Skip to content

Commit

Permalink
feat(auth-google,auth-github): Allow passing a custom callbackUrl to …
Browse files Browse the repository at this point in the history
…oauth providers
  • Loading branch information
sradevski committed Jan 6, 2025
1 parent c8f9938 commit f339ff2
Show file tree
Hide file tree
Showing 5 changed files with 42 additions and 12 deletions.
4 changes: 4 additions & 0 deletions packages/core/types/src/auth/common/provider.ts
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,10 @@ export type AuthenticationInput = {

/**
* Body of the incoming authentication request.
*
* One of the arguments that is suggested to be treated in a standard manner is a `callback_url` field.
* The field specifies where the user is redirected to after a successful authentication in the case of Oauth auhentication.
* If not passed, the provider will fallback to the callback_url provided in the provider options.
*/
body?: Record<string, string>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,17 @@ describe("Github auth provider", () => {
})
})

it("returns a custom redirect_uri on authenticate", async () => {
const res = await githubService.authenticate({
body: { callback_url: "https://someotherurl.com" },
})
expect(res).toEqual({
success: true,
location:
"https://github.com/login/oauth/authorize?redirect_uri=https%3A%2F%2Fsomeotherurl.com&client_id=test&response_type=code",
})
})

it("validate callback should return an error on empty code", async () => {
const res = await githubService.validateCallback(
{
Expand Down
13 changes: 8 additions & 5 deletions packages/modules/providers/auth-github/src/services/github.ts
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,10 @@ export class GithubAuthService extends AbstractAuthModuleProvider {
}
}

return this.getRedirect(this.config_)
return this.getRedirect(
this.config_.clientId,
req.body?.callback_url ?? this.config_.callbackUrl
)
}

async validateCallback(
Expand All @@ -84,9 +87,9 @@ export class GithubAuthService extends AbstractAuthModuleProvider {
return { success: false, error: "No code provided" }
}

const params = `client_id=${this.config_.clientId}&client_secret=${
this.config_.clientSecret
}&code=${code}&redirect_uri=${encodeURIComponent(this.config_.callbackUrl)}`
// We can add redirect_uri=${encodeURIComponent(this.config_.callbackUrl)} here as well for enhanced security, although effect is minimal due to having to preconfigure allowed redirect URLs in Github.
// We need to store state in Redis to enable that first, see TODO above.
const params = `client_id=${this.config_.clientId}&client_secret=${this.config_.clientSecret}&code=${code}`

const exchangeTokenUrl = new URL(
`https://github.com/login/oauth/access_token?${params}`
Expand Down Expand Up @@ -192,7 +195,7 @@ export class GithubAuthService extends AbstractAuthModuleProvider {
}
}

private getRedirect({ clientId, callbackUrl }: LocalServiceConfig) {
private getRedirect(clientId: string, callbackUrl: string) {
const redirectUrlParam = `redirect_uri=${encodeURIComponent(callbackUrl)}`
const clientIdParam = `client_id=${clientId}`
const responseTypeParam = "response_type=code"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,17 @@ describe("Google auth provider", () => {
})
})

it("returns a custom redirect_uri on authenticate", async () => {
const res = await googleService.authenticate({
body: { callback_url: "https://someotherurl.com" },
})
expect(res).toEqual({
success: true,
location:
"https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=https%3A%2F%2Fsomeotherurl.com&client_id=test&response_type=code&scope=email+profile+openid",
})
})

it("validate callback should return an error on empty code", async () => {
const res = await googleService.validateCallback(
{
Expand Down
15 changes: 8 additions & 7 deletions packages/modules/providers/auth-google/src/services/google.ts
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,10 @@ export class GoogleAuthService extends AbstractAuthModuleProvider {
}
}

return this.getRedirect(this.config_)
return this.getRedirect(
this.config_.clientId,
req.body?.callback_url ?? this.config_.callbackUrl
)
}

async validateCallback(
Expand All @@ -85,11 +88,9 @@ export class GoogleAuthService extends AbstractAuthModuleProvider {
return { success: false, error: "No code provided" }
}

const params = `client_id=${this.config_.clientId}&client_secret=${
this.config_.clientSecret
}&code=${code}&redirect_uri=${encodeURIComponent(
this.config_.callbackUrl
)}&grant_type=authorization_code`
// We can add redirect_uri=${encodeURIComponent(this.config_.callbackUrl)} here as well for enhanced security, although effect is minimal due to having to preconfigure allowed redirect URLs in Google.
// We need to store state in Redis to enable that first, see TODO above.
const params = `client_id=${this.config_.clientId}&client_secret=${this.config_.clientSecret}&code=${code}&grant_type=authorization_code`
const exchangeTokenUrl = new URL(
`https://oauth2.googleapis.com/token?${params}`
)
Expand Down Expand Up @@ -175,7 +176,7 @@ export class GoogleAuthService extends AbstractAuthModuleProvider {
}
}

private getRedirect({ clientId, callbackUrl }: LocalServiceConfig) {
private getRedirect(clientId: string, callbackUrl: string) {
const redirectUrlParam = `redirect_uri=${encodeURIComponent(callbackUrl)}`
const clientIdParam = `client_id=${clientId}`
const responseTypeParam = "response_type=code"
Expand Down

0 comments on commit f339ff2

Please sign in to comment.