From e7a0dbd3dd897b2a62a011df795c89fb9171b965 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?U=C4=A3is?= <berzinsu@gmail.com>
Date: Wed, 29 Nov 2023 16:13:22 +0200
Subject: [PATCH] feat: add max_age param for auth0 (#26)

Forces reauthentication whenever user logs out, and shows Auth0 Universal Login
Can be set when defining auth0EventHandler, same as `emailRequired`
---
 src/runtime/server/lib/oauth/auth0.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/runtime/server/lib/oauth/auth0.ts b/src/runtime/server/lib/oauth/auth0.ts
index 1cd52bab..b1fd967b 100644
--- a/src/runtime/server/lib/oauth/auth0.ts
+++ b/src/runtime/server/lib/oauth/auth0.ts
@@ -39,6 +39,12 @@ export interface OAuthAuth0Config {
    * @default false
    */
   emailRequired?: boolean
+  /**
+   * Maximum Authentication Age. If the elapsed time is greater than this value, the OP must attempt to actively re-authenticate the end-user.
+   * @default 0
+   * @see https://auth0.com/docs/authenticate/login/max-age-reauthentication
+   */
+  maxAge?: number
 }
 
 export function auth0EventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthAuth0Config>) {
@@ -73,6 +79,7 @@ export function auth0EventHandler({ config, onSuccess, onError }: OAuthConfig<OA
           redirect_uri: redirectUrl,
           scope: config.scope.join(' '),
           audience: config.audience || '',
+          max_age: config.maxAge || 0,
         })
       )
     }