✨ Configuration de la durée validité du token JWT (MTES-MCT#1391)

* ✨ Configuration de la durée validité du token JWT * 🔒️ Utilisation de cookie de session sécurisé en HTTPS
lenybernard · Nov 6, 2023 · 0bdd163 · 0bdd163
1 parent df9fce2
commit 0bdd163
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/packages/applications/ssr/src/app/api/auth/[...nextauth]/route.ts b/packages/applications/ssr/src/app/api/auth/[...nextauth]/route.ts
@@ -1,6 +1,9 @@
 import NextAuth from 'next-auth';
 import KeycloakProvider from 'next-auth/providers/keycloak';
 
+const FIFTEEN_MINUTES = 15 * 60;
+const ONE_DAY = 24 * 60 * 60;
+
 const handler = NextAuth({
   providers: [
     KeycloakProvider({
@@ -11,6 +14,8 @@ const handler = NextAuth({
   ],
   session: {
     strategy: 'jwt',
+    maxAge: ONE_DAY,
+    updateAge: FIFTEEN_MINUTES,
   },
   callbacks: {
     jwt({ token, account }) {

diff --git a/src/infra/keycloak/makeKeycloakAuth.ts b/src/infra/keycloak/makeKeycloakAuth.ts
@@ -88,7 +88,6 @@ export const makeKeycloakAuth = (deps: KeycloakAuthDeps) => {
         ...(!isLocalEnv && {
           cookie: {
             secure: true,
-            httpOnly: true,
           },
         }),
       }),
@@ -121,7 +120,7 @@ export const makeKeycloakAuth = (deps: KeycloakAuthDeps) => {
           logger.error(
             `Found user keycloak auth but not user in database for id ${req.kauth?.grant?.access_token?.content?.sub}`,
           );
-          res.redirect('/logout');
+          res.redirect(routes.LOGOUT_ACTION);
           return;
         }