From 51eaec69d60a62e810e8758d8f7891de946f2977 Mon Sep 17 00:00:00 2001 From: Konstantinos Pittas Date: Thu, 12 Dec 2024 16:09:25 +0200 Subject: [PATCH 1/2] feat: Add OAuth authorize URL to allowed redirect origins --- .changeset/modern-peaches-learn.md | 2 ++ packages/clerk-js/src/utils/url.ts | 1 + 2 files changed, 3 insertions(+) create mode 100644 .changeset/modern-peaches-learn.md diff --git a/.changeset/modern-peaches-learn.md b/.changeset/modern-peaches-learn.md new file mode 100644 index 0000000000..a845151cc8 --- /dev/null +++ b/.changeset/modern-peaches-learn.md @@ -0,0 +1,2 @@ +--- +--- diff --git a/packages/clerk-js/src/utils/url.ts b/packages/clerk-js/src/utils/url.ts index e888047dff..84ab195771 100644 --- a/packages/clerk-js/src/utils/url.ts +++ b/packages/clerk-js/src/utils/url.ts @@ -396,6 +396,7 @@ export function createAllowedRedirectOrigins( origins.push(`https://${getETLDPlusOneFromFrontendApi(frontendApi)}`); origins.push(`https://*.${getETLDPlusOneFromFrontendApi(frontendApi)}`); + origins.push(`https://${frontendApi}/oauth/authorize*`); return origins; } From 5a69ed2cdddbede35185c1023097df2464591a97 Mon Sep 17 00:00:00 2001 From: Konstantinos Pittas Date: Thu, 12 Dec 2024 16:21:52 +0200 Subject: [PATCH 2/2] fix: Add new endpoint to tests and improve existing ones --- packages/clerk-js/src/utils/__tests__/url.test.ts | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/packages/clerk-js/src/utils/__tests__/url.test.ts b/packages/clerk-js/src/utils/__tests__/url.test.ts index ef37ded892..46b6f5f616 100644 --- a/packages/clerk-js/src/utils/__tests__/url.test.ts +++ b/packages/clerk-js/src/utils/__tests__/url.test.ts @@ -512,25 +512,27 @@ describe('isAllowedRedirect', () => { describe('createAllowedRedirectOrigins', () => { it('contains the default allowed origin values if no value is provided', async () => { - const frontendApi = 'https://somename.clerk.accounts.dev'; + const frontendApi = 'somename.clerk.accounts.dev'; const allowedRedirectOriginsValuesUndefined = createAllowedRedirectOrigins(undefined, frontendApi); const allowedRedirectOriginsValuesEmptyArray = createAllowedRedirectOrigins([], frontendApi); expect(allowedRedirectOriginsValuesUndefined).toEqual([ 'http://localhost', - `https://${getETLDPlusOneFromFrontendApi(frontendApi)}`, - `https://*.${getETLDPlusOneFromFrontendApi(frontendApi)}`, + `https://somename.accounts.dev`, + `https://*.somename.accounts.dev`, + `https://somename.clerk.accounts.dev/oauth/authorize*`, ]); expect(allowedRedirectOriginsValuesEmptyArray).toEqual([ 'http://localhost', - `https://${getETLDPlusOneFromFrontendApi(frontendApi)}`, - `https://*.${getETLDPlusOneFromFrontendApi(frontendApi)}`, + `https://somename.accounts.dev`, + `https://*.somename.accounts.dev`, + `https://somename.clerk.accounts.dev/oauth/authorize*`, ]); }); it('contains only the allowedRedirectOrigins options given', async () => { - const frontendApi = 'https://somename.clerk.accounts.dev'; + const frontendApi = 'somename.clerk.accounts.dev'; const allowedRedirectOriginsValues = createAllowedRedirectOrigins( ['https://test.host', 'https://*.test.host'], frontendApi,