await $fetch<{ authorization_endpoint: string, token_endpoint: string, userinfo_endpoint: string }>(config.configUrl)
248+
const oidcConfig = await $fetch<{ authorization_endpoint: string, token_endpoint: string, userinfo_endpoint?: string }>(config.configUrl)
255249

256250
const redirectURL = config.redirectURL || getOAuthRedirectURL(event)
257251
const state = await handleState(event)
@@ -282,7 +276,6 @@ export function defineOAuthOidcEventHandler<TUser = OidcUser>({ config, onSucces
282276
body: {
283277
grant_type: 'authorization_code',
284278
client_id: config.clientId,
285-
client_secret: config.clientSecret,
286279
redirect_uri: redirectURL,
287280
code: query.code,
288281
code_verifier: verifier?.code_verifier,
@@ -293,11 +286,16 @@ export function defineOAuthOidcEventHandler<TUser = OidcUser>({ config, onSucces
293286
return handleAccessTokenErrorResponse(event, 'oidc', tokens, onError)
294287
}
295288

296-
const user = await $fetch<TUser>(oidcConfig.userinfo_endpoint, {
297-
headers: {
298-
Authorization: `${tokens.token_type} ${tokens.access_token}`,
299-
},
300-
})
289+
let user = {} as TUser
290+
291+
// some OIDC providers to not support a userinfo endpoint so we only call it when its defined inside the OIDC config
292+
if (oidcConfig.userinfo_endpoint) {
293+
user = await $fetch<TUser>(oidcConfig.userinfo_endpoint, {
294+
headers: {
295+
Authorization: `${tokens.token_type} ${tokens.access_token}`,
296+
},
297+
})
298+
}
301299

302300
return onSuccess(event, {
303301
user,

0 commit comments

Comments
 (0)