use redirect locations from state
This commit is contained in:
parent
80415104e5
commit
bf09096740
|
|
@ -18,30 +18,6 @@ export const load: PageServerLoad = async event => {
|
||||||
throw redirect(302, '/');
|
throw redirect(302, '/');
|
||||||
}
|
}
|
||||||
|
|
||||||
// check for errors from the provider
|
|
||||||
// TODO: this is still technically provider-specific and should be split out
|
|
||||||
// into the provider implementations since different providers can call back
|
|
||||||
// with different parameters
|
|
||||||
const errorCode = event.url.searchParams.get('error');
|
|
||||||
const errorDescription = event.url.searchParams.get('error_description');
|
|
||||||
|
|
||||||
// if the user cancelled the login, redirect home gracefully
|
|
||||||
if (errorCode === 'access_denied') {
|
|
||||||
throw redirect(302, '/');
|
|
||||||
}
|
|
||||||
|
|
||||||
// if another error was encountered, return the error information only
|
|
||||||
if (errorCode) {
|
|
||||||
return {
|
|
||||||
error: {
|
|
||||||
code: errorCode,
|
|
||||||
description: errorDescription ?? '',
|
|
||||||
},
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
const providerImpl = authProviderImplementations[provider];
|
|
||||||
|
|
||||||
// retrieve the state we stored for this session and compare against the
|
// retrieve the state we stored for this session and compare against the
|
||||||
// state we received from the provider
|
// state we received from the provider
|
||||||
const dataSource = await getDataSource();
|
const dataSource = await getDataSource();
|
||||||
|
|
@ -58,13 +34,37 @@ export const load: PageServerLoad = async event => {
|
||||||
if (!storedState || !receivedState || storedState.state !== receivedState) {
|
if (!storedState || !receivedState || storedState.state !== receivedState) {
|
||||||
return {
|
return {
|
||||||
error: {
|
error: {
|
||||||
code: 'consumer_state_mismatch',
|
code: 'state_mismatch',
|
||||||
description:
|
description:
|
||||||
`Expected state ${storedState?.state}, received ${receivedState}`,
|
`Expected state ${storedState?.state}, received ${receivedState}`,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check for errors from the provider
|
||||||
|
// TODO: this is still technically provider-specific and should be split out
|
||||||
|
// into the provider implementations since different providers can call back
|
||||||
|
// with different parameters
|
||||||
|
const errorCode = event.url.searchParams.get('error');
|
||||||
|
const errorDescription = event.url.searchParams.get('error_description');
|
||||||
|
|
||||||
|
// if the user cancelled the login, redirect home gracefully
|
||||||
|
if (errorCode === 'access_denied') {
|
||||||
|
throw redirect(302, storedState.prev);
|
||||||
|
}
|
||||||
|
|
||||||
|
// if another error was encountered, return the error information only
|
||||||
|
if (errorCode) {
|
||||||
|
return {
|
||||||
|
error: {
|
||||||
|
code: errorCode,
|
||||||
|
description: errorDescription ?? '',
|
||||||
|
},
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
const providerImpl = authProviderImplementations[provider];
|
||||||
|
|
||||||
const code = event.url.searchParams.get('code');
|
const code = event.url.searchParams.get('code');
|
||||||
if (!code) {
|
if (!code) {
|
||||||
return {
|
return {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue