Skip to content

feat(adapter-nextjs): support dynamic redirect after sign-in using redirectTo query param #14779

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
TiwariLokesh wants to merge 1 commit into
base: main
Choose a base branch
from
+25 −23
Open

feat(adapter-nextjs): support dynamic redirect after sign-in using redirectTo query param #14779

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 11 additions & 10 deletions packages/adapter-nextjs/src/auth/handlers/handleSignInCallbackRequest.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ export const handleSignInCallbackRequest: HandleSignInCallbackRequest = async ({
const { [PKCE_COOKIE_NAME]: clientPkce, [STATE_COOKIE_NAME]: clientState } =
getCookieValuesFromRequest(request, [PKCE_COOKIE_NAME, STATE_COOKIE_NAME]);

// The state and pkce cookies are removed from cookie store after 5 minutes
if (!clientState || !clientPkce) {
const searchParamsString = createErrorSearchParamsString({
error: SIGN_IN_TIMEOUT_ERROR_CODE,
Expand All @@ -72,7 +71,6 @@ export const handleSignInCallbackRequest: HandleSignInCallbackRequest = async ({
});
}

// Most likely the cookie has been tampered
if (clientState !== state) {
return new Response(null, { status: 400 });
}
Expand Down Expand Up @@ -104,18 +102,21 @@ export const handleSignInCallbackRequest: HandleSignInCallbackRequest = async ({
createAuthFlowProofCookiesRemoveOptions(setCookieOptions),
);

// When Cognito redirects back to `/sign-in-callback`, the referer is Cognito
// endpoint. If redirect end user to `redirectOnSignInComplete` from this point,
// the referer remains the same.
// When authN token cookies set as `sameSite: 'strict'`, this may cause the
// authN tokens cookies set with the redirect response not to be sent to the
// server. Hence, sending a html page with status 200 to the client, and perform
// the redirection on the client side.
const url = new URL(request.url);
const redirectToParam = url.searchParams.get('redirectTo');

const safeRedirectTo =
redirectToParam && redirectToParam.startsWith('/') ? redirectToParam : null;

const finalRedirect =
safeRedirectTo ??
getRedirectOrDefault(handlerInput.redirectOnSignInComplete);

headers.set('Content-Type', 'text/html');

return new Response(
createRedirectionIntermediary({
redirectTo: getRedirectOrDefault(handlerInput.redirectOnSignInComplete),
redirectTo: finalRedirect,
}),
{
status: 200,
Expand Down
25 changes: 13 additions & 12 deletions packages/adapter-nextjs/src/auth/handlers/handleSignInCallbackRequestForPagesRouter.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,6 @@ export const handleSignInCallbackRequestForPagesRouter: HandleSignInCallbackRequ
STATE_COOKIE_NAME,
]);

// The state and pkce cookies are removed from cookie store after 5 minutes
if (!clientState || !clientPkce) {
const searchParamsString = createErrorSearchParamsString({
error: SIGN_IN_TIMEOUT_ERROR_CODE,
Expand All @@ -77,7 +76,6 @@ export const handleSignInCallbackRequestForPagesRouter: HandleSignInCallbackRequ
return;
}

// Most likely the cookie has been tampered
if (clientState !== state) {
response.status(400).end();

Expand Down Expand Up @@ -112,21 +110,24 @@ export const handleSignInCallbackRequestForPagesRouter: HandleSignInCallbackRequ
createAuthFlowProofCookiesRemoveOptions(setCookieOptions),
);

// When Cognito redirects back to `/sign-in-callback`, the referer is Cognito
// endpoint. If redirect end user to `redirectOnSignInComplete` from this point,
// the referer remains the same.
// When authN token cookies set as `sameSite: 'strict'`, this may cause the
// authN tokens cookies set with the redirect response not to be sent to the
// server. Hence, sending a html page with status 200 to the client, and perform
// the redirection on the client side.
const url = new URL(request.url!);
const redirectToParam = url.searchParams.get('redirectTo');

const safeRedirectTo =
redirectToParam && redirectToParam.startsWith('/')
? redirectToParam
: null;

const finalRedirect =
safeRedirectTo ??
getRedirectOrDefault(handlerInput.redirectOnSignInComplete);

response
.appendHeader('Content-Type', 'text/html')
.status(200)
.send(
createRedirectionIntermediary({
redirectTo: getRedirectOrDefault(
handlerInput.redirectOnSignInComplete,
),
redirectTo: finalRedirect,
}),
);
};
2 changes: 1 addition & 1 deletion packages/core/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"build": "npm run clean && npm run generate-version && npm run build:esm-cjs && npm run build:umd",
"generate-version": "genversion src/Platform/version.ts --es6 --semi --source ../aws-amplify",
"clean": "npm run clean:size && rimraf dist lib lib-esm",
"clean:size": "rimraf dual-publish-tmp tmp*",
"clean:size": "rimraf dual-publish-tmp tmp",
"format": "echo \"Not implemented\"",
"lint": "eslint '**/*.{ts,tsx}' && npm run ts-coverage",
"lint:fix": "eslint '**/*.{ts,tsx}' --fix",
Expand Down