AUTH SDK: Broken OIDC Adapter for Auth

[TheKnightCoder]

The OIDC adapter in the sdk has a bug

sdk/js/src/auth/adapter/oidc.ts line 24 the /authorize endpoint doesn't account for query parameters when defining the callback url

const callback = c.req.url.replace(/authorize$/, "callback");

should be something along the lines of

const callback = c.req.url.split("?")[0].replace(/authorize$/, "callback");

to remove the query string paramers

[TheKnightCoder]

fixed in pr #191

[TheUncharted]

I found another bug it's related to what i spotted before if you use a router for example with cloudfront for a custom domain name abc.com

Cloudfront will forward the request to the lambda and put the origin instead of the custom domain name : xxxxxxx.lambda-url.eu-west-1.on.aws

Then the call will be on :

https://xxxxxxx.lambda-url.eu-west-1.on.aws/google/authorize?client_id=local&redirect_uri=http%3A%2F%2Flocalhost%3A3000&response_type=token&provider=google'

Then the OIDC adapter will extract the callback url https://xxxxxxx.lambda-url.eu-west-1.on.aws/google/callback and the the cookies will be set with the domain xxxxxxx.lambda-url.eu-west-1.on.aws, the browser won't accept the cookies since its does not come from the custom domain

and the retrieving of auth_state variable in the cookies will fail in the callback

I tested by hardcoding the callback url with my custom domain and it worked.

In SST2 we had this code, but it's not here anymore in Ion const callback = "https://" + useDomainName() + "/callback";

I don't see any information for the custom domain name from hono request

Maybe we could pass the domain in the config object ? if it's present replace it in the url ?

[jayair]

@TheUncharted open a new issue maybe?