Skip to content

Commit c2f17f0

Browse files
joaomnunojoaomnuno
authored
fix: configure GitHub OAuth issuer (#388)
* fix: configure github oauth issuer * fix: set cloud-mode flag in test env mock * test: stabilize auth issuer unit test
1 parent b20f3b5 commit c2f17f0

2 files changed

Lines changed: 56 additions & 0 deletions

File tree

apps/web/src/server/auth.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ import { sendSignUpEmail } from "~/server/mailer";
1414
import { env } from "~/env";
1515
import { db } from "~/server/db";
1616

17+
const GITHUB_OAUTH_ISSUER = "https://github.com/login/oauth";
18+
1719
/**
1820
* Module augmentation for `next-auth` types. Allows us to add custom properties to the `session`
1921
* object and keep type safety.
@@ -54,6 +56,8 @@ function getProviders() {
5456
GitHubProvider({
5557
clientId: env.GITHUB_ID,
5658
clientSecret: env.GITHUB_SECRET,
59+
// GitHub now includes `iss` on OAuth callbacks, so NextAuth needs the expected issuer.
60+
issuer: GITHUB_OAUTH_ISSUER,
5761
allowDangerousEmailAccountLinking: true,
5862
authorization: {
5963
params: {

apps/web/src/server/auth.unit.test.ts

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
import { describe, expect, it, vi } from "vitest";
2+
3+
vi.mock("next-auth", () => ({
4+
getServerSession: vi.fn(),
5+
}));
6+
7+
vi.mock("@auth/prisma-adapter", () => ({
8+
PrismaAdapter: vi.fn(() => ({})),
9+
}));
10+
11+
vi.mock("next-auth/providers/google", () => ({
12+
default: vi.fn(),
13+
}));
14+
15+
vi.mock("next-auth/providers/email", () => ({
16+
default: vi.fn(),
17+
}));
18+
19+
vi.mock("~/server/db", () => ({
20+
db: {},
21+
}));
22+
23+
vi.mock("~/server/mailer", () => ({
24+
sendSignUpEmail: vi.fn(),
25+
}));
26+
27+
vi.mock("~/env", () => ({
28+
env: {
29+
GITHUB_ID: "github-client-id",
30+
GITHUB_SECRET: "github-client-secret",
31+
NEXT_PUBLIC_IS_CLOUD: true,
32+
},
33+
}));
34+
35+
import { authOptions } from "~/server/auth";
36+
37+
describe("authOptions", () => {
38+
it("configures the GitHub provider with an explicit issuer", () => {
39+
const githubProvider = authOptions.providers.find(
40+
(provider) => provider.id === "github",
41+
);
42+
43+
expect(githubProvider).toMatchObject({
44+
id: "github",
45+
options: {
46+
clientId: "github-client-id",
47+
clientSecret: "github-client-secret",
48+
issuer: "https://github.com/login/oauth",
49+
},
50+
});
51+
});
52+
});

0 commit comments

Comments
 (0)