From 3d0a417c6d7e43f70c239b24f917530a5fb9b5bf Mon Sep 17 00:00:00 2001
From: Jan-Henrik Damaschke <jdamaschke@visorian.com>
Date: Fri, 5 Jan 2024 19:28:23 +0100
Subject: [PATCH] feat(config): :sparkles:  Added encodeRedirectUri parameter

---
 README.md                      | 1 +
 src/runtime/server/lib/oidc.ts | 4 ++--
 src/runtime/types/oidc.ts      | 5 +++++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index d5baebf..f36b71b 100644
--- a/README.md
+++ b/README.md
@@ -362,6 +362,7 @@ You can theoretically register a hook that overwrites internal session fields li
 | openIdConfiguration | `Record<string, unknown>` or `function (config) => Record<string, unknown>` (optional) | - | OpenID Configuration object or function promise that resolves to an OpenID Configuration object. |
 | validateAccessToken | `boolean` (optional) | `true` | Validate access token. |
 | validateIdToken | `boolean` (optional) | `true` | Validate id token. |
+| encodeRedirectUri | `boolean` (optional) | `false` | Encode redirect uri query parameter in authorization request. Only for compatibility with services that don't implement proper parsing of query parameters. |
 
 #### `session`
 
diff --git a/src/runtime/server/lib/oidc.ts b/src/runtime/server/lib/oidc.ts
index a8ca06e..7d3ca0f 100644
--- a/src/runtime/server/lib/oidc.ts
+++ b/src/runtime/server/lib/oidc.ts
@@ -54,7 +54,7 @@ export function loginEventHandler({ onError }: OAuthConfig<UserSession>) {
       ...config.scope && { scope: config.scope.join(' ') },
       ...config.responseMode && { response_mode: config.responseMode },
       ...config.redirectUri && { redirect_uri: config.redirectUri },
-      ...config.prompt && { redirect_uri: config.prompt.join(' ') },
+      ...config.prompt && { prompt: config.prompt.join(' ') },
       ...config.pkce && { code_challenge: await generatePkceCodeChallenge(session.data.codeVerifier), code_challenge_method: 'S256' },
       ...config.additionalAuthParameters && convertObjectToSnakeCase(config.additionalAuthParameters)
     }
@@ -71,7 +71,7 @@ export function loginEventHandler({ onError }: OAuthConfig<UserSession>) {
 
     return sendRedirect(
       event,
-      withQuery(config.authorizationUrl, query),
+      config.encodeRedirectUri ? withQuery(config.authorizationUrl, query ).replace(query.redirect_uri!, encodeURI(query.redirect_uri!)) : withQuery(config.authorizationUrl, query),
       200
     )
   })
diff --git a/src/runtime/types/oidc.ts b/src/runtime/types/oidc.ts
index 2294c24..02eaf98 100644
--- a/src/runtime/types/oidc.ts
+++ b/src/runtime/types/oidc.ts
@@ -149,6 +149,11 @@ export interface OidcProviderConfig {
    * Space-delimited list of string values that specifies whether the authorization server prompts the user for reauthentication and consent
    */
   prompt?: Array<'none'> | Array<PossibleCombinations<'login' | 'consent' | 'select_account'>>
+    /**
+   * Encode redirect uri query parameter in authorization request. Only for compatibility with services that don't implement proper parsing of query parameters.
+   * @default false
+   */
+  encodeRedirectUri?: boolean
 }
 
 export interface AuthSession {