Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(Auth): Allow sending login_hint, lang and nonce on signInWithRedirects #14089

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+62 −0
Open

feat(Auth): Allow sending login_hint, lang and nonce on signInWithRedirects #14089

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
81bbf85
feat(Auth): Allow sending login_hint, lang and nonce on signInWithRed…
Alevale Dec 18, 2024
b9b8f1d
chore(auth): Use the cognito languages as suggestions and add docs fo…
Alevale Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions packages/auth/__tests__/providers/cognito/signInWithRedirect.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,7 @@ describe('signInWithRedirect', () => {
);
expect(mockHandleFailure).toHaveBeenCalledWith(expectedError);
});

it('should not set the Oauth flag on non-browser environments', async () => {
const mockOpenAuthSessionResult = {
type: 'success',
Expand All @@ -308,6 +309,28 @@ describe('signInWithRedirect', () => {

expect(oAuthStore.storeOAuthInFlight).toHaveBeenCalledTimes(0);
});

it('should send the login_hint, lang and nonce in the query string if provided', async () => {
await signInWithRedirect({
provider: 'Google',
options: {
loginHint: '[email protected]',
lang: 'en',
nonce: '88388838883',
},
});

const [oauthUrl, redirectSignIn, preferPrivateSession] =
mockOpenAuthSession.mock.calls[0];

expect(oauthUrl).toStrictEqual(
'https://oauth.domain.com/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F&response_type=code&client_id=userPoolClientId&identity_provider=Google&scope=phone%20email%20openid%20profile%20aws.cognito.signin.user.admin&login_hint=someone%40gmail.com&lang=en&nonce=88388838883&state=oauth_state&code_challenge=code_challenge&code_challenge_method=S256',
);
expect(redirectSignIn).toEqual(
mockAuthConfigWithOAuth.Auth.Cognito.loginWith.oauth.redirectSignIn,
);
expect(preferPrivateSession).toBeUndefined();
});
});

describe('errors', () => {
Expand Down
12 changes: 12 additions & 0 deletions packages/auth/src/providers/cognito/apis/signInWithRedirect.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,11 @@ export async function signInWithRedirect(
provider,
customState: input?.customState,
preferPrivateSession: input?.options?.preferPrivateSession,
options: {
loginHint: input?.options?.loginHint,
lang: input?.options?.lang,
nonce: input?.options?.nonce,
},
});
}

Expand All @@ -66,14 +71,17 @@ const oauthSignIn = async ({
clientId,
customState,
preferPrivateSession,
options,
}: {
oauthConfig: OAuthConfig;
provider: string;
clientId: string;
customState?: string;
preferPrivateSession?: boolean;
options?: SignInWithRedirectInput['options'];
}) => {
const { domain, redirectSignIn, responseType, scopes } = oauthConfig;
const { loginHint, lang, nonce } = options ?? {};
const randomState = generateState();

/* encodeURIComponent is not URL safe, use urlSafeEncode instead. Cognito
Expand All @@ -99,6 +107,10 @@ const oauthSignIn = async ({
client_id: clientId,
identity_provider: provider,
scope: scopes.join(' '),
// eslint-disable-next-line camelcase
...(loginHint && { login_hint: loginHint }),
...(lang && { lang }),
...(nonce && { nonce }),
state,
...(responseType === 'code' && {
code_challenge: toCodeChallenge(),
Expand Down
27 changes: 27 additions & 0 deletions packages/auth/src/types/inputs.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,33 @@ export interface AuthSignInWithRedirectInput {
* On all other platforms, this flag is ignored.
*/
preferPrivateSession?: boolean;
/**
* A username prompt that you want to pass to the authorization server. You can collect a username, email address or phone number from your user and allow the destination provider to pre-populate the user's sign-in name. When you submit a `login_hint` parameter and no `idp_identifier` or `identity_provider` parameters to the `/oauth2/authorize` endpoint, managed login fills the username field with your hint value. You can also pass this parameter to the Login endpoint and automatically fill the username value.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
*/
loginHint?: string;
/**
* The language that you want to display user-interactive pages in. Managed login pages can be localized, but hosted UI (classic) pages can not
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
*/
lang?:
| 'de'
| 'en'
| 'es'
| 'fr'
| 'id'
| 'it'
| 'ja'
| 'ko'
| 'pt-BR'
| 'zh-CN'
| 'zh-TW'
| (string & NonNullable<unknown>);
/**
* A random value that you can add to the request. The nonce value that you provide is included in the ID token that Amazon Cognito issues. To guard against replay attacks, your app can inspect the `nonce` claim in the ID token and compare it to the one you generated.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
*/
nonce?: string;
};
}

Expand Down
Loading