Certain MiAuth endpoints are misbehaving.

[Kio-td]

💡 Summary

Looking like the authentication flow that I've created for MiAuth to oAuth has broken - returning undefined in areas that it should not return undefined for.

This is the API that I run on the backend - which acts as a wrapper and provides a non-compliant oAuth layer to MiAuth, so that it runs "properly". https://auth.catfolk.shop/authorize/kitsunes.club?client_id=e659afd5-fe1d-41de-989a-76eef64a9ca6

🥰 Expected Behavior

Using the aforementioned api should bring you strictly to a page that says "success, use token in /token".

🤬 Actual Behavior

The callback messes up the callback link - changing it to "https://auth.catfolk.shop/callback/undefined?code=(nah)&state=undefined". Undefined should not be there, in neither spot.

it should be /callback/kitsunes.club?code=x&state=x .

📝 Steps to Reproduce

No response

💻 Frontend Environment

* Model and OS of the device(s):
* Browser:
* Server URL:
* Misskey:

🛰 Backend Environment (for server admin)

* Installation Method or Hosting Service: Docker
* Misskey:
* Node:
* PostgreSQL:
* Redis:
* OS and Architecture:

[Mar0xy]

Mastodon's oAuth never worked for repeated use it only ever worked for logging in once and staying logged in with the same token

What MiAuth does idk I never touched it

[Mar0xy]

I am also not really able to debug this as I have nothing to test those endpoints with and using auth.catfolk.shop obv doesn't work cause of a whitelist as I would need to be able to use dev.joinsharkey.org to test it

[Kio-td]

Source code I'll add dev in soon.

[Kio-td]

dev.joinsharkey.org is now whitelisted. use https://auth.catfolk.shop/authorize/dev.joinsharkey.org?client_id=e659afd5-fe1d-41de-989a-76eef64a9ca6 as part of testing.

[Mar0xy]

It seems like the url and session get set correctly yet it seems to go to /callback/undefined this might be related to the way it resolves URLs I will check in a bit

[Mar0xy]

Turns out it is a bug on your code's end I just tried pasting the url it returns which is correct and it redirect to /callback/undefined

[Kio-td]

From what I understand, this is user-error. However, a point of note. For the /token endpoint I should not need to tell that I am speaking to it in JSON, since I am offering no body content whatsoever.

[Mar0xy]

As already stated in discord this is intended behavior on post, put, delete requests as the server normally expects the client to provide a body/content-type as per Mozilla Docs also depending on library usage sending a post body of {} for example would set the content-type header and since Misskey mainly uses JSON post requests they decided to limit it to JSON only (as this is also the default for the Fastify module without adding any custom parsing code for other types)