From 9f32d30e17954c5d4320b374a108617cda5ab357 Mon Sep 17 00:00:00 2001
From: Kang Ming <kang.ming1996@gmail.com>
Date: Thu, 12 Dec 2024 17:04:02 +0800
Subject: [PATCH] fix: return error early for redirects (#992)

## What kind of change does this PR introduce?
* When using the PKCE flow, if there's a redirect error after the
callback and a code is not returned, `getSessionFromUrl` ends up
returning `Not a valid PKCE flow url.` instead of the actual error
---
 src/GoTrueClient.ts | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/src/GoTrueClient.ts b/src/GoTrueClient.ts
index b01b16e0..2faf0f12 100644
--- a/src/GoTrueClient.ts
+++ b/src/GoTrueClient.ts
@@ -1423,14 +1423,29 @@ export default class GoTrueClient {
   > {
     try {
       if (!isBrowser()) throw new AuthImplicitGrantRedirectError('No browser detected.')
+
+      const params = parseParametersFromURL(window.location.href)
+
+      // If there's an error in the URL, it doesn't matter what flow it is, we just return the error.
+      if (params.error || params.error_description || params.error_code) {
+        // The error class returned implies that the redirect is from an implicit grant flow
+        // but it could also be from a redirect error from a PKCE flow.
+        throw new AuthImplicitGrantRedirectError(
+          params.error_description || 'Error in URL with unspecified error_description',
+          {
+            error: params.error || 'unspecified_error',
+            code: params.error_code || 'unspecified_code',
+          }
+        )
+      }
+
+      // Checks for mismatches between the flowType initialised in the client and the URL parameters
       if (this.flowType === 'implicit' && !this._isImplicitGrantFlow()) {
         throw new AuthImplicitGrantRedirectError('Not a valid implicit grant flow url.')
       } else if (this.flowType == 'pkce' && !isPKCEFlow) {
         throw new AuthPKCEGrantCodeExchangeError('Not a valid PKCE flow url.')
       }
 
-      const params = parseParametersFromURL(window.location.href)
-
       if (isPKCEFlow) {
         if (!params.code) throw new AuthPKCEGrantCodeExchangeError('No code detected.')
         const { data, error } = await this._exchangeCodeForSession(params.code)
@@ -1444,16 +1459,6 @@ export default class GoTrueClient {
         return { data: { session: data.session, redirectType: null }, error: null }
       }
 
-      if (params.error || params.error_description || params.error_code) {
-        throw new AuthImplicitGrantRedirectError(
-          params.error_description || 'Error in URL with unspecified error_description',
-          {
-            error: params.error || 'unspecified_error',
-            code: params.error_code || 'unspecified_code',
-          }
-        )
-      }
-
       const {
         provider_token,
         provider_refresh_token,