Use getRedirectUrl in all cases where redirectUri is passed

aws-amplify · Dec 19, 2023 · de1d92a · de1d92a
1 parent 047bed4
commit de1d92a
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 22 deletions.
diff --git a/packages/auth/__tests__/providers/cognito/signInWithRedirect.test.ts b/packages/auth/__tests__/providers/cognito/signInWithRedirect.test.ts
@@ -67,17 +67,17 @@ describe('signInWithRedirect API', () => {
 		});
 		const mockOpenAuthSession = openAuthSession as jest.Mock;
 		const mockHubDispatch = Hub.dispatch as jest.Mock;
-	
+
 		afterEach(() => {
 			mockOpenAuthSession.mockReset();
 		});
-	
+
 		it('should throw and dispatch when an error is returned in the URL in RN', async () => {
 			mockOpenAuthSession.mockResolvedValueOnce({
 				type: 'error',
 				error: oauthErrorMessage,
 			});
-	
+
 			await expect(signInWithRedirect()).rejects.toThrow(oauthError);
 			expect(Hub.dispatch).toHaveBeenCalledWith(
 				'auth',
@@ -89,13 +89,13 @@ describe('signInWithRedirect API', () => {
 				AMPLIFY_SYMBOL
 			);
 		});
-	
+
 		it('should throw when state is not valid after calling signInWithRedirect', async () => {
 			mockOpenAuthSession.mockResolvedValueOnce({
 				type: 'success',
 				url: 'http:localhost:3000/oauth2/redirect?state=invalid_state&code=mock_code&scope=openid%20email%20profile&session_state=mock_session_state',
 			});
-	
+
 			await expect(signInWithRedirect()).rejects.toThrow(invalidStateOauthError);
 			expect(mockHubDispatch).toHaveBeenCalledWith(
 				'auth',
@@ -106,9 +106,9 @@ describe('signInWithRedirect API', () => {
 				'Auth',
 				AMPLIFY_SYMBOL
 			);
-	
+
 		});
-	
+
 		it('should dispatch the signInWithRedirect_failure event when an error is returned in the URL', async () => {
 			Object.defineProperty(window, 'location', {
 				value: {
@@ -127,7 +127,7 @@ describe('signInWithRedirect API', () => {
 				AMPLIFY_SYMBOL
 			);
 		});
-	
+
 		it('should dispatch the signInWithRedirect_failure event when state is not valid', async () => {
 			Object.defineProperty(window, 'location', {
 				value: {
@@ -147,10 +147,10 @@ describe('signInWithRedirect API', () => {
 			);
 		});
 	});
-	
+
 	describe('getRedirectUrl on web', () => {
 		const originalWindowLocation = window.location;
-	
+
 		const currentWindownLocationParamsList: {
 			origin: string;
 			pathname: string;
@@ -201,31 +201,31 @@ describe('signInWithRedirect API', () => {
 			const redirect = getRedirectUrl(['https://example.com/another-app']);
 			expect(redirect).toBe('https://example.com/another-app');
 		});
-	
+
 		it('should throw if the url is not comming from the same origin', async () => {
 			Object.defineProperty(globalThis, 'window', {
 				value: {
 					location: { origin: 'https://differentorigin.com', pathname: '/app' },
 				},
 				writable: true,
 			});
-	
+
 			try {
 				return getRedirectUrl(['http://localhost:3000/', 'https://example.com/']);
 			} catch (error: any) {
 				expect(error).toBeInstanceOf(AuthError);
 				expect(error.name).toBe(INVALID_ORIGIN_EXCEPTION);
 			}
 		});
-	
+
 		it('should throw if the url is not found or invalid', async () => {
 			Object.defineProperty(globalThis, 'window', {
 				value: {
 					location: { origin: 'http://localhost:3000', pathname: '/' },
 				},
 				writable: true,
 			});
-	
+
 			try {
 				return getRedirectUrl(['novalid']);
 			} catch (error: any) {
@@ -234,7 +234,7 @@ describe('signInWithRedirect API', () => {
 			}
 		});
 	});
-	
+
 	describe('getRedirectUrl on React Native', () => {
 		it('should pick the first non http or https redirect', async () => {
 			const redirect = getRedirectUrlRN([

diff --git a/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts b/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts
@@ -81,19 +81,19 @@ export async function oauthSignIn({
 	const { domain, redirectSignIn, responseType, scopes } = oauthConfig;
 	const randomState = generateState();
 
-	/* encodeURIComponent is not URL safe, use urlSafeEncode instead. Cognito 
+	/* encodeURIComponent is not URL safe, use urlSafeEncode instead. Cognito
 	single-encodes/decodes url on first sign in and double-encodes/decodes url
-	when user already signed in. Using encodeURIComponent, Base32, Base64 add 
-	characters % or = which on further encoding becomes unsafe. '=' create issue 
-	for parsing query params. 
+	when user already signed in. Using encodeURIComponent, Base32, Base64 add
+	characters % or = which on further encoding becomes unsafe. '=' create issue
+	for parsing query params.
 	Refer: https://github.com/aws-amplify/amplify-js/issues/5218 */
 	const state = customState
 		? `${randomState}-${urlSafeEncode(customState)}`
 		: randomState;
 	const { value, method, toCodeChallenge } = generateCodeVerifier(128);
 
 	const redirectUri = getRedirectUrl(oauthConfig.redirectSignIn);
-	
+
 	store.storeOAuthInFlight(true);
 	store.storeOAuthState(state);
 	store.storePKCE(value);
@@ -127,7 +127,7 @@ export async function oauthSignIn({
 			currentUrl: url,
 			clientId,
 			domain,
-			redirectUri: redirectSignIn[0],
+			redirectUri,
 			responseType,
 			userAgentValue: getAuthUserAgentValue(AuthAction.SignInWithRedirect),
 			preferPrivateSession,
@@ -464,12 +464,13 @@ export async function parseRedirectURL() {
 		const currentUrl = window.location.href;
 		const { loginWith, userPoolClientId } = authConfig;
 		const { domain, redirectSignIn, responseType } = loginWith.oauth;
+		const redirectUri = getRedirectUrl(redirectSignIn);
 
 		await handleAuthResponse({
 			currentUrl,
 			clientId: userPoolClientId,
 			domain,
-			redirectUri: redirectSignIn[0],
+			redirectUri,
 			responseType,
 			userAgentValue: getAuthUserAgentValue(AuthAction.SignInWithRedirect),
 		});