apunkt/rowboat
1
0
Fork 0
mirror of https://github.com/rowboatlabs/rowboat.git synced 2026-04-25 00:16:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix oauth callback params propagation

Browse source
This commit is contained in:
Ramnique Singh 2026-03-31 14:50:23 +05:30
parent 983a4c578f
commit 1c5e5afda8
3 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apps/x/apps/main/src/auth-server.ts
View file

@ -25,7 +25,7 @@ export interface AuthServerResult {
*/ */
export function createAuthServer( export function createAuthServer(
port: number = DEFAULT_PORT, port: number = DEFAULT_PORT,
onCallback: (code: string, state: string) => void | Promise<void> onCallback: (params: Record<string, string>) => void | Promise<void>
): Promise<AuthServerResult> { ): Promise<AuthServerResult> {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
const server = createServer((req, res) => { const server = createServer((req, res) => {
@ -67,7 +67,7 @@ export function createAuthServer(
// Handle callback - either traditional OAuth with code/state or Composio-style notification // Handle callback - either traditional OAuth with code/state or Composio-style notification
// Composio callbacks may not have code/state, just a notification that the flow completed // Composio callbacks may not have code/state, just a notification that the flow completed
onCallback(code || '', state || ''); onCallback(Object.fromEntries(url.searchParams.entries()));
res.writeHead(200, { 'Content-Type': 'text/html' }); res.writeHead(200, { 'Content-Type': 'text/html' });
res.end(` res.end(`

2
apps/x/apps/main/src/composio-handler.ts
View file

@ -143,7 +143,7 @@ export async function initiateConnection(toolkitSlug: string): Promise<{
// Set up callback server // Set up callback server
let cleanupTimeout: NodeJS.Timeout; let cleanupTimeout: NodeJS.Timeout;
const { server } = await createAuthServer(8081, async (_code, _state) => { const { server } = await createAuthServer(8081, async () => {
// OAuth callback received - sync the account status // OAuth callback received - sync the account status
try { try {
const accountStatus = await composioClient.getConnectedAccount(connectedAccountId); const accountStatus = await composioClient.getConnectedAccount(connectedAccountId);

6
apps/x/apps/main/src/oauth-handler.ts
View file

@ -186,9 +186,9 @@ export async function connectProvider(provider: string, clientId?: string): Prom
}); });
// Create callback server // Create callback server
const { server } = await createAuthServer(8080, async (code, receivedState) => { const { server } = await createAuthServer(8080, async (params: Record<string, string>) => {
// Validate state // Validate state
if (receivedState !== state) { if (params.state !== state) {
throw new Error('Invalid state parameter - possible CSRF attack'); throw new Error('Invalid state parameter - possible CSRF attack');
} }
@ -199,7 +199,7 @@ export async function connectProvider(provider: string, clientId?: string): Prom
try { try {
// Build callback URL for token exchange // Build callback URL for token exchange
const callbackUrl = new URL(`${REDIRECT_URI}?code=${code}&state=${receivedState}`); const callbackUrl = new URL(`${REDIRECT_URI}?${new URLSearchParams(params).toString()}`);
// Exchange code for tokens // Exchange code for tokens
console.log(`[OAuth] Exchanging authorization code for tokens (${provider})...`); console.log(`[OAuth] Exchanging authorization code for tokens (${provider})...`);