diff --git a/nuxt.config.ts b/nuxt.config.ts index 1b38feb..4d04f1b 100644 --- a/nuxt.config.ts +++ b/nuxt.config.ts @@ -103,11 +103,13 @@ export default defineNuxtConfig({ : "https://fairhub.io", ENTRA_CONFIG: { authority: - "https://aireadi.b2clogin.com/aireadi.onmicrosoft.com/B2C_1A_TRUSTFRAMEWORKBASE_CILOGON_IDP_RESTRICTED", + process.env.NUXT_SITE_ENV === "production" + ? "https://aireadi.b2clogin.com/aireadi.onmicrosoft.com/B2C_1A_TRUSTFRAMEWORKBASE_CILOGON_IDP_RESTRICTED" + : "https://aireadi.b2clogin.com/aireadi.onmicrosoft.com/B2C_1A_TrustFrameworkBase_STAGING", clientId: - process.env.NUXT_SITE_ENV === "dev" - ? "444bfea9-2fec-44ed-a4d7-767616afa9a3" - : "d173c9cb-36ce-4c77-92f3-025e48f0e533", + process.env.NUXT_SITE_ENV === "production" + ? "d173c9cb-36ce-4c77-92f3-025e48f0e533" + : "444bfea9-2fec-44ed-a4d7-767616afa9a3", forbiddenUri: process.env.NUXT_SITE_ENV === "dev" ? "http://localhost:3000/forbiddenlogin" diff --git a/server/routes/login.get.ts b/server/routes/login.get.ts index f3142da..3b2b99f 100644 --- a/server/routes/login.get.ts +++ b/server/routes/login.get.ts @@ -59,8 +59,16 @@ function getEmail(tokenResponse: AuthenticationResult): string { const emails = getTokenClaim({ ...tokenResponse.idTokenClaims }, "emails"); email = Array.isArray(emails) && typeof emails[0] === "string" ? emails[0] : ""; + } else if ("otherMails" in tokenResponse.idTokenClaims) { + const otherMails = getTokenClaim( + { ...tokenResponse.idTokenClaims }, + "otherMails", + ); + email = + Array.isArray(otherMails) && typeof otherMails[0] === "string" + ? otherMails[0] + : ""; } - return email; } @@ -89,8 +97,6 @@ async function convertTokenResponse(tokenResponse: AuthenticationResult) { given_name: getStringTokenClaim(indexableClaims, "given_name"), idp: getStringTokenClaim(indexableClaims, "idp"), issuer, - organization: getStringTokenClaim(indexableClaims, "organization"), - phone: getStringTokenClaim(indexableClaims, "phone"), subject, }); @@ -172,11 +178,8 @@ export default defineEventHandler(async (event) => { const idpType = checkTokenIdPIsValid(tokenResponse); - console.log(`Got here with IDPTYPE: ${idpType}`); - // check token for forbidden IdPs if (idpType === "valid") { - console.log("valid"); const sessionUserDetails = await convertTokenResponse(tokenResponse); const tokenExpiration = getTokenExpiration(tokenResponse); await session.update({ diff --git a/types/download.d.ts b/types/download.d.ts index ad54430..f00d8b1 100644 --- a/types/download.d.ts +++ b/types/download.d.ts @@ -5,7 +5,9 @@ type SessionUserDetails = Omit< "created_at" | "updated_on" >; -type LoginTokenClaims = Omit; +type LoginTokenClaims = Omit< + SessionUserDetails, + "id" | "phone" | "organization">; type Attestation = { id: string;