Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(providers): update providers config from verification walk-throughs #10582

Merged
merged 7 commits into from Apr 14, 2024
Merged

fix(providers): update providers config from verification walk-throughs #10582

merged 7 commits into from Apr 14, 2024

Conversation

ndom91
Copy link
Member

@ndom91 ndom91 commented Apr 14, 2024

☕️ Reasoning

  • Update 3 providers based on findings from our verification of the example app providers
  1. Netlify - Simply append ?scope to the authorizationUrl
  2. Slack - Set checks: "nonce"
  3. WorkOS - Add connection argument / env var which gets appended to authorziationUrl as a search param

@balazsorban44 two question:

  1. I saw in the types that checks: ("none" | "state" | "pkce"), are the types wrong or is nonce really an invalid value?
  2. Regarding WorkOS, I wasn't sure how best to pass this unique value, AUTH_WORKOS_CONNECTION. Using process.env directly in the provider seems wrong since that won't work in all environments.. Do you have a better idea for this one? 🤔

🧢 Checklist

  • Documentation
  • Tests
  • Ready to be merged

🎫 Affected issues

📌 Resources

@ndom91 ndom91 requested a review from ThangHuuVu as a code owner April 14, 2024 14:51
@vercel Vercel
Copy link

vercel bot commented Apr 14, 2024
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
auth-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 14, 2024 10:27pm
1 Ignored Deployment
Name Status Preview Comments Updated (UTC)
next-auth-docs ⬜️ Ignored (Inspect) Visit Preview Apr 14, 2024 10:27pm

@github-actions github-actions bot added providers core Refers to `@auth/core` labels Apr 14, 2024
balazsorban44
balazsorban44 requested changes Apr 14, 2024
View reviewed changes
docs/pages/getting-started/providers/workos.mdx Outdated Show resolved Hide resolved
packages/core/src/providers/workos.ts Outdated Show resolved Hide resolved
@balazsorban44
Copy link
Member

Can you also modify the providers list accordingly?

@codecov Codecov
Copy link

codecov bot commented Apr 14, 2024
edited

Codecov Report

Attention: Patch coverage is 0% with 7 lines in your changes are missing coverage. Please review.

Project coverage is 39.76%. Comparing base (98266d0) to head (68ad686).
Report is 78 commits behind head on main.

Files Patch % Lines
packages/core/src/providers/workos.ts 0.00% 5 Missing ⚠️
packages/core/src/providers/netlify.ts 0.00% 1 Missing ⚠️
packages/core/src/providers/slack.ts 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #10582      +/-   ##
==========================================
+ Coverage   38.53%   39.76%   +1.22%     
==========================================
  Files         171      172       +1     
  Lines       27080    27638     +558     
  Branches     1117     1165      +48     
==========================================
+ Hits        10435    10989     +554     
- Misses      16645    16649       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 14, 2024
View reviewed changes
packages/core/src/providers/workos.ts
): OAuthConfig<P> {
const { issuer = "https://api.workos.com/" } = options
const { issuer = "https://api.workos.com/", connection = "" } = options

Check failure

Code scanning / CodeQL

Hard-coded credentials Critical

The hard-coded value "https://api.workos.com/" is used as
authorization header
.
@balazsorban44 balazsorban44 merged commit 85ab5fa into main Apr 14, 2024
11 of 15 checks passed
@balazsorban44 balazsorban44 deleted the ndom91/update-providers-values branch April 14, 2024 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@balazsorban44 balazsorban44 balazsorban44 approved these changes

@ThangHuuVu ThangHuuVu Awaiting requested review from ThangHuuVu ThangHuuVu is a code owner

Assignees
No one assigned
Labels
core Refers to `@auth/core` examples providers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ndom91 @balazsorban44