adminforth-google-oauth-adapter/index.ts at main · devforth/adminforth-google-oauth-adapter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import type { OAuth2Adapter } from "adminforth";
import { jwtDecode } from "jwt-decode";

export default class AdminForthAdapterGoogleOauth2 implements OAuth2Adapter {
    private clientID: string;
    private clientSecret: string;
    private useOpenID: boolean;
    private useOpenIdConnect: boolean;

    constructor(options: {
      clientID: string;
      clientSecret: string;
      useOpenID?: boolean;
      useOpenIdConnect?: boolean;
    }) {
      this.clientID = options.clientID;
      this.clientSecret = options.clientSecret;
      this.useOpenIdConnect = (!!options.useOpenIdConnect || !!options.useOpenID) ?? true;
    }

    getAuthUrl(): string {
      const params = new URLSearchParams({
        client_id: this.clientID,
        response_type: 'code',
        scope: 'openid email profile',
        access_type: 'offline'
      });
      return `https://accounts.google.com/o/oauth2/v2/auth?${params.toString()}`;
    }

    async getTokenFromCode(code: string, redirect_uri: string): Promise<{ email: string, fullName?: string; profilePictureUrl?: string }> {
      const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
        method: 'POST',
        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
        body: new URLSearchParams({
          code,
          client_id: this.clientID,
          client_secret: this.clientSecret,
          redirect_uri,
          grant_type: 'authorization_code',
        }),
      });

      const tokenData = await tokenResponse.json();

      if (tokenData.error) {
        console.error('Token error:', tokenData);
        throw new Error(tokenData.error_description || tokenData.error);
      }
      if (this.useOpenIdConnect && tokenData.id_token) {
        try {
          const decodedToken: any = jwtDecode(tokenData.id_token);
          if (decodedToken.email) {
            return {
              email: decodedToken.email,
              fullName: decodedToken.name,
              profilePictureUrl: decodedToken.picture
            };
          }
        } catch (error) {
          console.error("Error decoding token:", error);
        }
      }

      const userResponse = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
        headers: { Authorization: `Bearer ${tokenData.access_token}` },
      });

      const userData = await userResponse.json();

      if (userData.error) {
        throw new Error(userData.error_description || userData.error);
      }

      return {
        email: userData.email,
        fullName: userData.name,
        profilePictureUrl: userData.picture
      };
    }

    getIcon(): string {
      return `<?xml version="1.0" encoding="utf-8"?>
<svg viewBox="-3 0 262 262" xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid"><path d="M255.878 133.451c0-10.734-.871-18.567-2.756-26.69H130.55v48.448h71.947c-1.45 12.04-9.283 30.172-26.69 42.356l-.244 1.622 38.755 30.023 2.685.268c24.659-22.774 38.875-56.282 38.875-96.027" fill="#4285F4"/><path d="M130.55 261.1c35.248 0 64.839-11.605 86.453-31.622l-41.196-31.913c-11.024 7.688-25.82 13.055-45.257 13.055-34.523 0-63.824-22.773-74.269-54.25l-1.531.13-40.298 31.187-.527 1.465C35.393 231.798 79.49 261.1 130.55 261.1" fill="#34A853"/><path d="M56.281 156.37c-2.756-8.123-4.351-16.827-4.351-25.82 0-8.994 1.595-17.697 4.206-25.82l-.073-1.73L15.26 71.312l-1.335.635C5.077 89.644 0 109.517 0 130.55s5.077 40.905 13.925 58.602l42.356-32.782" fill="#FBBC05"/><path d="M130.55 50.479c24.514 0 41.05 10.589 50.479 19.438l36.844-35.974C195.245 12.91 165.798 0 130.55 0 79.49 0 35.393 29.301 13.925 71.947l42.211 32.783c10.59-31.477 39.891-54.251 74.414-54.251" fill="#EB4335"/></svg>`;
    }
}