add authType

Author: WilsonLe

examples/apple.ts

@@ -85,7 +85,7 @@ export const appleOAuth = OAuth2Plugin({
       throw error;
     }
   },
-  successRedirect: (req) => {
+  successRedirect: (req: PayloadRequest, token?: string) => {
     // Check user roles to determine redirect
     const user = req.user;
     if (user && Array.isArray(user.roles)) {

examples/google.ts

@@ -59,7 +59,7 @@ export const googleOAuth = OAuth2Plugin({
 
     return token;
   },
-  successRedirect: (req) => {
+  successRedirect: (req: PayloadRequest, accessToken?: string) => {
     return "/admin";
   },
   failureRedirect: (req, err) => {

examples/zitadel.ts

@@ -63,7 +63,7 @@ export const zitadelOAuth = OAuth2Plugin({
 
     return token;
   },
-  successRedirect: (req) => {
+  successRedirect: (req: PayloadRequest, token?: string) => {
     return "/admin";
   },
   failureRedirect: (req, err) => {

src/authorize-endpoint.ts

@@ -11,8 +11,8 @@ export const createAuthorizeEndpoint = (
     const authCollection = pluginOptions.authCollection || "users";
     const callbackPath = pluginOptions.callbackPath || "/oauth/callback";
     const redirectUri = `${pluginOptions.serverURL}/api/${authCollection}${callbackPath}`;
-    const scope = pluginOptions.scopes.join(" ");
 
+    const scope = pluginOptions.scopes.join(" ");
     const responseType = "code";
     const accessType = "offline";
 
@@ -30,6 +30,9 @@ export const createAuthorizeEndpoint = (
     if (pluginOptions.responseMode) {
       url.searchParams.append("response_mode", pluginOptions.responseMode);
     }
+    if (pluginOptions.authType) {
+      url.searchParams.append("auth_type", pluginOptions.authType);
+    }
 
     return Response.redirect(url.toString());
   },

src/types.ts

@@ -139,6 +139,14 @@ export interface PluginTypes {
    */
   prompt?: string;
 
+  /**
+   * Authentication type for the OAuth provider.
+   * This is used by Facebook to specify the behavior of login flow.
+   * Reference: https://developers.facebook.com/docs/facebook-login/guides/advanced/re-authentication/
+   * Possible values are "reauthenticate" and "rerequest".
+   */
+  authType?: string;
+
   /**
    * Path to the callback endpoint.
    * Must start with a forward slash.
@@ -165,6 +173,7 @@ export interface PluginTypes {
    * @deprecated Use the two-parameter overload instead
    */
   successRedirect(req: PayloadRequest): string | Promise<string>;
+
   /**
    * Redirect users after successful login.
    * @param req PayloadRequest object