Allow generating callbackUri on the fly #254
Description
Prerequisites
- I have written a descriptive issue title
- I have searched existing issues to ensure the feature has not already been requested
🚀 Feature Proposal
I propose a simple way of letting users generate callbackUri on the fly be added to fastify-oauth2. While there are probably many ways to implement it, some of which are probably more powerful, I feel that the turning callbackUri option into string | (FastifyRequest => string) might be the best first solution. It would be easy to understand and require minimal changes to the codebase.
We might want to include some other parameters by default. Perhaps FastifyInstance as the first parameter and FastifyRequest as the second.
Motivation
Often the same server can be referred to from many domains. Take for example Google App Engine. Each and every version of the software will have a hostname like this:
<version>-dot-<app_name>.appspot.com.
One of the versions will be the main version and have a domain name like this
<app_name>.appspot.com
In addition, most serious, user-facing projects would also configure a custom domain name.
The main version can be changed at any time to something else, which means that configuring one static callbackUri is impractical.
Creating your own startRedirect route and calling generateAuthorizationUri and then modifying the resulting uri has has been suggested, but getAccessTokenFromAuthorizationCodeFlow would still use the original callbackUri. This method is also somewhat beginner-unfriendly.
Registering the plugin for each domain has been used as a workaround, but this solution is definitely not obvious.
Example
With my proposal, fastify-oauth2 plugin could be configured like this
import fastifyOauth2 from '@fastify/oauth2';
fastify.register(<any>fastifyOauth2, {
name: 'zitadel',
// ... The other options
startRedirectPath: '/api/session/login',
callbackUri: (req: FastifyRequest) => `${req.protocol}://${req.hostname}/api/session/callback`,
});