feat: make the issuer overrideable + fix new status

supertokens · Sep 28, 2024 · 41df730 · 41df730
1 parent 8321e65
commit 41df730
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 4 deletions.
diff --git a/lib/build/recipe/oauth2provider/recipeImplementation.js b/lib/build/recipe/oauth2provider/recipeImplementation.js
@@ -173,7 +173,7 @@ function getRecipeInterface(
                     handledAt: input.handledAt,
                     remember: input.remember,
                     rememberFor: input.rememberFor,
-                    iss: appInfo.apiDomain.getAsStringDangerous() + appInfo.apiBasePath.getAsStringDangerous(),
+                    iss: await this.getIssuer({ userContext: input.userContext }),
                     tId: input.tenantId,
                     rsub: input.rsub,
                     sessionHandle: input.sessionHandle,
@@ -282,6 +282,13 @@ function getRecipeInterface(
                 },
                 input.userContext
             );
+            if (resp.status !== "CLIENT_NOT_FOUND_ERROR") {
+                return {
+                    statusCode: 400,
+                    error: "invalid_request",
+                    errorDescription: "The provided client_id is not valid",
+                };
+            }
             if (resp.status !== "OK") {
                 return {
                     statusCode: resp.statusCode,
@@ -324,7 +331,7 @@ function getRecipeInterface(
                 inputBody: input.body,
                 authorizationHeader: input.authorizationHeader,
             };
-            body.iss = appInfo.apiDomain.getAsStringDangerous() + appInfo.apiBasePath.getAsStringDangerous();
+            body.iss = await this.getIssuer({ userContext: input.userContext });
             if (input.body.grant_type === "password") {
                 return {
                     statusCode: 400,
@@ -797,6 +804,9 @@ function getRecipeInterface(
             }
             return { status: "OK" };
         },
+        getIssuer: async function () {
+            return appInfo.apiDomain.getAsStringDangerous() + appInfo.apiBasePath.getAsStringDangerous();
+        },
     };
 }
 exports.default = getRecipeInterface;
diff --git a/lib/build/recipe/oauth2provider/types.d.ts b/lib/build/recipe/oauth2provider/types.d.ts
@@ -359,6 +359,7 @@ export declare type RecipeInterface = {
     }): Promise<{
         status: "OK";
     }>;
+    getIssuer(input: { userContext: UserContext }): Promise<string>;
 };
 export declare type APIInterface = {
     loginGET:

diff --git a/lib/ts/recipe/oauth2provider/recipeImplementation.ts b/lib/ts/recipe/oauth2provider/recipeImplementation.ts
@@ -151,7 +151,7 @@ export default function getRecipeInterface(
                     handledAt: input.handledAt,
                     remember: input.remember,
                     rememberFor: input.rememberFor,
-                    iss: appInfo.apiDomain.getAsStringDangerous() + appInfo.apiBasePath.getAsStringDangerous(),
+                    iss: await this.getIssuer({ userContext: input.userContext }),
                     tId: input.tenantId,
                     rsub: input.rsub,
                     sessionHandle: input.sessionHandle,
@@ -271,6 +271,14 @@ export default function getRecipeInterface(
                 input.userContext
             );
 
+            if (resp.status !== "CLIENT_NOT_FOUND_ERROR") {
+                return {
+                    statusCode: 400,
+                    error: "invalid_request",
+                    errorDescription: "The provided client_id is not valid",
+                };
+            }
+
             if (resp.status !== "OK") {
                 return {
                     statusCode: resp.statusCode,
@@ -317,7 +325,7 @@ export default function getRecipeInterface(
                 authorizationHeader: input.authorizationHeader,
             };
 
-            body.iss = appInfo.apiDomain.getAsStringDangerous() + appInfo.apiBasePath.getAsStringDangerous();
+            body.iss = await this.getIssuer({ userContext: input.userContext });
 
             if (input.body.grant_type === "password") {
                 return {
@@ -814,5 +822,8 @@ export default function getRecipeInterface(
 
             return { status: "OK" };
         },
+        getIssuer: async function () {
+            return appInfo.apiDomain.getAsStringDangerous() + appInfo.apiBasePath.getAsStringDangerous();
+        },
     };
 }
diff --git a/lib/ts/recipe/oauth2provider/types.ts b/lib/ts/recipe/oauth2provider/types.ts
@@ -429,6 +429,7 @@ export type RecipeInterface = {
     }): Promise<{ redirectTo: string } | ErrorOAuth2>;
     acceptLogoutRequest(input: { challenge: string; userContext: UserContext }): Promise<{ redirectTo: string }>;
     rejectLogoutRequest(input: { challenge: string; userContext: UserContext }): Promise<{ status: "OK" }>;
+    getIssuer(input: { userContext: UserContext }): Promise<string>;
 };
 
 export type APIInterface = {