fix(provider): refactor Okta provider (#2856)

* fix(provider): refactor Okta provider

* fix(providers): convert Okta to TS

* fix: typo

* fix(okta): adds picture to profile

Co-authored-by: Balázs Orbán <info@balazsorban.com>

* fix(provider): refactor Okta provider

fix(providers): convert Okta to TS

fix: typo

* fix: resolves merge conflicts

Co-authored-by: Balázs Orbán <info@balazsorban.com>

Author: kiranjd

app/pages/api/auth/[...nextauth].ts

@@ -21,6 +21,7 @@ import AzureADProvider from "next-auth/providers/azure-ad"
 import SpotifyProvider from "next-auth/providers/spotify"
 import CognitoProvider from "next-auth/providers/cognito"
 import SlackProvider from "next-auth/providers/slack"
+import Okta from "next-auth/providers/okta"
 
 // import { PrismaAdapter } from "@next-auth/prisma-adapter"
 // import { PrismaClient } from "@prisma/client"
@@ -150,6 +151,11 @@ export default NextAuth({
       clientSecret: process.env.COGNITO_SECRET,
       issuer: process.env.COGNITO_ISSUER,
     }),
+    Okta({
+      clientId: process.env.OKTA_ID,
+      clientSecret: process.env.OKTA_SECRET,
+      issuer: process.env.OKTA_ISSUER,
+    }),
     SlackProvider({
       clientId: process.env.SLACK_ID,
       clientSecret: process.env.SLACK_SECRET,

src/providers/okta.js

@@ -0,0 +1,56 @@
+import { OAuthConfig, OAuthUserConfig } from "."
+
+export interface OktaProfile {
+  iss: string
+  ver: string
+  sub: string
+  aud: string
+  iat: string
+  exp: string
+  jti: string
+  auth_time: string
+  amr: string
+  idp: string
+  nonce: string
+  name: string
+  nickname: string
+  preferred_username: string
+  given_name: string
+  middle_name: string
+  family_name: string
+  email: string
+  email_verified: string
+  profile: string
+  zoneinfo: string
+  locale: string
+  address: string
+  phone_number: string
+  picture: string
+  website: string
+  gender: string
+  birthdate: string
+  updated_at: string
+  at_hash: string
+  c_hash: string
+}
+
+export default function Okta<P extends Record<string, any> = OktaProfile>(
+  options: OAuthUserConfig<P>
+): OAuthConfig<P> {
+  return {
+    id: "okta",
+    name: "Okta",
+    type: "oauth",
+    wellKnown: `${options.issuer}/.well-known/openid-configuration`,
+    authorization: { params: { scope: "openid email profile" } },
+    profile(profile) {
+      return {
+        id: profile.sub,
+        name: profile.name ?? profile.preferred_username,
+        email: profile.email,
+        image: profile.picture,
+      }
+    },
+    options,
+  }
+}