feat(config): ✨ Added encodeRedirectUri parameter

itpropro · Jan 5, 2024 · 3d0a417 · 3d0a417
1 parent 4f166f5
commit 3d0a417
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -362,6 +362,7 @@ You can theoretically register a hook that overwrites internal session fields li
 | openIdConfiguration | `Record<string, unknown>` or `function (config) => Record<string, unknown>` (optional) | - | OpenID Configuration object or function promise that resolves to an OpenID Configuration object. |
 | validateAccessToken | `boolean` (optional) | `true` | Validate access token. |
 | validateIdToken | `boolean` (optional) | `true` | Validate id token. |
+| encodeRedirectUri | `boolean` (optional) | `false` | Encode redirect uri query parameter in authorization request. Only for compatibility with services that don't implement proper parsing of query parameters. |
 
 #### `session`
 

diff --git a/src/runtime/server/lib/oidc.ts b/src/runtime/server/lib/oidc.ts
@@ -54,7 +54,7 @@ export function loginEventHandler({ onError }: OAuthConfig<UserSession>) {
       ...config.scope && { scope: config.scope.join(' ') },
       ...config.responseMode && { response_mode: config.responseMode },
       ...config.redirectUri && { redirect_uri: config.redirectUri },
-      ...config.prompt && { redirect_uri: config.prompt.join(' ') },
+      ...config.prompt && { prompt: config.prompt.join(' ') },
       ...config.pkce && { code_challenge: await generatePkceCodeChallenge(session.data.codeVerifier), code_challenge_method: 'S256' },
       ...config.additionalAuthParameters && convertObjectToSnakeCase(config.additionalAuthParameters)
     }
@@ -71,7 +71,7 @@ export function loginEventHandler({ onError }: OAuthConfig<UserSession>) {
 
     return sendRedirect(
       event,
-      withQuery(config.authorizationUrl, query),
+      config.encodeRedirectUri ? withQuery(config.authorizationUrl, query ).replace(query.redirect_uri!, encodeURI(query.redirect_uri!)) : withQuery(config.authorizationUrl, query),
       200
     )
   })

diff --git a/src/runtime/types/oidc.ts b/src/runtime/types/oidc.ts
@@ -149,6 +149,11 @@ export interface OidcProviderConfig {
    * Space-delimited list of string values that specifies whether the authorization server prompts the user for reauthentication and consent
    */
   prompt?: Array<'none'> | Array<PossibleCombinations<'login' | 'consent' | 'select_account'>>
+    /**
+   * Encode redirect uri query parameter in authorization request. Only for compatibility with services that don't implement proper parsing of query parameters.
+   * @default false
+   */
+  encodeRedirectUri?: boolean
 }
 
 export interface AuthSession {