fix(plugin): 🐛 Don't incorrectly call errorSearchParams before initialization in callback

2025-12-06 08:28:19 +01:00 · 2024-10-11 17:23:51 +02:00 · 2024-10-11 17:23:51 +02:00 · d000914f61
parent a265e9df41
commit d000914f61
2 changed files with 22 additions and 13 deletions
--- a/plugins/openid/routes/oauth/callback.ts
+++ b/plugins/openid/routes/oauth/callback.ts
@ -91,7 +91,19 @@ export default (plugin: PluginType) => {
                    flowId,
                    currentUrl,
                    redirectUrl,
-                    (error, message) => {
+                    (error, message, flow) => {
+                        const errorSearchParams = new URLSearchParams(
+                            Object.entries({
+                                redirect_uri: flow?.application?.redirectUri,
+                                client_id: flow?.application?.clientId,
+                                response_type: "code",
+                                scope: flow?.application?.scopes,
+                            }).filter(([_, value]) => value !== undefined) as [
+                                string,
+                                string,
+                            ][],
+                        );
+
                        errorSearchParams.append("error", error);
                        errorSearchParams.append("error_description", message);

--- a/plugins/openid/utils.ts
+++ b/plugins/openid/utils.ts
@ -1,4 +1,6 @@
 import { db } from "@versia/kit/db";
+import type { InferSelectModel } from "@versia/kit/drizzle";
+import type { Applications, OpenIdLoginFlows } from "@versia/kit/tables";
 import {
    type AuthorizationResponseError,
    type AuthorizationServer,
@ -15,7 +17,6 @@ import {
    userInfoRequest,
    validateAuthResponse,
 } from "oauth4webapi";
-import type { Application } from "~/classes/functions/application";

 export const oauthDiscoveryRequest = (
    issuerUrl: string | URL,
@ -131,7 +132,11 @@ export const automaticOidcFlow = async (
    errorFn: (
        error: string,
        message: string,
-        app: Application | null,
+        flow:
+            | (InferSelectModel<typeof OpenIdLoginFlows> & {
+                  application?: InferSelectModel<typeof Applications> | null;
+              })
+            | null,
    ) => Response,
 ) => {
    const flow = await getFlow(flowId);
@ -171,11 +176,7 @@ export const automaticOidcFlow = async (
        const claims = getValidatedIdTokenClaims(result);

        if (!claims) {
-            return errorFn(
-                "invalid_request",
-                "Invalid claims",
-                flow.application,
-            );
+            return errorFn("invalid_request", "Invalid claims", flow);
        }

        const { sub } = claims;
@ -196,10 +197,6 @@ export const automaticOidcFlow = async (
        };
    } catch (e) {
        const error = e as ResponseBodyError | AuthorizationResponseError;
-        return errorFn(
-            error.error,
-            error.error_description || "",
-            flow.application,
-        );
+        return errorFn(error.error, error.error_description || "", flow);
    }
 };