feat<Auth>: Allow sending login_hint, lang and nonce on signInWithRed…

…irects (aws-amplify#8951)
Alevale · Dec 18, 2024 · aea008c · aea008c
1 parent ec2ff53
commit aea008c
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 0 deletions.
diff --git a/packages/auth/__tests__/providers/cognito/signInWithRedirect.test.ts b/packages/auth/__tests__/providers/cognito/signInWithRedirect.test.ts
@@ -282,6 +282,7 @@ describe('signInWithRedirect', () => {
 			);
 			expect(mockHandleFailure).toHaveBeenCalledWith(expectedError);
 		});
+
 		it('should not set the Oauth flag on non-browser environments', async () => {
 			const mockOpenAuthSessionResult = {
 				type: 'success',
@@ -295,6 +296,28 @@ describe('signInWithRedirect', () => {
 
 			expect(oAuthStore.storeOAuthInFlight).toHaveBeenCalledTimes(0);
 		});
+
+		it('should send the login_hint, lang and nonce in the query string if provided', async () => {
+			await signInWithRedirect({
+				provider: 'Google',
+				options: {
+					loginHint: 'someone@gmail.com',
+					lang: 'en',
+					nonce: '88388838883',
+				},
+			});
+
+			const [oauthUrl, redirectSignIn, preferPrivateSession] =
+				mockOpenAuthSession.mock.calls[0];
+
+			expect(oauthUrl).toStrictEqual(
+				'https://oauth.domain.com/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F&response_type=code&client_id=userPoolClientId&identity_provider=Google&scope=phone%20email%20openid%20profile%20aws.cognito.signin.user.admin&login_hint=someone%40gmail.com&lang=en&nonce=88388838883&state=oauth_state&code_challenge=code_challenge&code_challenge_method=S256',
+			);
+			expect(redirectSignIn).toEqual(
+				mockAuthConfigWithOAuth.Auth.Cognito.loginWith.oauth.redirectSignIn,
+			);
+			expect(preferPrivateSession).toBeUndefined();
+		});
 	});
 
 	describe('errors', () => {

diff --git a/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts b/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts
@@ -57,6 +57,9 @@ export async function signInWithRedirect(
 		provider,
 		customState: input?.customState,
 		preferPrivateSession: input?.options?.preferPrivateSession,
+		loginHint: input?.options?.loginHint,
+		lang: input?.options?.lang,
+		nonce: input?.options?.nonce,
 	});
 }
 
@@ -66,12 +69,18 @@ const oauthSignIn = async ({
 	clientId,
 	customState,
 	preferPrivateSession,
+	loginHint,
+	lang,
+	nonce,
 }: {
 	oauthConfig: OAuthConfig;
 	provider: string;
 	clientId: string;
 	customState?: string;
 	preferPrivateSession?: boolean;
+	loginHint?: string;
+	lang?: string;
+	nonce?: string;
 }) => {
 	const { domain, redirectSignIn, responseType, scopes } = oauthConfig;
 	const randomState = generateState();
@@ -99,6 +108,10 @@ const oauthSignIn = async ({
 		client_id: clientId,
 		identity_provider: provider,
 		scope: scopes.join(' '),
+		// eslint-disable-next-line camelcase
+		...(loginHint && { login_hint: loginHint }),
+		...(lang && { lang }),
+		...(nonce && { nonce }),
 		state,
 		...(responseType === 'code' && {
 			code_challenge: toCodeChallenge(),

diff --git a/packages/auth/src/types/inputs.ts b/packages/auth/src/types/inputs.ts
@@ -68,6 +68,9 @@ export interface AuthSignInWithRedirectInput {
 		 * On all other platforms, this flag is ignored.
 		 */
 		preferPrivateSession?: boolean;
+		loginHint?: string;
+		lang?: string;
+		nonce?: string;
 	};
 }