Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(core): adjust userinfo endpoint validation on oauth callback #12669

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(core): adjust userinfo endpoint validation on oauth callback #12669

wants to merge 1 commit into from
+1 −1

Conversation

matusca96
Copy link

@matusca96 matusca96 commented Feb 18, 2025
edited
Loading

☕️ Reasoning

One line change on packages/core/src/lib/actions/callback/oauth/callback.ts to always rely on authorization server (as). This change is necessary because since we don't require userinfo and token endpoints if an issuer is provided, as per packages/core/src/lib/utils/assert.ts, we can retrieve both endpoints directly from the authorization server.

🧢 Checklist

  • Documentation
  • Tests
  • Ready to be merged

🎫 Affected issues

📌 Resources

@vercel Vercel
Copy link

vercel bot commented Feb 18, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
auth-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 18, 2025 7:40pm
1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
next-auth-docs ⬜️ Ignored (Inspect) Visit Preview Feb 18, 2025 7:40pm

@vercel Vercel
Copy link

vercel bot commented Feb 18, 2025

@matusca96 is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the core Refers to `@auth/core` label Feb 18, 2025
@matusca96
Copy link
Author

Can someone take a look on this? It's an annoying issue that requires us to provide issuer, userinfo and token endpoints, while only with the issuer we should have everything we need.

@matusca96
Copy link
Author

@ThangHuuVu can you take a look on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThangHuuVu ThangHuuVu Awaiting requested review from ThangHuuVu ThangHuuVu is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
core Refers to `@auth/core`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@matusca96