Open Benzolio opened 1 year ago
I'm using a dirty hack to workaround this so i can get on with migrating the rest of this project. I really don't recommend this because it will just get overwritten by any package manager that updates oauth4webapi
that I'm a. But, it does show that this is because of Twitch using a non standard representation for scope, as an array, instead of the expected string.
I modified my locally cached node_modules/oauth4webapi/build/index.js to include:
if (json.scope !== undefined && Array.isArray(json.scope) {
console.warn("Detected array typed scope, attempting to stringify.");
json.scope = json.scope.join(" ");
}
...on line 916, which is just before where it checks that the type of scope conforms with spec. With this hack in place, I can log in with Twitch, and I get my name, email, and profile image in the session.
I'm not sure how the response is getting that far since the Twitch implementation in @auth/core
has a conform function that already joins array typed scopes into strings, and I would expect that to be used. Is there anything about the way auth-astro
talks to @auth/core
that would bypass the type checking of providers? maybe since astro.config.mjs
is not typescript the TwitchProvider type isn't being detected and something ends up treating the response from Twitch as a generic conforming provider without applying the special confirm function or something?
I'm working on refactoring a project to use Astro, and
auth-astro
seems like a great way to handle authentication, but I'm having trouble getting it to work with the Twitch provider from@auth/core
. Everything builds and sign in with GitHub works correctly showing my GitHub username in the session. I'm failry sure I have the clientId and clientSectret set up properly since the twitch authentication process does recognize that I've authenticated and it shows up in my connections on my twitch account, but when returning from id.twitch.tv to the callbackURLhttp://localhost:3000/api/auth/callback/twitch
after authorizing my app, I get redirected to:http://localhost:3000/api/auth/error?error=CallbackRouteError
which shows "Error localhost:3000 in the browser", and I get the following error in the node console from Astro:Astro doesn't retain a session from that login attempt, and just returns null for
await getSession(Astro.request)
where using the GitHub provider to log in gives me name, email, etc in the session as expected.I have tested with the same twitch client id and secret using SvelteKitAuth @auth/sveltekit also using @auth/core/providers/twitch in a separate project and authenticated there successfully. Since that also uses
@auth/core
, I'm hoping there is just some minor tweak I'm missing.My astro.config.mjs:
I've tried with standalone instead of middleware for the node adapter mode, and it there is no difference in the resulting behavior when running
astro dev
(although I do need eventually middleware mode since this is going to be built and imported to another project serving with express and used just as part of a site.)index.astro for testing:
Is there something missing in auth-astro integration regarding the handling of the response body from the oidc/oauth process when the scope is returned? Any idea what I'm missing here?