find sessions for loginHint, send to select account

2025-12-12 22:33:34 +00:00 · 2023-08-29 14:43:51 +02:00
parent 8056c81161
commit 338c28cd88
6 changed files with 120 additions and 34 deletions
--- a/apps/login/app/(login)/accounts/page.tsx
+++ b/apps/login/app/(login)/accounts/page.tsx
@@ -20,7 +20,13 @@ async function loadSessions(): Promise<Session[]> {
  }
 }

-export default async function Page() {
+export default async function Page({
+  searchParams,
+}: {
+  searchParams: Record<string | number | symbol, string | undefined>;
+}) {
+  const authRequestId = searchParams?.authRequestId;
+
  let sessions = await loadSessions();

  return (
@@ -29,7 +35,7 @@ export default async function Page() {
      <p className="ztdl-p mb-6 block">Use your ZITADEL Account</p>

      <div className="flex flex-col w-full space-y-2">
-        <SessionsList sessions={sessions} />
+        <SessionsList sessions={sessions} authRequestId={authRequestId} />
        <Link href="/loginname">
          <div className="flex flex-row items-center py-3 px-4 hover:bg-black/10 dark:hover:bg-white/10 rounded-md transition-all">
            <div className="w-8 h-8 mr-4 flex flex-row justify-center items-center rounded-full bg-black/5 dark:bg-white/5">
--- a/apps/login/app/(login)/login/route.ts
+++ b/apps/login/app/(login)/login/route.ts
@@ -1,21 +1,36 @@
-import { getAuthRequest, listSessions, server } from "#/lib/zitadel";
-import { getAllSessionIds } from "#/utils/cookies";
-import { Session } from "@zitadel/server";
+import {
+  createCallback,
+  getAuthRequest,
+  listSessions,
+  server,
+} from "#/lib/zitadel";
+import { SessionCookie, getAllSessions } from "#/utils/cookies";
+import { Session, AuthRequest, Prompt } from "@zitadel/server";
 import { NextRequest, NextResponse } from "next/server";

-async function loadSessions(): Promise<Session[]> {
-  const ids: string[] = await getAllSessionIds();
+async function loadSessions(ids: string[]): Promise<Session[]> {
+  const response = await listSessions(
+    server,
+    ids.filter((id: string | undefined) => !!id)
+  );
+  return response?.sessions ?? [];
+}

-  if (ids && ids.length) {
-    const response = await listSessions(
-      server,
-      ids.filter((id: string | undefined) => !!id)
-    );
-    return response?.sessions ?? [];
-  } else {
-    console.info("No session cookie found.");
-    return [];
+function findSession(
+  sessions: Session[],
+  authRequest: AuthRequest
+): Session | undefined {
+  if (authRequest.hintUserId) {
+    console.log(`find session for hintUserId: ${authRequest.hintUserId}`);
+    return sessions.find((s) => s.factors?.user?.id === authRequest.hintUserId);
  }
+  if (authRequest.loginHint) {
+    console.log(`find session for loginHint: ${authRequest.loginHint}`);
+    return sessions.find(
+      (s) => s.factors?.user?.loginName === authRequest.loginHint
+    );
+  }
+  return undefined;
 }

 export async function GET(request: NextRequest) {
@@ -23,17 +38,67 @@ export async function GET(request: NextRequest) {
  const authRequestId = searchParams.get("authRequest");

  if (authRequestId) {
-    const response = await getAuthRequest(server, { authRequestId });
-    const sessions = await loadSessions();
-    if (sessions.length) {
-      return NextResponse.json(sessions);
+    const { authRequest } = await getAuthRequest(server, { authRequestId });
+    const sessionCookies: SessionCookie[] = await getAllSessions();
+    const ids = sessionCookies.map((s) => s.id);
+
+    let sessions: Session[] = [];
+    if (ids && ids.length) {
+      sessions = await loadSessions(ids);
+    } else {
+      console.info("No session cookie found.");
+      return [];
+    }
+
+    // use existing session and hydrate it for oidc
+    if (authRequest && sessions.length) {
+      // if some accounts are available for selection and select_account is set
+      if (authRequest && authRequest.prompt === Prompt.PROMPT_SELECT_ACCOUNT) {
+        const accountsUrl = new URL("/accounts", request.url);
+        if (authRequest?.id) {
+          accountsUrl.searchParams.set("authRequestId", authRequest?.id);
+        }
+
+        return NextResponse.redirect(accountsUrl);
+      } else {
+        // check for loginHint, userId hint sessions
+        let selectedSession = findSession(sessions, authRequest);
+
+        if (!selectedSession) {
+          selectedSession = sessions[0]; // TODO: remove
+        }
+
+        if (selectedSession && selectedSession.id) {
+          const cookie = sessionCookies.find(
+            (cookie) => cookie.id === selectedSession?.id
+          );
+
+          if (cookie && cookie.id && cookie.token) {
+            const session = {
+              sessionId: cookie?.id,
+              sessionToken: cookie?.token,
+            };
+            const { callbackUrl } = await createCallback(server, {
+              authRequestId,
+              session,
+            });
+            return NextResponse.redirect(callbackUrl);
+          } else {
+            const accountsUrl = new URL("/accounts", request.url);
+            if (authRequest?.id) {
+              accountsUrl.searchParams.set("authRequestId", authRequest?.id);
+            }
+
+            return NextResponse.redirect(accountsUrl);
+          }
+        } else {
+          return NextResponse.error();
+        }
+      }
    } else {
      const loginNameUrl = new URL("/loginname", request.url);
-      if (response.authRequest?.id) {
-        loginNameUrl.searchParams.set(
-          "authRequestId",
-          response.authRequest?.id
-        );
+      if (authRequest?.id) {
+        loginNameUrl.searchParams.set("authRequestId", authRequest?.id);
      }

      return NextResponse.redirect(loginNameUrl);