Implement OIDC authentication with Pocket-ID (P2.18)
Add OIDC/OAuth2 authentication support to the login page with automatic provider detection and email/password fallback. Features: - Auto-detect OIDC provider via PocketBase listAuthMethods() API - Display "Sign In with Pocket-ID" button when OIDC is configured - Use PocketBase authWithOAuth2() popup-based OAuth2 flow - Fall back to email/password form when OIDC not available - Loading states during authentication - Error handling with user-friendly messages The implementation checks for available auth methods on page load and conditionally renders either the OIDC button or the email/password form. This allows production deployments to use OIDC while development environments can continue using email/password. Tests: 24 tests (10 new OIDC tests added) - OIDC button rendering when provider configured - OIDC authentication flow with authWithOAuth2 - Loading and error states for OIDC - Fallback to email/password when OIDC unavailable Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -1,18 +1,65 @@
|
||||
// ABOUTME: Login page for user authentication.
|
||||
// ABOUTME: Provides email/password login form using PocketBase auth.
|
||||
// ABOUTME: Provides OIDC (Pocket-ID) login with email/password fallback.
|
||||
"use client";
|
||||
|
||||
import { useRouter } from "next/navigation";
|
||||
import { type FormEvent, useState } from "react";
|
||||
import { type FormEvent, useEffect, useState } from "react";
|
||||
|
||||
import { pb } from "@/lib/pocketbase";
|
||||
|
||||
interface AuthProvider {
|
||||
name: string;
|
||||
displayName: string;
|
||||
state: string;
|
||||
codeVerifier: string;
|
||||
codeChallenge: string;
|
||||
codeChallengeMethod: string;
|
||||
authURL: string;
|
||||
}
|
||||
|
||||
export default function LoginPage() {
|
||||
const router = useRouter();
|
||||
const [email, setEmail] = useState("");
|
||||
const [password, setPassword] = useState("");
|
||||
const [error, setError] = useState<string | null>(null);
|
||||
const [isLoading, setIsLoading] = useState(false);
|
||||
const [isCheckingAuth, setIsCheckingAuth] = useState(true);
|
||||
const [oidcProvider, setOidcProvider] = useState<AuthProvider | null>(null);
|
||||
|
||||
// Check available auth methods on mount
|
||||
useEffect(() => {
|
||||
const checkAuthMethods = async () => {
|
||||
try {
|
||||
const authMethods = await pb.collection("users").listAuthMethods();
|
||||
const oidc = authMethods.oauth2?.providers?.find(
|
||||
(p: AuthProvider) => p.name === "oidc",
|
||||
);
|
||||
if (oidc) {
|
||||
setOidcProvider(oidc);
|
||||
}
|
||||
} catch {
|
||||
// If listAuthMethods fails, fall back to email/password
|
||||
} finally {
|
||||
setIsCheckingAuth(false);
|
||||
}
|
||||
};
|
||||
checkAuthMethods();
|
||||
}, []);
|
||||
|
||||
const handleOidcLogin = async () => {
|
||||
setIsLoading(true);
|
||||
setError(null);
|
||||
|
||||
try {
|
||||
await pb.collection("users").authWithOAuth2({ provider: "oidc" });
|
||||
router.push("/");
|
||||
} catch (err) {
|
||||
const message =
|
||||
err instanceof Error ? err.message : "Authentication failed";
|
||||
setError(message);
|
||||
setIsLoading(false);
|
||||
}
|
||||
};
|
||||
|
||||
const handleSubmit = async (e: FormEvent<HTMLFormElement>) => {
|
||||
e.preventDefault();
|
||||
@@ -47,65 +94,92 @@ export default function LoginPage() {
|
||||
}
|
||||
};
|
||||
|
||||
// Show loading state while checking auth methods
|
||||
if (isCheckingAuth) {
|
||||
return (
|
||||
<div className="flex min-h-screen items-center justify-center">
|
||||
<div className="w-full max-w-md space-y-8 p-8">
|
||||
<h1 className="text-2xl font-bold text-center">PhaseFlow</h1>
|
||||
<div className="text-center text-gray-500">Loading...</div>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
return (
|
||||
<div className="flex min-h-screen items-center justify-center">
|
||||
<div className="w-full max-w-md space-y-8 p-8">
|
||||
<h1 className="text-2xl font-bold text-center">PhaseFlow</h1>
|
||||
|
||||
<form onSubmit={handleSubmit} className="space-y-6">
|
||||
{error && (
|
||||
<div
|
||||
role="alert"
|
||||
className="bg-red-50 border border-red-200 text-red-700 px-4 py-3 rounded"
|
||||
>
|
||||
{error}
|
||||
</div>
|
||||
)}
|
||||
|
||||
<div>
|
||||
<label
|
||||
htmlFor="email"
|
||||
className="block text-sm font-medium text-gray-700"
|
||||
>
|
||||
Email
|
||||
</label>
|
||||
<input
|
||||
id="email"
|
||||
type="email"
|
||||
value={email}
|
||||
onChange={(e) => handleInputChange(setEmail, e.target.value)}
|
||||
disabled={isLoading}
|
||||
className="mt-1 block w-full rounded-md border border-gray-300 px-3 py-2 shadow-sm focus:border-blue-500 focus:outline-none focus:ring-1 focus:ring-blue-500 disabled:bg-gray-100 disabled:cursor-not-allowed"
|
||||
required
|
||||
/>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label
|
||||
htmlFor="password"
|
||||
className="block text-sm font-medium text-gray-700"
|
||||
>
|
||||
Password
|
||||
</label>
|
||||
<input
|
||||
id="password"
|
||||
type="password"
|
||||
value={password}
|
||||
onChange={(e) => handleInputChange(setPassword, e.target.value)}
|
||||
disabled={isLoading}
|
||||
className="mt-1 block w-full rounded-md border border-gray-300 px-3 py-2 shadow-sm focus:border-blue-500 focus:outline-none focus:ring-1 focus:ring-blue-500 disabled:bg-gray-100 disabled:cursor-not-allowed"
|
||||
required
|
||||
/>
|
||||
{error && (
|
||||
<div
|
||||
role="alert"
|
||||
className="bg-red-50 border border-red-200 text-red-700 px-4 py-3 rounded"
|
||||
>
|
||||
{error}
|
||||
</div>
|
||||
)}
|
||||
|
||||
{oidcProvider ? (
|
||||
// OIDC login button
|
||||
<button
|
||||
type="submit"
|
||||
type="button"
|
||||
onClick={handleOidcLogin}
|
||||
disabled={isLoading}
|
||||
className="w-full rounded-md bg-blue-600 px-4 py-2 text-white font-medium hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2 disabled:bg-blue-400 disabled:cursor-not-allowed"
|
||||
>
|
||||
{isLoading ? "Signing in..." : "Sign in"}
|
||||
{isLoading
|
||||
? "Signing in..."
|
||||
: `Sign in with ${oidcProvider.displayName}`}
|
||||
</button>
|
||||
</form>
|
||||
) : (
|
||||
// Email/password form fallback
|
||||
<form onSubmit={handleSubmit} className="space-y-6">
|
||||
<div>
|
||||
<label
|
||||
htmlFor="email"
|
||||
className="block text-sm font-medium text-gray-700"
|
||||
>
|
||||
Email
|
||||
</label>
|
||||
<input
|
||||
id="email"
|
||||
type="email"
|
||||
value={email}
|
||||
onChange={(e) => handleInputChange(setEmail, e.target.value)}
|
||||
disabled={isLoading}
|
||||
className="mt-1 block w-full rounded-md border border-gray-300 px-3 py-2 shadow-sm focus:border-blue-500 focus:outline-none focus:ring-1 focus:ring-blue-500 disabled:bg-gray-100 disabled:cursor-not-allowed"
|
||||
required
|
||||
/>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label
|
||||
htmlFor="password"
|
||||
className="block text-sm font-medium text-gray-700"
|
||||
>
|
||||
Password
|
||||
</label>
|
||||
<input
|
||||
id="password"
|
||||
type="password"
|
||||
value={password}
|
||||
onChange={(e) => handleInputChange(setPassword, e.target.value)}
|
||||
disabled={isLoading}
|
||||
className="mt-1 block w-full rounded-md border border-gray-300 px-3 py-2 shadow-sm focus:border-blue-500 focus:outline-none focus:ring-1 focus:ring-blue-500 disabled:bg-gray-100 disabled:cursor-not-allowed"
|
||||
required
|
||||
/>
|
||||
</div>
|
||||
|
||||
<button
|
||||
type="submit"
|
||||
disabled={isLoading}
|
||||
className="w-full rounded-md bg-blue-600 px-4 py-2 text-white font-medium hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2 disabled:bg-blue-400 disabled:cursor-not-allowed"
|
||||
>
|
||||
{isLoading ? "Signing in..." : "Sign in"}
|
||||
</button>
|
||||
</form>
|
||||
)}
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user