feat(providers): refactor Cognito provider (#2829)

* chore(dev): add CognitoProvider to dev app

* feat(log): log `error_description` in OAuth callback

* fix(providers): migrate Cognito to v4

* docs: mention superblog.ai for infra support

* fix: return profile picture for Cognito

* fix(ts): add picture to CognitoProfile

Author: balazsorban44

README.md

@@ -197,6 +197,13 @@ We're happy to announce we've recently created an [OpenCollective](https://openc
         <div>Checkly</div><br />
         <sub>☁️ Infrastructure Support</sub>
       </td>
+      <td align="center" valign="top">
+        <a href="https://superblog.ai/" target="_blank">
+          <img width="128px" src="https://d33wubrfki0l68.cloudfront.net/cdc4a3833bd878933fcc131655878dbf226ac1c5/10cd6/images/logo_bolt_small.png" alt="superblog Logo" />
+        </a><br />
+        <div>superblog</div><br />
+        <sub>☁️ Infrastructure Support</sub>
+      </td>
     </tr><tr></tr>
   </tbody>
 </table>

app/pages/api/auth/[...nextauth].ts

@@ -19,6 +19,7 @@ import MailchimpProvider from "next-auth/providers/mailchimp"
 import DiscordProvider from "next-auth/providers/discord"
 import AzureADProvider from "next-auth/providers/azure-ad"
 import SpotifyProvider from "next-auth/providers/spotify"
+import CognitoProvider from "next-auth/providers/cognito"
 
 // import { PrismaAdapter } from "@next-auth/prisma-adapter"
 // import { PrismaClient } from "@prisma/client"
@@ -143,6 +144,11 @@ export default NextAuth({
       clientId: process.env.SPOTIFY_ID,
       clientSecret: process.env.SPOTIFY_SECRET,
     }),
+    CognitoProvider({
+      clientId: process.env.COGNITO_ID,
+      clientSecret: process.env.COGNITO_SECRET,
+      issuer: process.env.COGNITO_ISSUER,
+    }),
   ],
   jwt: {
     encryption: true,

src/providers/cognito.js

@@ -0,0 +1,28 @@
+import { OAuthConfig, OAuthUserConfig } from "."
+
+export interface CognitoProfile {
+  sub: string
+  name: string
+  email: string
+  picture: string
+}
+
+export default function Cognito<P extends Record<string, any> = CognitoProfile>(
+  options: OAuthUserConfig<P>
+): OAuthConfig<P> {
+  return {
+    id: "cognito",
+    name: "Cognito",
+    type: "oauth",
+    wellKnown: `${options.issuer}/.well-known/openid-configuration`,
+    profile(profile) {
+      return {
+        id: profile.sub,
+        name: profile.name,
+        email: profile.email,
+        image: profile.picture,
+      }
+    },
+    options,
+  }
+}

src/providers/cognito.ts

@@ -21,6 +21,7 @@ export default async function oAuthCallback(
     const error = new Error(errorMessage)
     logger.error("OAUTH_CALLBACK_HANDLER_ERROR", {
       error,
+      error_description: req.query?.error_description,
       body: req.body,
       providerId: provider.id,
     })