Feature: enhance OIDC strategy with additional options and type safety

apps/api/src/app/auth/oidc.strategy.ts

@@ -1,36 +1,49 @@
 import { Injectable, Logger } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import { Provider } from '@prisma/client';
+import { Request } from 'express';
 import { Strategy } from 'passport-openidconnect';
 
 import { AuthService } from './auth.service';
 import { OidcStateStore } from './oidc-state.store';
 
+interface OidcStrategyOptions {
+  authorizationURL?: string;
+  callbackURL: string;
+  clientID: string;
+  clientSecret: string;
+  issuer?: string;
+  scope?: string[];
+  tokenURL?: string;
+  userInfoURL?: string;
+}
+
 @Injectable()
 export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') {
   private static readonly stateStore = new OidcStateStore();
 
   public constructor(
     private readonly authService: AuthService,
-    options: any
+    options: OidcStrategyOptions
   ) {
     super({
       ...options,
       passReqToCallback: true,
       scope: ['openid', 'profile', 'email'],
       store: OidcStrategy.stateStore
-    });
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    } as any);
   }
 
   public async validate(
-    _request: any,
+    _request: Request,
     _issuer: string,
-    profile: any,
-    context: any,
-    idToken: any,
-    _accessToken: any,
-    _refreshToken: any,
-    params: any
+    profile: { id?: string },
+    context: { claims?: { sub?: string } },
+    idToken: { sub?: string },
+    _accessToken: string,
+    _refreshToken: string,
+    params: { sub?: string }
   ) {
     try {
       const thirdPartyId =

package-lock.json

@@ -130,6 +130,7 @@
         "@types/node": "22.15.17",
         "@types/papaparse": "5.3.7",
         "@types/passport-google-oauth20": "2.0.16",
+        "@types/passport-openidconnect": "^0.1.3",
         "@typescript-eslint/eslint-plugin": "8.43.0",
         "@typescript-eslint/parser": "8.43.0",
         "eslint": "9.35.0",
@@ -14503,6 +14504,30 @@
         "@types/passport": "*"
       }
     },
+    "node_modules/@types/passport-openidconnect": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/@types/passport-openidconnect/-/passport-openidconnect-0.1.3.tgz",
+      "integrity": "sha512-k1Ni7bG/9OZNo2Qpjg2W6GajL+pww6ZPaNWMXfpteCX4dXf4QgaZLt2hjR5IiPrqwBT9+W8KjCTJ/uhGIoBx/g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/express": "*",
+        "@types/oauth": "*",
+        "@types/passport": "*",
+        "@types/passport-strategy": "*"
+      }
+    },
+    "node_modules/@types/passport-strategy": {
+      "version": "0.2.38",
+      "resolved": "https://registry.npmjs.org/@types/passport-strategy/-/passport-strategy-0.2.38.tgz",
+      "integrity": "sha512-GC6eMqqojOooq993Tmnmp7AUTbbQSgilyvpCYQjT+H6JfG/g6RGc7nXEniZlp0zyKJ0WUdOiZWLBZft9Yug1uA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/express": "*",
+        "@types/passport": "*"
+      }
+    },
     "node_modules/@types/qs": {
       "version": "6.14.0",
       "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.14.0.tgz",

package.json

@@ -174,6 +174,7 @@
     "@types/node": "22.15.17",
     "@types/papaparse": "5.3.7",
     "@types/passport-google-oauth20": "2.0.16",
+    "@types/passport-openidconnect": "^0.1.3",
     "@typescript-eslint/eslint-plugin": "8.43.0",
     "@typescript-eslint/parser": "8.43.0",
     "eslint": "9.35.0",