Add workos authkit provider #12505
Add workos authkit provider #12505
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Skipped Deployment
|
|
@fierysolid is attempting to deploy a commit to the authjs Team on Vercel. A member of the Team first needs to authorize it. |
|
I would love feedback about how I've implemented the provider from someone who has worked with this library extensively. Using |
| }, | ||
| userinfo: { | ||
| url: "https://api.workos.com/user_management/users", | ||
| async request({ tokens, provider }) { |
There was a problem hiding this comment.
The /user_management/authenticate (token) call actually returns the user profile at the same time, so you could in theory just immediately return tokens.user, but I assumed there may be other places where the "userinfo" endpoint gets called to get an updated profile.
There was a problem hiding this comment.
Great reasoning. I think it’s best to wait for an official response from a maintainer regarding how the userinfo property/request works.
There was a problem hiding this comment.
I’ve read the documentation, but I’m confused about the focus of this provider. According to their explanation:
If you are using
AuthKit, set the provider parameter toauthkit, which will generate an authorization URL for your AuthKit domain. AuthKit will take care...
Otherwise, to generate an authorization URL for a WorkOS SSO connection, you’ll need to specify the user’s connection, organization, or OAuth provider as a parameter.
Based on this, if the user selects an authkitProvider value other than authkit, do they need to set both the connection_id and organization_id? If so, these values don’t seem to be available in the provider options for configuration.
On the other hand, Auth.js already includes a provider called WorkOs. What is the difference between this and the one mentioned in the documentation? Do you know if this API is still functional?
Thanks for your time!
| export interface AuthKitProfile extends Record<string, any> { | ||
| object: string | ||
| id: string | ||
| email: string | ||
| email_verified: boolean | ||
| first_name: string | ||
| last_name: string | ||
| profile_picture_url: string | null | ||
| created_at: string | ||
| updated_at: string | ||
| } |
There was a problem hiding this comment.
According to the WorkOS documentation, the properties first_name, last_name, and profile_picture_url are optional. Therefore, sometimes these attributes may not exist, which can cause errors in the profile function since these properties, please read
next-auth/packages/core/src/providers/authkit.ts
Lines 73 to 80 in 66fbe22
There was a problem hiding this comment.
Good catch, I'll update the types and profile.
There was a problem hiding this comment.
I went ahead and made those properties string | null | undefined because the docs say string | undefined, but the API returns string | null. This covers all bases. Additionally, in the profile function I use a waterfall approach to generate name from first_name and last_name.
WorkOS has an SSO passthrough and they also now have an IDP. The WorkOS provider is for the SSO only API, and this provider is for the IDP + SSO API which uses different URLs. The new IDP + SSO API also lets you use AuthKit while the older SSO API does not. |
|
Thank you for taking the time to provide a response. The differences and improvements applied to the new provider compared to the older one make perfect sense. 🤠 |
☕️ Reasoning
WorkOS has added their own IDP in the form of AuthKit and I'd like to use it with next-auth
🧢 Checklist
📌 Resources