fix: replace .flat() to support Node <11 again (#1684)

nextauthjs · Apr 11, 2021 · 872e180 · 872e180 · vercel · Apr 11, 2021
1 parent a7709df
commit 872e180
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 4 deletions.
diff --git a/src/server/index.js b/src/server/index.js
@@ -79,6 +79,10 @@ async function NextAuthHandler (req, res, userOptions) {
       provider.protection = 'state' // Default to state, as we did in 3.1 REVIEW: should we use "pkce" or "none" as default?
     }
 
+    if (typeof provider.protection === 'string') {
+      provider.protection = [provider.protection]
+    }
+
     const maxAge = 30 * 24 * 60 * 60 // Sessions expire after 30 days of being idle
 
     // Parse database / adapter

diff --git a/src/server/lib/oauth/client.js b/src/server/lib/oauth/client.js
@@ -136,7 +136,7 @@ async function getOAuth2AccessToken (code, provider, codeVerifier) {
     headers.Authorization = `Bearer ${code}`
   }
 
-  if ([provider.protection].flat().includes('pkce')) {
+  if (provider.protection.includes('pkce')) {
     params.code_verifier = codeVerifier
   }
 

diff --git a/src/server/lib/oauth/pkce-handler.js b/src/server/lib/oauth/pkce-handler.js
@@ -16,7 +16,7 @@ const PKCE_MAX_AGE = 60 * 15 // 15 minutes in seconds
 export async function handleCallback (req, res) {
   const { cookies, provider, baseUrl, basePath } = req.options
   try {
-    if (![provider.protection].flat().includes('pkce')) { // Provider does not support PKCE, nothing to do.
+    if (!provider.protection.includes('pkce')) { // Provider does not support PKCE, nothing to do.
       return
     }
 
@@ -50,7 +50,7 @@ export async function handleCallback (req, res) {
 export async function handleSignin (req, res) {
   const { cookies, provider, baseUrl, basePath } = req.options
   try {
-    if (![provider.protection].flat().includes('pkce')) { // Provider does not support PKCE, nothing to do.
+    if (!provider.protection.includes('pkce')) { // Provider does not support PKCE, nothing to do.
       return
     }
     // Started login flow, add generated pkce to req.options and (encrypted) code_verifier to a cookie

diff --git a/src/server/lib/oauth/state-handler.js b/src/server/lib/oauth/state-handler.js
@@ -12,7 +12,7 @@ import { OAuthCallbackError } from '../../../lib/errors'
 export async function handleCallback (req, res) {
   const { csrfToken, provider, baseUrl, basePath } = req.options
   try {
-    if (![provider.protection].flat().includes('state')) { // Provider does not support state, nothing to do.
+    if (!provider.protection.includes('state')) { // Provider does not support state, nothing to do.
       return
     }