generated from garronej/ts-ci
-
Notifications
You must be signed in to change notification settings - Fork 4
/
oidc.tsx
53 lines (52 loc) · 1.94 KB
/
oidc.tsx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
import { createReactOidc } from "oidc-spa/react";
import { z } from "zod";
export const {
OidcProvider,
/**
* Note: If you have multiple OidcProvider in your app
* you do not need to use the useClient hook that that corresponds
* to the above OidcProvider.
*/
useOidc,
prOidc
} = createReactOidc({
clientId: import.meta.env.VITE_OIDC_CLIENT_ID,
issuerUri: import.meta.env.VITE_OIDC_ISSUER,
publicUrl: import.meta.env.BASE_URL,
/**
* This parameter is optional.
*
* It allows you to validate the shape of the idToken so that you
* can trust that oidcTokens.decodedIdToken is of the expected shape
* when the user is logged in.
* What is actually inside the idToken is defined by the OIDC server
* you are using.
* The usage of zod here is just an example, you can use any other schema
* validation library or write your own validation function.
*
* Note that zod will strip out all the fields that are not defined in the
* schema, so to know exactly what is inside the idToken you can do:
* decodedIdTokenSchema: {
* parse: (decodedIdToken)=> {
* console.log(decodedIdToken);
* return z.object({
* sub: z.string(),
* preferred_username: z.string()
* }).parse(decodedIdToken);
* }
* }
*
* If you want to specify the type of the decodedIdToken but do not care
* about validating the shape of the decoded idToken at runtime you can
* call `createUseOidc<DecodedIdToken>()` without passing any parameter.
*
* Note however that in most webapp you do not need to look into the JWT
* of the idToken on the frontend side, you usually obtain the user info
* by querying a GET /user endpoint with a authorization header
* like `Bearer <accessToken>`.
*/
decodedIdTokenSchema: z.object({
sub: z.string(),
preferred_username: z.string()
})
});