grant icon indicating copy to clipboard operation
grant copied to clipboard

Prefix URL affects the redirected URL

Open ssuriyayuvan opened this issue 1 year ago • 1 comments

grant config

app.use(grant({
  defaults: {
   "protocol": "http",
    "host": "localhost:5001",
    "prefix": "",  // Leave prefix empty to avoid '/auth/' prefix for other routes
    "transport": "session",
    "state": true,
    "response": "json",
    "debug": true
  },
  discord: {
    key: process.env.DISCORD_CLIENT_KEY,
    secret: process.env.DISCORD_SECRET_KEY,
    scope: ['identify', 'email'],
    callback: '/auth/discord/callback'
  },
  twitter: {
    key: process.env.TWITTER_CONSUMER_KEY,
    secret: process.env.TWITTER_CONSUMER_SECRET,
    callback: '/auth/twitter/callback',
    scope: ['users.read']
  },
  google: {
    key: process.env.GOOGLE_CLIENT_ID,
    secret: process.env.GOOGLE_CLIENT_SECRET,
    scope: ['profile', 'email'],
    callback: '/auth/google/callback'
  }
}));

redirect URL

app.get('/auth/:provider/callback', (req, res) => {
  console.log("Req Query", req.query);
  const { provider } = req.params;
  res.send('Hello World!')
});

Incoming redirected requests are affected by the default prefix. If we give /auth as a prefix then it will block the redirect URL /auth/:provider/callback and if we leave this as empty then it sends undefined in the callback URL.

ssuriyayuvan avatar Dec 23 '24 13:12 ssuriyayuvan

I think there is a misunderstanding here, as stated in the docs https://github.com/simov/grant?tab=readme-ov-file#connect-redirect-uri your callback URLs and the Redirect URL is not the same thing.

You can set your prefix like this:

app.use(grant({
  origin: 'http://localhost:5001', // note that origin is the key to use moving forward
  prefix: '/auth'
}))

Then your Redirect URL will be http://localhost:5001/auth/google/callback (for Google).

However, note that your callback cannot be this /auth/google/callback because this will be the Redirect URL used internally by Grant. Instead, you can set your callback to something else, like /auth/google/login - this is where you will get the response data at the end.

simov avatar Dec 23 '24 16:12 simov