fix: 🛂 Don't remove iss from current URL

2026-01-26 12:16:01 +01:00 · 2024-06-10 16:11:42 -10:00 · 2024-06-10 16:11:42 -10:00 · 876b0dcde8
parent 5a7b3d0f25
commit 876b0dcde8
1 changed files with 4 additions and 2 deletions
--- a/server/api/oauth/sso/:issuer/callback/index.ts
+++ b/server/api/oauth/sso/:issuer/callback/index.ts
@ -69,11 +69,13 @@ export default (app: Hono) =>
        zValidator("param", schemas.param, handleZodError),
        async (context) => {
            const currentUrl = new URL(context.req.url);
+            const redirectUrl = new URL(context.req.url);

            // Remove state query parameter from URL
            currentUrl.searchParams.delete("state");
+            redirectUrl.searchParams.delete("state");
            // Remove issuer query parameter from URL (can cause redirect URI mismatches)
-            currentUrl.searchParams.delete("iss");
+            redirectUrl.searchParams.delete("iss");
            const { issuer: issuerParam } = context.req.valid("param");
            const { flow: flowId, user_id, link } = context.req.valid("query");

@ -82,7 +84,7 @@ export default (app: Hono) =>
            const userInfo = await manager.automaticOidcFlow(
                flowId,
                currentUrl,
-                currentUrl,
+                redirectUrl,
                (error, message, app) =>
                    returnError(
                        {