From 0df1b224f2e147a81916a071b9a27818ffa60a2d Mon Sep 17 00:00:00 2001
From: Mathieu Virbel <mat@meltingrocks.com>
Date: Fri, 29 Aug 2025 18:56:08 -0600
Subject: [PATCH] fix: handle undefined access tokens in auth.ts

Added fallback to empty string for potentially undefined access_token
and refresh_token from NextAuth account object to satisfy
JWTWithAccessToken type requirements.
---
 www/app/lib/auth.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/www/app/lib/auth.ts b/www/app/lib/auth.ts
index 375af3e4..d200587b 100644
--- a/www/app/lib/auth.ts
+++ b/www/app/lib/auth.ts
@@ -38,11 +38,11 @@ export const authOptions: AuthOptions = {
         // called only on first login
         // XXX account.expires_in used in example is not defined for authentik backend, but expires_at is
         const expiresAt = (account.expires_at as number) - PRETIMEOUT;
-        const jwtToken = {
+        const jwtToken: JWTWithAccessToken = {
           ...extendedToken,
-          accessToken: account.access_token,
+          accessToken: account.access_token || "",
           accessTokenExpires: expiresAt * 1000,
-          refreshToken: account.refresh_token,
+          refreshToken: account.refresh_token || "",
         };
         // Store in memory cache
         tokenCache.set(`token:${jwtToken.sub}`, {