Better Auth•4w ago

Get access to genericOAuth profile in customSession

Hi everyone, I have some user groups in keycloak and want to pass them to session.user. The groups are in the genericOAuth profile, as passed to mapProfileToUser. How can I access profile.groups from customSession? Thanks!

const clientOptions = {
    baseUrl: process.env.NEXT_PUBLIC_BASE_URL!,
    database: mongodbAdapter(db),
    plugins: [
        genericOAuth({
            config: [
                {
                    providerId: "keycloak",
                    clientId: process.env.AUTH_KEYCLOAK_ID!,
                    clientSecret: process.env.AUTH_KEYCLOAK_SECRET!,
                    discoveryUrl: `${process.env.AUTH_KEYCLOAK_ISSUER!}/.well-known/openid-configuration`,
                    scopes: ["basic", "offline_access", "openid", "profile", "email"],
                    redirectURI: `${process.env.NEXT_PUBLIC_BASE_URL}/api/auth/oauth2/callback/keycloak`,
                    mapProfileToUser(profile) {
                        const companyGroup = profile?.groups?.find((g: string) => g.includes("/companies/"));
                        const company = companyGroup?.split("/")[companyGroup?.split("/").length - 1]
                        return {
                            ...profile,
                            company,
                        };
                    },
                }
            ]
        }),
        customSession(async ({ user, session }) => {
            // How do I get genericOAuth profile info here??????

            return {
                user: {
                    ...user,
                    // company: profile.company
                },
                session
            };
        }),
        nextCookies(),
    ],
    account: {
        accountLinking: {
            enabled: true,
            trustedProviders: ["keycloak"]
        }
    },
    session: {
        cookieCache: {
            enabled: true,
            maxAge: 3 * 60,
        },
    },
};

export const auth = betterAuth(clientOptions);

const clientOptions = {
    baseUrl: process.env.NEXT_PUBLIC_BASE_URL!,
    database: mongodbAdapter(db),
    plugins: [
        genericOAuth({
            config: [
                {
                    providerId: "keycloak",
                    clientId: process.env.AUTH_KEYCLOAK_ID!,
                    clientSecret: process.env.AUTH_KEYCLOAK_SECRET!,
                    discoveryUrl: `${process.env.AUTH_KEYCLOAK_ISSUER!}/.well-known/openid-configuration`,
                    scopes: ["basic", "offline_access", "openid", "profile", "email"],
                    redirectURI: `${process.env.NEXT_PUBLIC_BASE_URL}/api/auth/oauth2/callback/keycloak`,
                    mapProfileToUser(profile) {
                        const companyGroup = profile?.groups?.find((g: string) => g.includes("/companies/"));
                        const company = companyGroup?.split("/")[companyGroup?.split("/").length - 1]
                        return {
                            ...profile,
                            company,
                        };
                    },
                }
            ]
        }),
        customSession(async ({ user, session }) => {
            // How do I get genericOAuth profile info here??????

            return {
                user: {
                    ...user,
                    // company: profile.company
                },
                session
            };
        }),
        nextCookies(),
    ],
    account: {
        accountLinking: {
            enabled: true,
            trustedProviders: ["keycloak"]
        }
    },
    session: {
        cookieCache: {
            enabled: true,
            maxAge: 3 * 60,
        },
    },
};

export const auth = betterAuth(clientOptions);

3 Replies

bekacru•4w ago

you can query the accounts table and read the profiel from the idToken or you can store it in the user table as an additional field and when you do map profile it'll be stored in that field

NickOP•4w ago

Thanks for helping. For some reason user additionalFields are not added to the session.user object if I don't use customSession. So not really sure what to do. I am working with Next.js server side, [email protected]

bekacru•4w ago

check how to infer additional fields on the client https://www.better-auth.com/docs/concepts/typescript#inferring-additional-fields-on-client

TypeScript | Better Auth

Better Auth TypeScript integration.

Gaming

Programming

Get access to genericOAuth profile in customSession

Did you find this page helpful?