oauth getRedirectResult should only remove magic/oauth-related keys from url search params

[rhyek]

✅ Prerequisites

• [x] Did you perform a cursory search of open issues? Is this feature already requested elsewhere?
• [x] Are you reporting to the correct repository (magic-sdk)?

✨ Feature Request

Looking at https://github.com/magiclabs/magic-js/blob/3d5e207a5754b920b446cd42e9858bda6357ecae/packages/%40magic-ext/oauth/src/index.ts#L40

I see that the sdk is removing the whole query string which I understand is meant for security reasons. Our issue is we are developing a feature similar to a referral system, where we need some custom keys in the link for it to function.

Would it be possible to only remove the oauth related keys? I believe they would be 'state', 'scope', 'magic_oauth_request_id', 'magic_credential'.

[am-hernandez]

Hi @rhyek ,

Thanks for this issue submission!

You can actually grab those parameters from the URL before calling getRedirectResult(). This way you can store the info needed, like your referral info, and then call getRedirectResult() which will clear the params entirely.

Example login call:

await magic.oauth.loginWithRedirect({
    provider,
    redirectURI: new URL(`/callback?referral=${generateRandomKey(9)}`, window.location.origin).href,
});

On your callback (redirectURL) page/component you can do the following in your useEffect or on page load:

const referralID = new URLSearchParams(props.location.search).get("referral");

// do something with the info from the URL like save to your DB
console.log("referral ID: ", referralID);

// now you can finish the social login flow
await magic.oauth.getRedirectResult();

---

tl;dr

Grab the needed info from the URL before calling getRedirectResult().