From 545a7e752e39e3019d8159eb0a6c5603764df629 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Orb=C3=A1n?= Date: Sat, 5 Dec 2020 09:54:27 +0100 Subject: [PATCH] feat: forward auth params from signin to provider (#823) --- src/client/index.js | 9 +++++++-- src/server/lib/signin/oauth.js | 3 ++- src/server/routes/signin.js | 5 ++++- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/client/index.js b/src/client/index.js index e65ba1e083..e96c422f30 100644 --- a/src/client/index.js +++ b/src/client/index.js @@ -222,7 +222,7 @@ const _useSessionHook = (session) => { } // Client side method -const signIn = async (provider, args = {}) => { +const signIn = async (provider, args = {}, authParams = {}) => { const baseUrl = _apiBaseUrl() const callbackUrl = (args && args.callbackUrl) ? args.callbackUrl : window.location const providers = await getProviders() @@ -232,9 +232,14 @@ const signIn = async (provider, args = {}) => { // If Provider not recognized, redirect to sign in page window.location = `${baseUrl}/signin?callbackUrl=${encodeURIComponent(callbackUrl)}` } else { - const signInUrl = (providers[provider].type === 'credentials') + let signInUrl = (providers[provider].type === 'credentials') ? `${baseUrl}/callback/${provider}` : `${baseUrl}/signin/${provider}` + + if (authParams) { + signInUrl += `?${new URLSearchParams(authParams).toString()}` + } + // If is any other provider type, POST to provider URL with CSRF Token, // callback URL and any other parameters supplied. const fetchOptions = { diff --git a/src/server/lib/signin/oauth.js b/src/server/lib/signin/oauth.js index b97ef74261..f1083aa4de 100644 --- a/src/server/lib/signin/oauth.js +++ b/src/server/lib/signin/oauth.js @@ -2,12 +2,13 @@ import oAuthClient from '../oauth/client' import { createHash } from 'crypto' import logger from '../../../lib/logger' -export default (provider, csrfToken, callback) => { +export default (provider, csrfToken, callback, authParams) => { const { callbackUrl } = provider const client = oAuthClient(provider) if (provider.version && provider.version.startsWith('2.')) { // Handle oAuth v2.x let url = client.getAuthorizeUrl({ + ...authParams, redirect_uri: provider.callbackUrl, scope: provider.scope, // A hash of the NextAuth.js CSRF token is used as the state diff --git a/src/server/routes/signin.js b/src/server/routes/signin.js index c338233fd9..68fb3de610 100644 --- a/src/server/routes/signin.js +++ b/src/server/routes/signin.js @@ -23,6 +23,9 @@ export default async (req, res, options, done) => { } if (type === 'oauth' && req.method === 'POST') { + const authParams = { ...req.query } + delete authParams.nextauth // This is probably not intended to be sent to the provider, remove + oAuthSignin(provider, csrfToken, (error, oAuthSigninUrl) => { if (error) { logger.error('SIGNIN_OAUTH_ERROR', error) @@ -30,7 +33,7 @@ export default async (req, res, options, done) => { } return redirect(oAuthSigninUrl) - }) + }, authParams) } else if (type === 'email' && req.method === 'POST') { if (!adapter) { logger.error('EMAIL_REQUIRES_ADAPTER_ERROR')