You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ideally we would like to have this set to our standard and not require someone to override the provider. Currently this causes errors as it expects to go down the oauth only path and then is trying to fetch openid details without setting it as the correct type. While I haven't seen this in a problem using next-auth I do see it causing more issues in things like SvelteKit using the direct @auth/core package which is used within @auth/sveltekit.
import{SvelteKitAuth}from"@auth/sveltekit"importFusionAuthfrom"@auth/core/providers/fusionauth"import{FUSIONAUTH_ISSUER,FUSIONAUTH_CLIENT_ID,FUSIONAUTH_CLIENT_SECRET,FUSIONAUTH_URL,FUSIONAUTH_TENANT_ID}from"$env/static/private"constfusionAuth=FusionAuth({issuer: FUSIONAUTH_ISSUER,clientId: FUSIONAUTH_CLIENT_ID,clientSecret: FUSIONAUTH_CLIENT_SECRET,// wellKnown: `${FUSIONAUTH_URL}/.well-known/openid-configuration/${FUSIONAUTH_TENANT_ID}`,tenantId: FUSIONAUTH_TENANT_ID,// Only required if you're using multi-tenancyauthorization: {params: {scope: "offline_access email openid profile",tenantId: FUSIONAUTH_TENANT_ID,},},userinfo: `${FUSIONAUTH_URL}/oauth2/userinfo`,// This is due to a known processing issue// TODO: https://github.com/nextauthjs/next-auth/issues/8745#issuecomment-1907799026token: {url: `${FUSIONAUTH_URL}/oauth2/token`,conform: async(response: Response)=>{if(response.status===401)returnresponse;constnewHeaders=Array.from(response.headers.entries()).filter(([key])=>key.toLowerCase()!=="www-authenticate").reduce((headers,[key,value])=>(headers.append(key,value),headers),newHeaders());returnnewResponse(response.body,{status: response.status,statusText: response.statusText,headers: newHeaders,});},},})// reset to oidc providerfusionAuth.type='oidc';exportconst{ handle }=SvelteKitAuth({providers: [fusionAuth],})
How to reproduce
if you set type back to its default value fusionAuth.type = 'oauth'; you will get an error like below
[auth][error] CallbackRouteError: Read more at https://errors.authjs.dev#callbackrouteerror
[auth][cause]: OperationProcessingError: Unexpected ID Token returned, use processAuthorizationCodeOpenIDResponse() for OpenID Connect callback processing
Provider type
FusionAuth
Environment
Reproduction URL
https://github.com/alex-fusionauth/fusionauth-sveltekit
Describe the issue
Within the current provider it is set as
type: "oauth"
.https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/fusionauth.ts
Then it sets the scopes as requesting
openid
.Ideally we would like to have this set to our standard and not require someone to override the provider. Currently this causes errors as it expects to go down the
oauth
only path and then is trying to fetchopenid
details without setting it as the correct type. While I haven't seen this in a problem usingnext-auth
I do see it causing more issues in things like SvelteKit using the direct@auth/core
package which is used within@auth/sveltekit
.I would like to have our provider updated to reflect the changes in this file https://github.com/alex-fusionauth/fusionauth-sveltekit/blob/afb3d9134aa43f5d540de972692b782928971aa4/complete-application/src/auth.ts
How to reproduce
if you set type back to its default value
fusionAuth.type = 'oauth';
you will get an error like belowExpected behavior
PR added: #10868
If you then set it back
fusionAuth.type = 'oidc';
it will then have success and you can access details on the profile.I would like to propose that we update the provider to
Also addresses users needing to update to beta but it is not available in core.
#8745 (comment)
The text was updated successfully, but these errors were encountered: