feat(core): support google one tap

support google one tap verification

packages/core/src/routes/experience/classes/verifications/social-verification.ts

@@ -139,8 +139,6 @@ export class SocialVerification implements IdentifierVerificationRecord<Verifica
       new RequestError({ code: 'session.verification_failed', status: 400 })
     );
 
-    // TODO: sync userInfo and link social identity
-
     const user = await this.findUserBySocialIdentity();
 
     if (!user) {

packages/core/src/routes/experience/verification-routes/enterprise-sso-verification.ts

@@ -80,7 +80,11 @@ export default function enterpriseSsoVerificationRoutes<
       params: z.object({
         connectorId: z.string(),
       }),
-      body: socialVerificationCallbackPayloadGuard,
+      body: socialVerificationCallbackPayloadGuard.merge(
+        z.object({
+          verificationId: z.string(),
+        })
+      ),
       response: z.object({
         verificationId: z.string(),
       }),

packages/core/src/routes/experience/verification-routes/social-verification.ts

@@ -1,3 +1,4 @@
+import { GoogleConnector } from '@logto/connector-kit';
 import {
   VerificationType,
   socialAuthorizationUrlPayloadGuard,
@@ -101,10 +102,34 @@ export default function socialVerificationRoutes<T extends ExperienceInteraction
         },
       });
 
-      const socialVerificationRecord = ctx.experienceInteraction.getVerificationRecordByTypeAndId(
-        VerificationType.Social,
-        verificationId
-      );
+      const socialVerificationRecord = (() => {
+        if (verificationId) {
+          return ctx.experienceInteraction.getVerificationRecordByTypeAndId(
+            VerificationType.Social,
+            verificationId
+          );
+        }
+
+        // Check if is Google one tap verification
+        if (
+          connectorId === GoogleConnector.factoryId &&
+          connectorData[GoogleConnector.oneTapParams.credential]
+        ) {
+          const socialVerificationRecord = SocialVerification.create(
+            libraries,
+            queries,
+            connectorId
+          );
+          ctx.experienceInteraction.setVerificationRecord(socialVerificationRecord);
+          return socialVerificationRecord;
+        }
+
+        // No verificationId provided and not Google one tap callback
+        throw new RequestError({
+          code: 'session.verification_session_not_found',
+          status: 404,
+        });
+      })();
 
       assertThat(
         socialVerificationRecord.connectorId === connectorId,

packages/schemas/src/types/interactions.ts

@@ -84,12 +84,12 @@ export const socialAuthorizationUrlPayloadGuard = z.object({
 export type SocialVerificationCallbackPayload = {
   /** The callback data from the social connector. */
   connectorData: Record<string, unknown>;
-  /**  The verification ID returned from the authorization URI. */
-  verificationId: string;
+  /**  The verification ID returned from the authorization URI. Optional for Google one tap callback */
+  verificationId?: string;
 };
 export const socialVerificationCallbackPayloadGuard = z.object({
   connectorData: jsonObjectGuard,
-  verificationId: z.string(),
+  verificationId: z.string().optional(),
 }) satisfies ToZodObject<SocialVerificationCallbackPayload>;
 
 /** Payload type for `POST /api/experience/verification/password`. */