provider: tidy up

Japan7 · Jul 21, 2024 · 3c7a47b · 3c7a47b
1 parent 7f37e76
commit 3c7a47b
Showing 1 changed file with 43 additions and 21 deletions.
diff --git a/server/utils/provider.ts b/server/utils/provider.ts
@@ -2,8 +2,17 @@ import Provider, { type Configuration } from "oidc-provider";
 
 const config: Configuration = {
   adapter: RedisAdapter,
+
   clients: userConfig.clients,
+
   findAccount: Account.findAccount,
+
+  jwks: userConfig.oidc.jwks,
+
+  features: {
+    devInteractions: { enabled: false },
+  },
+
   claims: {
     address: ["address"],
     email: ["email", "email_verified"],
@@ -28,33 +37,46 @@ const config: Configuration = {
     ],
     groups: ["groups"],
   },
+
+  clientBasedCORS: (ctx, origin, client) =>
+    client.redirectUris.some((uri) => uri.startsWith(origin)),
+
   cookies: {
     keys: userConfig.oidc.cookies.keys,
   },
+
   expiresWithSession: () => false,
-  features: {
-    devInteractions: { enabled: false },
+
+  pkce: {
+    required: () => false,
   },
-  jwks: userConfig.oidc.jwks,
-  pkce: { required: () => false },
+
   ttl: {
-    AccessToken: (ctx, token, client) => {
-      return token.resourceServer?.accessTokenTTL || 60 * 60; // 1 hour in seconds
-    },
-    AuthorizationCode: 60 /* 1 minute in seconds */,
+    // max 1 hour in seconds
+    AccessToken: (ctx, token, client) =>
+      token.resourceServer?.accessTokenTTL || 60 * 60,
+    // 1 minute in seconds
+    AuthorizationCode: 60,
+    // max 10 minutes in seconds
     BackchannelAuthenticationRequest: (ctx, request, client) => {
       if (ctx?.oidc && ctx.oidc.params.requested_expiry) {
-        return Math.min(10 * 60, +ctx.oidc.params.requested_expiry); // 10 minutes in seconds or requested_expiry, whichever is shorter
+        // 10 minutes in seconds or requested_expiry, whichever is shorter
+        return Math.min(10 * 60, +ctx.oidc.params.requested_expiry);
       }
-      return 10 * 60; // 10 minutes in seconds
-    },
-    ClientCredentials: (ctx, token, client) => {
-      return token.resourceServer?.accessTokenTTL || 10 * 60; // 10 minutes in seconds
+      return 10 * 60;
     },
-    DeviceCode: 600 /* 10 minutes in seconds */,
-    Grant: 24 * 60 * 60 /* 1 day in seconds */,
-    IdToken: 3600 /* 1 hour in seconds */,
-    Interaction: 3600 /* 1 hour in seconds */,
+    // max 10 minutes in seconds
+    ClientCredentials: (ctx, token, client) =>
+      token.resourceServer?.accessTokenTTL || 10 * 60,
+    // 10 minutes in seconds
+    DeviceCode: 10 * 60,
+    // 1 day in seconds
+    Grant: 24 * 60 * 60,
+    // 1 hour in seconds
+    IdToken: 60 * 60,
+    // 1 hour in seconds
+    Interaction: 60 * 60,
+    // max 1 day in seconds
     RefreshToken: (ctx, token, client) => {
       if (
         ctx &&
@@ -66,12 +88,12 @@ const config: Configuration = {
         // Non-Sender Constrained SPA RefreshTokens do not have infinite expiration through rotation
         return ctx.oidc.entities.RotatedRefreshToken.remainingTTL;
       }
-      return 24 * 60 * 60; // 1 day in seconds
+      // 1 day in seconds
+      return 24 * 60 * 60;
     },
-    Session: 24 * 60 * 60 /* 1 day in seconds */,
+    // 1 day in seconds
+    Session: 24 * 60 * 60,
   },
-  clientBasedCORS: (ctx, origin, client) =>
-    client.redirectUris.some((uri) => uri.startsWith(origin)),
 };
 
 export const provider = new Provider(userConfig.publicUrl, config);