quenti-io · EgidioBezerra · Apr 25, 2025
diff --git a/.env.example b/.env.example
@@ -47,3 +47,8 @@ NEXT_PUBLIC_APP_URL=http://localhost:3000
 
 # Test background jobs and other Inngest features locally by running 'npx inngest-cli@latest dev'
 INNGEST_EVENT_KEY="local"
+
+# ZITADEL OIDC
+ZITADEL_ISSUER=
+ZITADEL_CLIENT_ID=
+ZITADEL_CLIENT_SECRET=
diff --git a/apps/next/public/assets/zitadel.png b/apps/next/public/assets/zitadel.png
diff --git a/apps/next/src/components/auth-layout.tsx b/apps/next/src/components/auth-layout.tsx
@@ -2,12 +2,14 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import { signIn, useSession } from "next-auth/react";
 import { useRouter } from "next/router";
 import React from "react";
+import Image from "next/image";
 import { Controller, type SubmitHandler, useForm } from "react-hook-form";
 import { z } from "zod";
 
 import { Link } from "@quenti/components";
 import { HeadSeo } from "@quenti/components/head-seo";
 import { WEBSITE_URL } from "@quenti/lib/constants/url";
+import zitadel from "../../public/assets/zitadel.png";
 
 import {
   Box,
@@ -201,6 +203,34 @@ export const AuthLayout: React.FC<AuthLayoutProps> = ({
                         >
                           Sign {verb} with Google
                         </Button>
+                        <Button
+                          size="lg"
+                          fontSize="sm"
+                          variant="outline"
+                          shadow="0 4px 6px -1px rgba(0, 0, 0, 0.04),0 2px 4px -1px rgba(0, 0, 0, 0.01)"
+                          colorScheme="gray"
+                          leftIcon={
+                            <Image
+                              src={zitadel}
+                              alt="Zitadel icon"
+                              width={20}
+                              height={20}
+                            />
+                          }
+                          onClick={async () => {
+                            if (mode == "signup") {
+                              await event("signup", {});
+                            } else {
+                              await event("login", {});
+                            }
+
+                            await signIn("zitadel", {
+                              callbackUrl: safeCallbackUrl,
+                            });
+                          }}
+                        >
+                          Sign {verb} with Zitadel
+                        </Button>
                         <Box>
                           <Stack
                             my={expanded ? 4 : 0}
@@ -343,4 +373,4 @@ export const AuthLayout: React.FC<AuthLayoutProps> = ({
       </LazyWrapper>
     </>
   );
-};
+};
diff --git a/apps/next/src/pages/auth/login.tsx b/apps/next/src/pages/auth/login.tsx
@@ -16,4 +16,4 @@ export default function Login() {
   );
 }
 
-Login.PageWrapper = PageWrapper;
+Login.PageWrapper = PageWrapper;
diff --git a/bun.lockb b/bun.lockb
diff --git a/package.json b/package.json
@@ -28,11 +28,14 @@
   },
   "dependencies": {
     "@prisma/client": "5.5.2",
+    "caniuse-lite": "^1.0.30001715",
     "eslint-config-next": "^14.0.4",
     "eslint-config-prettier": "^9.1.0",
     "eslint-config-turbo": "^1.11.1",
     "eslint-plugin-prettier": "^5.0.1",
     "eslint-plugin-unused-imports": "^3.0.0",
+    "next-auth": "^4.24.11",
+    "openid-client": "^6.4.2",
     "turbo": "latest"
   },
   "devDependencies": {

diff --git a/packages/auth/next-auth-options.ts b/packages/auth/next-auth-options.ts
@@ -1,5 +1,6 @@
 import { type NextAuthOptions } from "next-auth";
 import GoogleProvider from "next-auth/providers/google";
+import ZitadelProvider from "next-auth/providers/zitadel";
 
 import { env } from "@quenti/env/server";
 import { APP_URL } from "@quenti/lib/constants/url";
@@ -13,7 +14,7 @@ const version = pjson.version;
 
 export const authOptions: NextAuthOptions = {
   // Include user.id on session
-  callbacks: {
+  callbacks: {    
     session({ session, user }) {
       if (session.user) {
         session.user.id = user.id;
@@ -73,6 +74,28 @@ export const authOptions: NextAuthOptions = {
       type: "email",
       sendVerificationRequest,
     },
+    ZitadelProvider({
+      issuer: env.ZITADEL_ISSUER, 
+      clientId: env.ZITADEL_CLIENT_ID,
+      clientSecret: env.ZITADEL_CLIENT_SECRET,
+      wellKnown:     `${env.ZITADEL_ISSUER}/.well-known/openid-configuration`,
+      authorization: {
+        params: {
+          scope: `openid email profile`,
+        },
+      },
+      profile(profile) {
+        console.log("📥 ZITADEL raw profile:", profile);
+        return {
+          id: profile.sub,
+          name: profile.name,
+          email: profile.email,
+          image: profile.picture,
+          username: profile.preferred_username,
+          type: "ZITADEL",
+        };
+      },
+    }),
     /**
      * ...add more providers here
      *

diff --git a/packages/auth/prisma-adapter.ts b/packages/auth/prisma-adapter.ts
@@ -10,6 +10,11 @@ export function CustomPrismaAdapter(p: PrismaClient): Adapter {
   return {
     ...PrismaAdapter(p),
     createUser: async (data) => {
+      if (!data.email) {
+        throw new Error(
+          `Criar usuário falhou: e-mail indefinido. Dados recebidos: ${JSON.stringify(data)}`
+        );
+      }
       const name = data.name;
 
       let uniqueUsername = null;

diff --git a/packages/env/server/server.mjs b/packages/env/server/server.mjs
@@ -4,6 +4,9 @@ import { z } from "zod";
 export const env = createEnv({
   server: {
     DATABASE_URL: z.string().url(),
+    ZITADEL_ISSUER:      z.string().url(),
+    ZITADEL_CLIENT_ID:    z.string(),
+    ZITADEL_CLIENT_SECRET: z.string(),
     PLANETSCALE: z.string().optional(),
     NODE_ENV: z.enum(["development", "test", "production"]).optional(),
     NEXTAUTH_SECRET:
-Original file line number
+Diff line change
@@ Expand Up / @@ -16,4 +16,4 @@ export default function Login() { @@
       );
     }
-    Login.PageWrapper = PageWrapper;
+    Login.PageWrapper = PageWrapper;