1 files changed, 35 insertions, 1 deletions

diff --git a/src/lib/auth.server.ts b/src/lib/auth.server.ts
index 77e0dd7..f762cef 100644
--- a/src/lib/auth.server.ts
+++ b/src/lib/auth.server.ts
@@ -2,6 +2,7 @@ import { env as env_priv } from '$env/dynamic/private';
 import { env } from '$env/dynamic/public';
 import * as client from 'openid-client';
 import oncePromise from './oncePromise';
+import type { Cookies } from '@sveltejs/kit';
 
 const server = new URL(env.PUBLIC_AUTH_KEYCLOAK_ISSUER);
 const clientId = env_priv.PRIVATE_AUTH_KEYCLOAK_ID;
@@ -10,7 +11,10 @@ const redirectPath = '/login/callback';
 
 // Only trigger discovery on first client.discovery (resetting the function after a failed discovery)
 export const getConfig = oncePromise(() =>
-  client.discovery(server, clientId, clientSecret)
+  client.discovery(server, clientId, clientSecret).then((config) => {
+    client.useJwtResponseMode(config);
+    return config;
+  })
 );
 const codeVerifier = client.randomPKCECodeVerifier();
 
@@ -71,3 +75,33 @@ export const authorizeNewSession = async (
 
   return tokens;
 };
+
+export const unsetCookies = (cookies: Cookies) => {
+  for (const v of [
+    'oid__access_token',
+    'oid__refresh_token',
+    'oid__token_type',
+    'oid__expires_at',
+    'oid__scopes',
+  ])
+    if (cookies.get(v)) cookies.delete(v, { path: '/' });
+};
+export const setCookies = (
+  cookies: Cookies,
+  tokens: client.TokenEndpointResponse & client.TokenEndpointResponseHelpers
+) => {
+  for (const [k, v] of Object.entries({
+    oid__access_token: tokens.access_token,
+    oid__refresh_token: tokens.refresh_token,
+    oid__token_type: tokens.token_type,
+    oid__expires_at: '' + (Date.now() + (tokens.expiresIn() ?? 0) * 1000),
+    oid__scopes: tokens.scope,
+  }))
+    if (v)
+      cookies.set(k, v, {
+        path: '/',
+        secure: true,
+        httpOnly: true,
+        sameSite: true,
+      });
+};