[Plugins] [Auth] [oauth2] Support identity platforms with underlying IDPs (#261)

Co-authored-by: Gregory Schier <gschier1990@gmail.com>

plugins/auth-oauth2/src/grants/authorizationCode.ts

@@ -4,6 +4,7 @@ import { fetchAccessToken } from '../fetchAccessToken';
 import { getOrRefreshAccessToken } from '../getOrRefreshAccessToken';
 import type { AccessToken, TokenStoreArgs } from '../store';
 import { getDataDirKey, storeToken } from '../store';
+import { extractCode } from '../util';
 
 export const PKCE_SHA256 = 'S256';
 export const PKCE_PLAIN = 'plain';
@@ -79,7 +80,6 @@ export async function getAuthorizationCode(
     authorizationUrl.searchParams.set('code_challenge_method', pkce.challengeMethod);
   }
 
-  const logsEnabled = (await ctx.store.get('enable_logs')) ?? false;
   const dataDirKey = await getDataDirKey(ctx, contextId);
   const authorizationUrlStr = authorizationUrl.toString();
   console.log('[oauth2] Authorizing', authorizationUrlStr);
@@ -97,18 +97,17 @@ export async function getAuthorizationCode(
         }
       },
       async onNavigate({ url: urlStr }) {
-        const url = new URL(urlStr);
-        if (logsEnabled) console.log('[oauth2] Navigated to', urlStr);
-
-        if (url.searchParams.has('error')) {
+        let code;
+        try {
+          code = extractCode(urlStr, redirectUri);
+        } catch (err) {
+          reject(err);
           close();
-          return reject(new Error(`Failed to authorize: ${url.searchParams.get('error')}`));
+          return;
         }
 
-        const code = url.searchParams.get('code');
         if (!code) {
-          console.log('[oauth2] Code not found');
-          return; // Could be one of many redirects in a chain, so skip it
+          return;
         }
 
         // Close the window here, because we don't need it anymore!