Implement direct login functionality with email and password

- Update login API to support direct authentication via email and password, removing the OAuth2 redirect flow. - Modify LoginForm component to include password field and validation. - Refactor useAuth composable to handle login with both email and password. - Remove unnecessary OAuth2 callback handler and PKCE utilities. - Update relevant documentation and error handling for the new login method.
2025-10-31 14:27:38 +01:00
parent e71316dfe7
commit 7c7c4fcb6f
8 changed files with 178 additions and 268 deletions
--- a/server/utils/cidaas.ts
+++ b/server/utils/cidaas.ts
@@ -218,6 +218,74 @@ export async function registerUser(
  }
 }

+/**
+ * Login with username and password (Resource Owner Password Credentials Flow)
+ *
+ * @param email - User email address
+ * @param password - User password
+ * @returns Token response with access_token and id_token
+ * @throws H3Error if login fails
+ */
+export async function loginWithPassword(
+  email: string,
+  password: string
+): Promise<CidaasTokenResponse> {
+  const config = useRuntimeConfig()
+
+  // Prepare token request with password grant
+  const params = new URLSearchParams({
+    grant_type: 'password',
+    username: email, // Cidaas uses 'username' field for email
+    password,
+    client_id: config.cidaas.clientId,
+    client_secret: config.cidaas.clientSecret,
+    scope: 'openid profile email', // Request OIDC scopes
+  })
+
+  try {
+    const response = await fetch(config.cidaas.tokenUrl, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body: params.toString(),
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      console.error('Cidaas password login failed:', errorData)
+
+      // Handle specific errors
+      if (response.status === 401) {
+        throw createError({
+          statusCode: 401,
+          statusMessage: 'Invalid email or password',
+        })
+      }
+
+      throw createError({
+        statusCode: response.status,
+        statusMessage: 'Login failed',
+        data: errorData,
+      })
+    }
+
+    const tokens: CidaasTokenResponse = await response.json()
+    return tokens
+  } catch (error) {
+    console.error('Password login error:', error)
+
+    if ((error as H3Error).statusCode) {
+      throw error // Re-throw H3Error
+    }
+
+    throw createError({
+      statusCode: 500,
+      statusMessage: 'Failed to authenticate with Cidaas',
+    })
+  }
+}
+
 /**
 * Refresh access token using refresh token
 *