diff --git a/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts b/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts index 839360360c8..168c78800ca 100644 --- a/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts +++ b/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts @@ -10,6 +10,7 @@ import { isBrowser, urlSafeEncode, USER_AGENT_HEADER, + urlSafeDecode, } from '@aws-amplify/core/internals/utils'; import { cacheCognitoTokens } from '../tokenProvider/cacheTokens'; import { CognitoUserPoolsTokenProvider } from '../tokenProvider'; @@ -130,8 +131,9 @@ async function handleCodeFlow({ /* Convert URL into an object with parameters as keys { redirect_uri: 'http://localhost:3000/', response_type: 'code', ...} */ const url = new URL(currentUrl); + let validatedState: string; try { - await validateStateFromURL(url); + validatedState = await validateStateFromURL(url); } catch (err) { invokeAndClearPromise(); // clear temp values @@ -216,6 +218,17 @@ async function handleCodeFlow({ await store.storeOAuthSignIn(true); + if (isCustomState(validatedState)) { + Hub.dispatch( + 'auth', + { + event: 'customOAuthState', + data: urlSafeDecode(getCustomState(validatedState)), + }, + 'Auth', + AMPLIFY_SYMBOL + ); + } Hub.dispatch('auth', { event: 'signInWithRedirect' }, 'Auth', AMPLIFY_SYMBOL); clearHistory(redirectUri); invokeAndClearPromise(); @@ -249,7 +262,7 @@ async function handleImplicitFlow({ await store.clearOAuthInflightData(); try { - await validateState(state); + validateState(state); } catch (error) { invokeAndClearPromise(); return; @@ -264,6 +277,17 @@ async function handleImplicitFlow({ }); await store.storeOAuthSignIn(true); + if (isCustomState(state)) { + Hub.dispatch( + 'auth', + { + event: 'customOAuthState', + data: urlSafeDecode(getCustomState(state)), + }, + 'Auth', + AMPLIFY_SYMBOL + ); + } Hub.dispatch('auth', { event: 'signInWithRedirect' }, 'Auth', AMPLIFY_SYMBOL); clearHistory(redirectUri); invokeAndClearPromise(); @@ -297,8 +321,7 @@ async function handleAuthResponse({ AMPLIFY_SYMBOL ); throw new AuthError({ - message: AuthErrorTypes.OAuthSignInError, - underlyingError: error_description, + message: error_description ?? '', name: AuthErrorCodes.OAuthSignInError, recoverySuggestion: authErrorMessages.oauthSignInError.log, }); @@ -389,7 +412,7 @@ async function parseRedirectURL() { function urlListener() { // Listen configure to parse url parseRedirectURL(); - Hub.listen('core', async capsule => { + Hub.listen('core', capsule => { if (capsule.payload.event === 'configure') { parseRedirectURL(); } @@ -421,3 +444,10 @@ function clearHistory(redirectUri: string) { window.history.replaceState({}, '', redirectUri); } } + +function isCustomState(state: string): Boolean { + return /-/.test(state); +} +function getCustomState(state: string): string { + return state.split('-').splice(1).join('-'); +} diff --git a/packages/aws-amplify/package.json b/packages/aws-amplify/package.json index 8bb5e4fda89..070f1fe3054 100644 --- a/packages/aws-amplify/package.json +++ b/packages/aws-amplify/package.json @@ -270,7 +270,7 @@ "name": "[Auth] signInWithRedirect (Cognito)", "path": "./lib-esm/auth/index.js", "import": "{ signInWithRedirect }", - "limit": "20.00 kB" + "limit": "20.07 kB" }, { "name": "[Auth] fetchUserAttributes (Cognito)", @@ -288,7 +288,7 @@ "name": "[Auth] OAuth Auth Flow (Cognito)", "path": "./lib-esm/auth/index.js", "import": "{ signInWithRedirect, signOut, fetchAuthSession }", - "limit": "20.45 kB" + "limit": "20.50 kB" }, { "name": "[Storage] copy (S3)", diff --git a/packages/core/src/Hub/types/AuthTypes.ts b/packages/core/src/Hub/types/AuthTypes.ts index 58e052838ed..c9b33e85dcd 100644 --- a/packages/core/src/Hub/types/AuthTypes.ts +++ b/packages/core/src/Hub/types/AuthTypes.ts @@ -9,4 +9,6 @@ export type AuthHubEventData = /** Dispatched when auth tokens are successfully refreshed.*/ | { event: 'tokenRefresh' } /** Dispatched when there is an error in the refresh of tokens.*/ - | { event: 'tokenRefresh_failure' }; + | { event: 'tokenRefresh_failure' } + /** Dispatched when there is a customState passed in the options of the `signInWithRedirect` API.*/ + | { event: 'customOAuthState'; data: string };