Home > front end >  How to set the grant type in IdentityServer4Provider using NextAuth?
How to set the grant type in IdentityServer4Provider using NextAuth?

Time:07-11

I want to authenticate using NextAuth and IdentityServer4. I have created the following provider:

import NextAuth from "next-auth"
import IdentityServer4Provider from "next-auth/providers/identity-server4";
export default NextAuth({
  // Configure one or more authentication providers
  providers: [
    IdentityServer4Provider({
      id: "identity-server4",
      name: "IdentityServer4",
      issuer: process.env.NEXT_PUBLIC_IDENTITY_SERVER,
      clientId: process.env.CLIENT_ID,
      clientSecret: process.env.CLIENT_SECRET
    })
  ],
  callbacks: {
  },
  secret: process.env.NEXTAUTH_SECRET,
})

The problem I am having is I need to add a grant_type with value client_credentials.

When I look at the code for IdentityServer4 provider in NextAuth, I found this (no grant_type option):

/** @type {import(".").OAuthProvider} */
export default function IdentityServer4(options) {
  return {
    id: "identity-server4",
    name: "IdentityServer4",
    type: "oauth",
    wellKnown: `${options.issuer}/.well-known/openid-configuration`,
    authorization: { params: { scope: "openid profile email" } },
    checks: ["pkce", "state"],
    idToken: true,
    profile(profile) {
      return {
        id: profile.sub,
        name: profile.name,
        email: profile.email,
        image: null,
      }
    },
    options,
  }
}

I have the following POST request, which is working correctly:

POST request

How can I add a grant_type to this provider?

CodePudding user response:

As I see it, you are trying to add an external provider to Next-auth. Client Credentials doesn't provide identity. It doesn't exist a user in this flow, so you can't request OpenID scopes and you can't use it as an external provider flow.

This type of grant is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user.

Next-auth will redirect the user to the external provider and wait for their interaction, probably a login with Authorization Code flow, until it finishes and returns control to Next-auth.

  • Related