feat: add form_post response mode support for Apple OAuth

omnimaxxing · omnimaxxing · commit 695de7fab4d0 · 2025-01-05T01:50:31.000-06:00
- Add responseMode parameter to support different OAuth response types
- Update callback endpoint to handle both GET and POST methods
- Maintain backward compatibility with existing OAuth implementations
diff --git a/src/callback-endpoint.ts b/src/callback-endpoint.ts
@@ -12,15 +12,23 @@ import { PluginTypes } from "./types";
 export const createCallbackEndpoint = (
   pluginOptions: PluginTypes,
 ): Endpoint => ({
-  method: "get",
-  path: pluginOptions.callbackPath || "/oauth/callback",
+ // Support both GET (default OAuth2) and POST (required for Apple OAuth with form_post)
+	// - GET: Used by most OAuth providers (Google, GitHub, etc.)
+	// - POST: Required by Apple when requesting name/email scopes with response_mode=form_post
+	method: ['get', 'post'],
+	path: pluginOptions.callbackPath || '/oauth/callback',
   handler: async (req) => {
     try {
-      const { code } = req.query;
-      if (typeof code !== "string")
-        throw new Error(
-          `Code not in query string: ${JSON.stringify(req.query)}`,
-        );
+   // Handle authorization code from both GET query params and POST body
+			// This enables support for Apple's form_post response mode while maintaining
+			// compatibility with traditional OAuth2 GET responses
+			const code = req.method === 'POST' ? req.body?.code : req.query?.code
+      	// Improved error handling to clearly indicate whether we're missing the code
+			// from POST body (Apple OAuth) or GET query parameters (standard OAuth)
+    	if (typeof code !== 'string')
+				throw new Error(
+						`Code not found in ${req.method === 'POST' ? 'body' : 'query'}: ${JSON.stringify(req.method === 'POST' ? req.body : req.query)}`,
+				)
 
       // /////////////////////////////////////
       // shorthands
diff --git a/src/types.ts b/src/types.ts
@@ -27,16 +27,32 @@ export interface PluginTypes {
    */
   serverURL: string;
 
-  	/**
+	/**
 	 * Response mode for the OAuth provider.
-	 * Required for Apple OAuth when requesting name or email scope.
+	 * Specifies how the authorization response should be returned.
+	 *
+	 * Required for Apple OAuth when requesting name or email scopes.
+	 * Apple requires 'form_post' when requesting these scopes to ensure
+	 * secure transmission of user data.
+	 *
 	 * Common values:
 	 * - 'form_post': Response parameters encoded in POST body (required for Apple with name/email scope)
-	 * - 'query': Response parameters encoded in URL query string
+	 * - 'query': Response parameters encoded in URL query string (default for most providers)
+	 * - 'fragment': Response parameters encoded in URL fragment
+	 *
+	 * Example for Apple OAuth:
+	 * ```typescript
+	 * {
+	 *   responseMode: 'form_post',
+	 *   scopes: ['name', 'email']
+	 * }
+	 * ```
+	 *
 	 * @default undefined
 	 */
 	responseMode?: string
 
+
   /**
    * Slug of the collection where user information will be stored
    * @default "users"
