feat: allow to return string in signIn callback (#1019)

src/server/lib/callbacks.js

@@ -12,8 +12,9 @@
  * @param  {object} profile  User profile (e.g. user id, name, email)
  * @param  {object} account  Account used to sign in (e.g. OAuth account)
  * @param  {object} metadata Provider specific metadata (e.g. OAuth Profile)
- * @return {boolean|object}  Return `true` (or a modified JWT) to allow sign in
+ * @return {boolean|string}  Return `true` to allow sign in
  *                           Return `false` to deny access
+ *                           Return `string` to redirect to (eg.: "/unauthorized")
  */
 const signIn = async (profile, account, metadata) => {
   const isAllowedToSignIn = true

src/server/routes/callback.js

@@ -71,13 +71,16 @@ export default async (req, res, options, done) => {
             const signInCallbackResponse = await callbacks.signIn(userOrProfile, account, OAuthProfile)
             if (signInCallbackResponse === false) {
               return redirect(`${baseUrl}${basePath}/error?error=AccessDenied`)
+            } else if (typeof signInCallbackResponse === 'string') {
+              return redirect(signInCallbackResponse)
             }
           } catch (error) {
             if (error instanceof Error) {
               return redirect(`${baseUrl}${basePath}/error?error=${encodeURIComponent(error)}`)
-            } else {
-              return redirect(error)
             }
+            // TODO: Remove in a future major release
+            logger.warn('SIGNIN_CALLBACK_REJECT_REDIRECT')
+            return redirect(error)
           }
 
           // Sign user in
@@ -162,13 +165,16 @@ export default async (req, res, options, done) => {
         const signInCallbackResponse = await callbacks.signIn(profile, account, { email })
         if (signInCallbackResponse === false) {
           return redirect(`${baseUrl}${basePath}/error?error=AccessDenied`)
+        } else if (typeof signInCallbackResponse === 'string') {
+          return redirect(signInCallbackResponse)
         }
       } catch (error) {
         if (error instanceof Error) {
           return redirect(`${baseUrl}${basePath}/error?error=${encodeURIComponent(error)}`)
-        } else {
-          return redirect(error)
         }
+        // TODO: Remove in a future major release
+        logger.warn('SIGNIN_CALLBACK_REJECT_REDIRECT')
+        return redirect(error)
       }
 
       // Sign user in

www/docs/configuration/callbacks.md

@@ -44,8 +44,9 @@ callbacks: {
    * @param  {object} user     User object
    * @param  {object} account  Provider account
    * @param  {object} profile  Provider profile 
-   * @return {boolean}         Return `true` (or a modified JWT) to allow sign in
+   * @return {boolean|string}  Return `true` to allow sign in
    *                           Return `false` to deny access
+   *                           Return `string` to redirect to (eg.: "/unauthorized")
    */
   signIn: async (user, account, profile) => {
     const isAllowedToSignIn = true
@@ -54,9 +55,8 @@ callbacks: {
     } else {
       // Return false to display a default error message
       return false
-      // You can also Reject this callback with an Error or with a URL:
-      // throw new Error('error message') // Redirect to error page
-      // return '/path/to/redirect'        // Redirect to a URL
+      // Or you can return a URL to redirect to:
+      // return '/unauthorized'
     }
   }
 }

www/docs/warnings.md

@@ -48,3 +48,23 @@ You can use [node-jose-tools](https://www.npmjs.com/package/node-jose-tools) to
 
 #### JWT_AUTO_GENERATED_ENCRYPTION_KEY
 
+#### SIGNIN_CALLBACK_REJECT_REDIRECT
+
+You returned something in the `signIn` callback, that is being deprecated.
+
+You probably had something similar in the callback:
+```js
+  return Promise.reject("/some/url")
+```
+
+or
+
+```js
+  throw "/some/url"
+```
+
+To remedy this, simply return the url instead:
+
+```js
+  return "/some/url"
+```