fix: return error early for redirects (#992)

## What kind of change does this PR introduce? * When using the PKCE flow, if there's a redirect error after the callback and a code is not returned, `getSessionFromUrl` ends up returning `Not a valid PKCE flow url.` instead of the actual error
supabase · Dec 12, 2024 · 9f32d30 · 9f32d30
1 parent 2e6e07c
commit 9f32d30
Showing 1 changed file with 17 additions and 12 deletions.
diff --git a/src/GoTrueClient.ts b/src/GoTrueClient.ts
@@ -1423,14 +1423,29 @@ export default class GoTrueClient {
   > {
     try {
       if (!isBrowser()) throw new AuthImplicitGrantRedirectError('No browser detected.')
+
+      const params = parseParametersFromURL(window.location.href)
+
+      // If there's an error in the URL, it doesn't matter what flow it is, we just return the error.
+      if (params.error || params.error_description || params.error_code) {
+        // The error class returned implies that the redirect is from an implicit grant flow
+        // but it could also be from a redirect error from a PKCE flow.
+        throw new AuthImplicitGrantRedirectError(
+          params.error_description || 'Error in URL with unspecified error_description',
+          {
+            error: params.error || 'unspecified_error',
+            code: params.error_code || 'unspecified_code',
+          }
+        )
+      }
+
+      // Checks for mismatches between the flowType initialised in the client and the URL parameters
       if (this.flowType === 'implicit' && !this._isImplicitGrantFlow()) {
         throw new AuthImplicitGrantRedirectError('Not a valid implicit grant flow url.')
       } else if (this.flowType == 'pkce' && !isPKCEFlow) {
         throw new AuthPKCEGrantCodeExchangeError('Not a valid PKCE flow url.')
       }
 
-      const params = parseParametersFromURL(window.location.href)
-
       if (isPKCEFlow) {
         if (!params.code) throw new AuthPKCEGrantCodeExchangeError('No code detected.')
         const { data, error } = await this._exchangeCodeForSession(params.code)
@@ -1444,16 +1459,6 @@ export default class GoTrueClient {
         return { data: { session: data.session, redirectType: null }, error: null }
       }
 
-      if (params.error || params.error_description || params.error_code) {
-        throw new AuthImplicitGrantRedirectError(
-          params.error_description || 'Error in URL with unspecified error_description',
-          {
-            error: params.error || 'unspecified_error',
-            code: params.error_code || 'unspecified_code',
-          }
-        )
-      }
-
       const {
         provider_token,
         provider_refresh_token,