oauth ignores redirect url on error - Githubissues

feathersjs / feathers

The API and real-time application framework

https://feathersjs.com

MIT License

14.97k stars 744 forks source link

oauth ignores redirect url on error #3292

Closed thiemogries closed 9 months ago

thiemogries commented 9 months ago

I think #3284 introduced a new bug where oauth.origins / oauth.redirect is ignored for failed authentication requests.

Steps to reproduce

setup github oauth process
during the authorization step on https://github.com/login/oauth/authorize?... press Cancel instead of Authorize

Expected behavior

I should get redirected to the oauth.redirect url (with the error message)

Actual behavior

I stay on the feathers url and see the plain JSON error instead

Moving the error check inside the try ... catch block fixes it for me but I don't know if this reintroduces some problems from #3275 #3266 #3276

@feathersjs/authentication-oauth/src/service.ts

    try { 
      if (payload.error) {
        throw new OAuthError(payload.error_description || payload.error, payload)
      }
      debug(`Calling ${authService}.create authentication with strategy ${name}`)
      ...
    } catch (error: any) {
      const location = await strategy.getRedirect(error, authParams)
      ...
    }

daffl commented 9 months ago

You are totally right. I was so sure I had it in the block where it is supposed to be. Will be fixed in the next release via #3297