find sessions for loginHint, send to select account

2025-12-12 10:25:58 +00:00 · 2023-08-29 14:43:51 +02:00
parent 8056c81161
commit 338c28cd88
6 changed files with 120 additions and 34 deletions
--- a/apps/login/app/(login)/accounts/page.tsx
+++ b/apps/login/app/(login)/accounts/page.tsx
@@ -20,7 +20,13 @@ async function loadSessions(): Promise<Session[]> {
  }
 }

-export default async function Page() {
+export default async function Page({
+  searchParams,
+}: {
+  searchParams: Record<string | number | symbol, string | undefined>;
+}) {
+  const authRequestId = searchParams?.authRequestId;
+
  let sessions = await loadSessions();

  return (
@@ -29,7 +35,7 @@ export default async function Page() {
      <p className="ztdl-p mb-6 block">Use your ZITADEL Account</p>

      <div className="flex flex-col w-full space-y-2">
-        <SessionsList sessions={sessions} />
+        <SessionsList sessions={sessions} authRequestId={authRequestId} />
        <Link href="/loginname">
          <div className="flex flex-row items-center py-3 px-4 hover:bg-black/10 dark:hover:bg-white/10 rounded-md transition-all">
            <div className="w-8 h-8 mr-4 flex flex-row justify-center items-center rounded-full bg-black/5 dark:bg-white/5">
--- a/apps/login/app/(login)/login/route.ts
+++ b/apps/login/app/(login)/login/route.ts
@@ -1,21 +1,36 @@
-import { getAuthRequest, listSessions, server } from "#/lib/zitadel";
-import { getAllSessionIds } from "#/utils/cookies";
-import { Session } from "@zitadel/server";
+import {
+  createCallback,
+  getAuthRequest,
+  listSessions,
+  server,
+} from "#/lib/zitadel";
+import { SessionCookie, getAllSessions } from "#/utils/cookies";
+import { Session, AuthRequest, Prompt } from "@zitadel/server";
 import { NextRequest, NextResponse } from "next/server";

-async function loadSessions(): Promise<Session[]> {
-  const ids: string[] = await getAllSessionIds();
-
-  if (ids && ids.length) {
+async function loadSessions(ids: string[]): Promise<Session[]> {
  const response = await listSessions(
    server,
    ids.filter((id: string | undefined) => !!id)
  );
  return response?.sessions ?? [];
-  } else {
-    console.info("No session cookie found.");
-    return [];
+}
+
+function findSession(
+  sessions: Session[],
+  authRequest: AuthRequest
+): Session | undefined {
+  if (authRequest.hintUserId) {
+    console.log(`find session for hintUserId: ${authRequest.hintUserId}`);
+    return sessions.find((s) => s.factors?.user?.id === authRequest.hintUserId);
  }
+  if (authRequest.loginHint) {
+    console.log(`find session for loginHint: ${authRequest.loginHint}`);
+    return sessions.find(
+      (s) => s.factors?.user?.loginName === authRequest.loginHint
+    );
+  }
+  return undefined;
 }

 export async function GET(request: NextRequest) {
@@ -23,17 +38,67 @@ export async function GET(request: NextRequest) {
  const authRequestId = searchParams.get("authRequest");

  if (authRequestId) {
-    const response = await getAuthRequest(server, { authRequestId });
-    const sessions = await loadSessions();
-    if (sessions.length) {
-      return NextResponse.json(sessions);
+    const { authRequest } = await getAuthRequest(server, { authRequestId });
+    const sessionCookies: SessionCookie[] = await getAllSessions();
+    const ids = sessionCookies.map((s) => s.id);
+
+    let sessions: Session[] = [];
+    if (ids && ids.length) {
+      sessions = await loadSessions(ids);
+    } else {
+      console.info("No session cookie found.");
+      return [];
+    }
+
+    // use existing session and hydrate it for oidc
+    if (authRequest && sessions.length) {
+      // if some accounts are available for selection and select_account is set
+      if (authRequest && authRequest.prompt === Prompt.PROMPT_SELECT_ACCOUNT) {
+        const accountsUrl = new URL("/accounts", request.url);
+        if (authRequest?.id) {
+          accountsUrl.searchParams.set("authRequestId", authRequest?.id);
+        }
+
+        return NextResponse.redirect(accountsUrl);
+      } else {
+        // check for loginHint, userId hint sessions
+        let selectedSession = findSession(sessions, authRequest);
+
+        if (!selectedSession) {
+          selectedSession = sessions[0]; // TODO: remove
+        }
+
+        if (selectedSession && selectedSession.id) {
+          const cookie = sessionCookies.find(
+            (cookie) => cookie.id === selectedSession?.id
+          );
+
+          if (cookie && cookie.id && cookie.token) {
+            const session = {
+              sessionId: cookie?.id,
+              sessionToken: cookie?.token,
+            };
+            const { callbackUrl } = await createCallback(server, {
+              authRequestId,
+              session,
+            });
+            return NextResponse.redirect(callbackUrl);
+          } else {
+            const accountsUrl = new URL("/accounts", request.url);
+            if (authRequest?.id) {
+              accountsUrl.searchParams.set("authRequestId", authRequest?.id);
+            }
+
+            return NextResponse.redirect(accountsUrl);
+          }
+        } else {
+          return NextResponse.error();
+        }
+      }
    } else {
      const loginNameUrl = new URL("/loginname", request.url);
-      if (response.authRequest?.id) {
-        loginNameUrl.searchParams.set(
-          "authRequestId",
-          response.authRequest?.id
-        );
+      if (authRequest?.id) {
+        loginNameUrl.searchParams.set("authRequestId", authRequest?.id);
      }

      return NextResponse.redirect(loginNameUrl);
--- a/apps/login/lib/zitadel.ts
+++ b/apps/login/lib/zitadel.ts
@@ -248,13 +248,11 @@ export async function getAuthRequest(

 export async function createCallback(
  server: ZitadelServer,
-  { authRequestId }: CreateCallbackRequest
+  req: CreateCallbackRequest
 ): Promise<CreateCallbackResponse> {
  const oidcService = oidc.getOidc(server);

-  return oidcService.createCallback({
-    authRequestId,
-  });
+  return oidcService.createCallback(req);
 }

 export async function verifyEmail(
--- a/apps/login/ui/SessionItem.tsx
+++ b/apps/login/ui/SessionItem.tsx
@@ -9,9 +9,11 @@ import { XCircleIcon } from "@heroicons/react/24/outline";
 export default function SessionItem({
  session,
  reload,
+  authRequestId,
 }: {
  session: Session;
  reload: () => void;
+  authRequestId?: string;
 }) {
  const [loading, setLoading] = useState<boolean>(false);

@@ -52,10 +54,18 @@ export default function SessionItem({
              loginName: session.factors?.user?.loginName as string,
            })
          : `/loginname?` +
-            new URLSearchParams({
+            new URLSearchParams(
+              authRequestId
+                ? {
                    loginName: session.factors?.user?.loginName as string,
                    submit: "true",
-            })
+                    authRequestId,
+                  }
+                : {
+                    loginName: session.factors?.user?.loginName as string,
+                    submit: "true",
+                  }
+            )
      }
      className="group flex flex-row items-center bg-background-light-400 dark:bg-background-dark-400  border border-divider-light hover:shadow-lg dark:hover:bg-white/10 py-2 px-4 rounded-md transition-all"
    >
--- a/apps/login/ui/SessionsList.tsx
+++ b/apps/login/ui/SessionsList.tsx
@@ -7,9 +7,10 @@ import { useEffect, useState } from "react";

 type Props = {
  sessions: Session[];
+  authRequestId?: string;
 };

-export default function SessionsList({ sessions }: Props) {
+export default function SessionsList({ sessions, authRequestId }: Props) {
  const [list, setList] = useState<Session[]>(sessions);
  return sessions ? (
    <div className="flex flex-col space-y-2">
@@ -19,6 +20,7 @@ export default function SessionsList({ sessions }: Props) {
          return (
            <SessionItem
              session={session}
+              authRequestId={authRequestId}
              reload={() => {
                setList(list.filter((s) => s.id !== session.id));
              }}
--- a/packages/zitadel-server/src/index.ts
+++ b/packages/zitadel-server/src/index.ts
@@ -32,6 +32,11 @@ export {
  CreateCallbackResponse,
 } from "./proto/server/zitadel/oidc/v2alpha/oidc_service";

+export {
+  AuthRequest,
+  Prompt,
+} from "./proto/server/zitadel/oidc/v2alpha/authorization";
+
 export {
  Session,
  Factors,