Skip to content

Commit 874320e

Browse files
jspahrsummersjspahrsummers
committed
Token exchange body needs to be JSON
1 parent e470eb5 commit 874320e

File tree

1 file changed

+12
-12
lines changed

1 file changed

+12
-12
lines changed

client/src/lib/auth.ts

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ export async function discoverOAuthMetadata(serverUrl: string): Promise<OAuthMet
1010
try {
1111
const url = new URL('/.well-known/oauth-authorization-server', serverUrl);
1212
const response = await fetch(url.toString());
13-
13+
1414
if (response.ok) {
1515
const metadata = await response.json();
1616
return {
@@ -35,20 +35,20 @@ export async function startOAuthFlow(serverUrl: string): Promise<string> {
3535
const challenge = await pkceChallenge();
3636
const codeVerifier = challenge.code_verifier;
3737
const codeChallenge = challenge.code_challenge;
38-
38+
3939
// Store code verifier for later use
4040
sessionStorage.setItem(SESSION_KEYS.CODE_VERIFIER, codeVerifier);
41-
41+
4242
// Discover OAuth endpoints
4343
const metadata = await discoverOAuthMetadata(serverUrl);
44-
44+
4545
// Build authorization URL
4646
const authUrl = new URL(metadata.authorization_endpoint);
4747
authUrl.searchParams.set('response_type', 'code');
4848
authUrl.searchParams.set('code_challenge', codeChallenge);
4949
authUrl.searchParams.set('code_challenge_method', 'S256');
5050
authUrl.searchParams.set('redirect_uri', window.location.origin + '/oauth/callback');
51-
51+
5252
return authUrl.toString();
5353
}
5454

@@ -58,28 +58,28 @@ export async function handleOAuthCallback(serverUrl: string, code: string): Prom
5858
if (!codeVerifier) {
5959
throw new Error('No code verifier found');
6060
}
61-
61+
6262
// Discover OAuth endpoints
6363
const metadata = await discoverOAuthMetadata(serverUrl);
64-
64+
6565
// Exchange code for tokens
6666
const response = await fetch(metadata.token_endpoint, {
6767
method: 'POST',
6868
headers: {
69-
'Content-Type': 'application/x-www-form-urlencoded',
69+
'Content-Type': 'application/json',
7070
},
71-
body: new URLSearchParams({
71+
body: JSON.stringify({
7272
grant_type: 'authorization_code',
7373
code,
7474
code_verifier: codeVerifier,
7575
redirect_uri: window.location.origin + '/oauth/callback'
7676
})
7777
});
78-
78+
7979
if (!response.ok) {
8080
throw new Error('Token exchange failed');
8181
}
82-
82+
8383
const data = await response.json();
8484
return data.access_token;
85-
}
85+
}

0 commit comments

Comments
 (0)