Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apple OAuth2 example doesn't work #248

Open
2 tasks done
fatihpense opened this issue Feb 16, 2024 · 5 comments
Open
2 tasks done

Apple OAuth2 example doesn't work #248

fatihpense opened this issue Feb 16, 2024 · 5 comments

Comments

@fatihpense
Copy link

Prerequisites

  • I have written a descriptive issue title
  • I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.26.1

Plugin version

7.8.0

Node.js version

v20.6.1

Operating system

Windows

Operating system version (i.e. 20.04, 11.3, 10)

10

Description

I created the issue, so that it clarifies the issue or helps other people.

I had to make changes to make the example work. examples/apple.js

Explicitly setting scope to empty (otherwise undefined error) scope: [], //'name', 'email' , when I set scope apple returns POST form-urlencoded. That is documented in the example and Github issues. It might be nice to provide an example for that case as well.

const { code, state, error, user } = request.query instead of request.body

Wher does Error.CancelledAuth comes from? It is undefined so it has wrong logic when error is also undefined.

The part I didn't understand:
request.cookies['oauth2-redirect-state'] this is empty, however the cookie is set in browser dev tools.

Readme states, "Since v7.2.0, @fastify/oauth2 requires the use of cookies to securely implement the OAuth2 exchange." It is after this example is updated on the repo.

Steps to Reproduce

Create a new project npm init fastify and try examples/apple.js example

Expected Behavior

No response
@mcollina
Copy link
Member

I've no good experience on implementing Apple login. So, I can't really help much.

A PR to fix the example would be amazing.

@fatihpense
Copy link
Author

Hi @mcollina, thanks for the reply. Do you have any idea why oauth2-redirect-state cookie is empty?

Plugin checks this at

fastify-oauth2/index.js

Line 26 in f9c4a5c

function defaultCheckStateFunction (request, callback) {
when I'm using getAccessTokenFromAuthorizationCodeFlow function

If I can fix it, I can contribute a clean PR.

Regards,
Fatih

@mcollina
Copy link
Member

A cookie is empty if it's not set or the origin is different. In this case 127.0.0.0 and localhost are not equivalent.

How do you access the server?

@fatihpense
Copy link
Author

There is frontend server vite proxying from dev.example.com:3001 to fastify localhost:3000. When I check the cookies from devtools->Application it is there. Since it is stuck on /login/apple/callback GET route, I would assume it is there. Any ideas to check/debug, or to give more information to you?

@nodecook-dev
Copy link

fastify-oauth2/examples/apple.js

Line 44 in f9c4a5c

fastify.get('/login/apple/callback', function (request, reply) {

Here maybe post

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mcollina @fatihpense @nodecook-dev