[BUG] Auth : oidc and oauth adapters don't manage custom domain

[TheUncharted]

I found a bug it's related to what i spotted before if you use a router for example with cloudfront for a custom domain name abc.com

Cloudfront will forward the request to the lambda and put the origin instead of the custom domain name : xxxxxxx.lambda-url.eu-west-1.on.aws

Then the call will be on :

https://xxxxxxx.lambda-url.eu-west-1.on.aws/google/authorize?client_id=local&redirect_uri=http%3A%2F%2Flocalhost%3A3000&response_type=token&provider=google'

Then the OIDC adapter will extract the callback url https://xxxxxxx.lambda-url.eu-west-1.on.aws/google/callback and the the cookies will be set with the domain xxxxxxx.lambda-url.eu-west-1.on.aws, the browser won't accept the cookies since its does not come from the custom domain

and the retrieving of auth_state variable in the cookies will fail in the callback

I tested by hardcoding the callback url with my custom domain and it worked.

In SST2 we had this code, but it's not here anymore in Ion const callback = "https://" + useDomainName() + "/callback";

I don't see any information for the custom domain name from hono request

As a temporary solution, maybe we could pass the custom domain in the config object ? if it's present replace it in the url ?

In SST2 cookies are generated

In Ion cookies are blocked

[bchilcott]

I'm getting this too - if I start my OIDC flow by navigating to https://auth.my-app.com/google/authorize plus the query params, the provider will try to redirect back to the raw lambda url instead of https://auth.my-app.com/google/callback.

This seems pretty critical if it entirely prevents auth from working with custom domains

[jayair]

We haven't had a chance to work on finishing up auth yet. We'll get to it soon.

[thdxr]

this is fixed in v0.0.390 - sst.auth.Router was not setting x-forwarded-for headers