payload-plugin-oauth icon indicating copy to clipboard operation
payload-plugin-oauth copied to clipboard
verified publisher icon thgh

Add support for OAuth 2.0 State

Open dominik-kropp opened this issue 1 year ago • 3 comments

Currently, adding state: true to the plugin options does not work and produces an error, even though the underlying passport strategy supports it.

This change makes it work.

dominik-kropp avatar Aug 01 '24 12:08 dominik-kropp

Could you add a test for this? Around this line: https://github.com/thgh/payload-plugin-oauth/blob/7f4f70c75e5d8bdd54e97e352902ddf6240c1c5c/test/integration.test.ts#L21

thgh avatar Aug 04 '24 21:08 thgh

Not that trivial unfortunately. To test the authorize callback, the first call should go to the payload authorize API (not the oauth provider API) which then redirects to the OAuth provider and which should have the state parameter. For that to work, the callbackURL needs to be passed as a config option or the redirect_uri is not generated. And for that, the port needs to be known to the app -- not sure how to get that information when instantiating the payload server.

dominik-kropp avatar Aug 09 '24 20:08 dominik-kropp

Those should be in order already:

Payload url is this: https://github.com/thgh/payload-plugin-oauth/blob/7f4f70c75e5d8bdd54e97e352902ddf6240c1c5c/test/integration.test.ts#L12

oAuth authorize url is here: https://github.com/thgh/payload-plugin-oauth/blob/7f4f70c75e5d8bdd54e97e352902ddf6240c1c5c/test/integration.test.ts#L79

thgh avatar Aug 10 '24 13:08 thgh