Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

An error occurred while defining scope when redirecting a user #155

Open
ryan08100715 opened this issue Nov 3, 2024 · 0 comments
Open

An error occurred while defining scope when redirecting a user #155

ryan08100715 opened this issue Nov 3, 2024 · 0 comments

Comments

@ryan08100715
Copy link

Package version

5.0.2

Describe the bug

When using request.scopes() or request.mergeScopes(), even if Scopes is not defined in the config/ally.ts file, the wrong URL will be generated.

The following code will generate the wrong URL: There will be 2 scope keys on the querystring and cause errors on some platforms.

router.get('/auth/google', async ({ ally }) => {
  return ally.use('google').redirect((request) => {
    request.scopes(['userinfo.email'])
  })
})

Cause of the problem

In driver implementation, default configuration will be performed through configureRedirectRequest. At this time, the package @poppinss/oauth-client will add scope to the URL.

export class GoogleDriver extends Oauth2Driver<GoogleToken, GoogleScopes> {
  ...
  
  protected configureRedirectRequest(request: RedirectRequestContract<GoogleScopes>) {
      ...
  
      /**
       * Define user defined scopes or the default one's
       */
      request.scopes(this.config.scopes || ['openid', 'userinfo.email', 'userinfo.profile'])
  
     ...
  }

  ...
}

So when using the following code:

router.get('/auth/google', async ({ ally }) => {
  return ally.use('google').redirect((request) => {
    request.scopes(['userinfo.email'])
  })
})

will generate a URL similar to:
https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=...&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&response_type=code&state=...&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fforms.currentonly
You can see that 2 scope are included, which will cause errors on some platforms, such as Google.
google_error

Solution

Method 1: Explicitly add request.clearScopes() in the Defining scopes section of the document.

ally
  .use('github')
  .redirect((request) => {
    request.clearScopes()
    request.scopes(['read:user', 'repo:invite'])
  })

Method 2: Fix the scopes() and mergeScopes() methods of the redirect_request.ts file and call this.clearScopes() before this.param().

export class RedirectRequest<Scopes extends string> extends UrlBuilder {
  ...

  /**
   * Define an array of scopes.
   */
  scopes(scopes: LiteralStringUnion<Scopes>[]): this {
    if (typeof this.#scopesTransformer === 'function') {
      scopes = this.#scopesTransformer(scopes)
    }

    this.clearScopes() // add this
    this.param(this.#scopeParamName, scopes.join(this.#scopeSeparator))
    return this
  }

  /**
   * Merge to existing scopes
   */
  mergeScopes(scopes: LiteralStringUnion<Scopes>[]): this {
    if (typeof this.#scopesTransformer === 'function') {
      scopes = this.#scopesTransformer(scopes)
    }

    const existingScopes = this.getParams()[this.#scopeParamName]
    const scopesString = scopes.join(this.#scopeSeparator)

    if (!existingScopes) {
      this.param(this.#scopeParamName, scopesString)
      return this
    }

    this.clearScopes() // add this
    this.param(this.#scopeParamName, `${existingScopes}${this.#scopeSeparator}${scopesString}`)
    return this
  }
  
  ...
}

Reproduction repo

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ryan08100715