You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* - `realm` is the authentication provider. Defaults to `"uga"`.
14
+
* - `callbackPath` is the path to redirect the user to after the action completes. Defaults to the value of the `referer` header if present or `/` if not.
* Next.js Route handler for an OAuth callback request.
122
+
* @param request The incoming request object, which expects two of three valid search parameters shown below.
123
+
*
124
+
* **Required always:**
125
+
* - `state` — The token identifying the current state of the authentication flow.
126
+
*
127
+
* **Requires exactly one of:**
128
+
* - `code` — During the standard OAuth flow, this value allows for retrieval of a user's `access_token`. The `access_token` will then be used to request profile information about the authenticated user, which will then be inserted into the database. If this is the user's first time signing in and they are using a realm other than `uga`, they will be redirected to authenticate with `uga` first. This second authentication request will use `/api/auth?state=...&linkProfile=...` as the callback path.
129
+
* - `linkProfile` — After a standard OAuth flow, this value allows for a user's non-`uga` profile to be linked to their newly created account.
130
+
*
131
+
* @returns never, when awaited (a `redirect()`, `notFound()`, or `unauthorized()` error will always be thrown)
@@ -120,7 +140,9 @@ export async function handleOAuthRedirect(request: NextRequest) {
120
140
constprovider=providers[params.state.realm];
121
141
122
142
if("linkProfile"inparams){
123
-
if(provider.name==="google"){
143
+
// [Case 2] A user tried to sign in for the first time using a non-`uga` account. They've completed creaeting the UGA account, but we want to automatically link their non-`uga` profile to the `uga` user.
144
+
145
+
if(provider.name==="uga"){
124
146
notFound();
125
147
}
126
148
@@ -137,6 +159,7 @@ export async function handleOAuthRedirect(request: NextRequest) {
137
159
redirect(params.state.callbackPath);
138
160
}
139
161
162
+
// [Case 1] A user is following the standard OAuth flow. We request the `access_token` from the provider and get the associated profile data.
@@ -234,6 +264,7 @@ export async function handleOAuthRedirect(request: NextRequest) {
234
264
});
235
265
236
266
if(!user){
267
+
// Case [1-2-2] The user is signing in for the first time using a non-`uga` account: we can't create a session for them (yet) because there is no `user` to associate this profile with.
237
268
returnnull;
238
269
}
239
270
@@ -269,8 +300,9 @@ export async function handleOAuthRedirect(request: NextRequest) {
269
300
});
270
301
271
302
if(token===null){
303
+
// Continued: [Case 1-2-2] Begin the authenticaiton flow using `uga`. See [Case 2].
0 commit comments