feat: implement OAuth 2.0 authorization flow with TimeHarbor integration#172
Open
Dharp02 wants to merge 4 commits into
Open
feat: implement OAuth 2.0 authorization flow with TimeHarbor integration#172Dharp02 wants to merge 4 commits into
Dharp02 wants to merge 4 commits into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request adds support for acting as an OpenID Connect (OIDC) provider, enabling OAuth 2.0 Authorization Code flows for integration with trusted clients like TimeHarbor. It introduces the OIDC provider plugin, configures trusted client details, and ensures the correct handling of URL-encoded bodies required by OIDC endpoints. Additionally, it updates the frontend to support seamless OAuth flows by forwarding authorization parameters and session tokens as needed.
OIDC Provider Integration and Configuration:
oidcProviderplugin to thebetterAuthsetup inauth.ts, registering TimeHarbor as a trusted OAuth client and configuring the login page, client secrets, and consent skipping.Backend Request Handling Improvements:
Updated
server.tsto acceptapplication/x-www-form-urlencodedbodies (used by OIDC token endpoints) and forward them as raw strings to the authentication handler, ensuring compatibility with OIDC flows.Frontend OAuth Flow Support:
Modified
main.tsxto detect OAuth 2.0 authorization parameters in the URL and, if the user is authenticated, forward them (along with the session token in a cookie) to the OIDC authorization endpoint.Updated
LoginForm.tsxso that after a successful sign-in initiated by an OAuth 2.0 authorization request, the app redirects back to the authorization endpoint, copying the session token into a cookie for Better Auth to recognize the session.