我正在尝试将 next-auth 的 google 提供商与 aws cognito 集成。使用 cognito 登录工作正常,但是当我尝试使用 google 登录时,屏幕上出现错误,显示“请求的页面遇到错误。状态无效”我仔细检查了所有 .env 变量,所以我不这样做相信这就是问题所在。唯一想到的是状态参数使用不正确,但我真的无法判断。
import { CognitoIdentityProviderClient, GetUserCommand, InitiateAuthCommand } from "@aws-sdk/client-cognito-identity-provider";
import NextAuth, { NextAuthOptions } from 'next-auth'
import Providers from 'next-auth/providers/credentials'
import Google from 'next-auth/providers/google'
import Facebook from 'next-auth/providers/facebook'
import { COGNIS_BASE_PATH, SOCIAL_REDIRECT_URL } from "@/app/utils/constants";
export const generateRandomString = () => {
// Implement your logic to generate a random string
return Math.random().toString(36).substring(2, 15);
}
const googleProvider = Google({
name: 'Google',
clientId: process.env.GOOGLE_CLIENT_ID as string,
clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,
authorization: {
params: {
client_id: process.env.GOOGLE_CLIENT_ID as string,
redirect_uri: SOCIAL_REDIRECT_URL,
scope: 'profile email openid',
// Include the state parameter in the authorization URL
state: generateRandomString(),
},
},
profile: (profile) => {
console.log(profile);
return {
id: profile.id,
name: profile.name,
email: profile.email,
image: profile.picture,
}
}
});
const facebookProvider = Facebook({
name: 'Facebook',
clientId: process.env.FACEBOOK_CLIENT_ID as string,
clientSecret: process.env.FACEBOOK_SECRET as string,
authorization: {
params: {
client_id: process.env.FACEBOOK_CLIENT_ID as string,
redirect_uri: SOCIAL_REDIRECT_URL as string,
scope: 'public profile email',
},
},
});
const cognitoProvider = Providers({
name: 'Cognito',
credentials: {
username: { label: "Username", type: "text" },
password: { label: "Password", type: "password" }
},
authorize: async (credentials: any) => {
const { username, password } = credentials;
const cognitoClient = new CognitoIdentityProviderClient({
region: process.env.COGNITO_REGION,
});
try {
const command = new InitiateAuthCommand({
AuthFlow: 'USER_PASSWORD_AUTH',
ClientId: process.env.COGNITO_CLIENT_ID as string,
AuthParameters: {
USERNAME: username,
PASSWORD: password,
},
});
const response = await cognitoClient.send(command);
if (response.AuthenticationResult) {
// Retrieve custom attributes
const getUserCommand = new GetUserCommand({
AccessToken: response.AuthenticationResult.AccessToken
});
const userResponse = await cognitoClient.send(getUserCommand);
if (userResponse.UserAttributes) {
const customAttributes = userResponse.UserAttributes.filter(attr => attr.Name?.startsWith('custom:'));
return {
id: username,
...response.AuthenticationResult,
customAttributes: customAttributes
};
}else{
return {
id: username,
...response.AuthenticationResult
};
}
} else {
return null;
}
} catch (error) {
console.error(error);
return null;
}
},
});
export const authOptions: NextAuthOptions = {
providers: [cognitoProvider, googleProvider, facebookProvider],
session: {
strategy: 'jwt',
},
secret: process.env.NEXTAUTH_SECRET,
callbacks: {
async signIn({ user, account, profile, email, credentials }) {
console.log((user as any).AccessToken);
return true;
},
async jwt({ token, user }) {
if (user) {
token.user = { ...user as any };
// console.log((token.user as any).AccessToken);
}
return token;
},
async session({ session, token }) {
if (token?.user) {
session.user = token.user;
}
return session
},
async redirect({ url, baseUrl }) { return baseUrl },
},
useSecureCookies: false
};
const handler = NextAuth(authOptions);
console.log(generateRandomString())
export { handler as GET, handler as POST }
我对社交登录也有同样的问题,但另一方面,凭据提供程序工作正常并且可以正常登录。