feat(auth): PKCE flow preparation + CallbackPage dual-mode
All checks were successful
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 29s
All checks were successful
CI/CD — Build & Deploy / Build & Deploy (push) Successful in 29s
- Add oauth.ts — PKCE helpers (code verifier/challenge, token exchange) - Add LoginButton — "Se connecter avec SuperOAuth" component - Update CallbackPage — handles both PKCE (?code) and legacy (?token) flows - Update .env.example — VITE_OAUTH_URL + VITE_OAUTH_CLIENT_ID PKCE flow ready for when SuperOAuth exposes /oauth/authorize endpoint. Legacy flow (redirect + token query param) remains active in production.
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
import { useEffect, useState } from 'react';
|
||||
import { useNavigate } from 'react-router-dom';
|
||||
import { apiFetch } from '../lib/api';
|
||||
import { exchangeCode, loadVerifier } from '../lib/oauth';
|
||||
import { useAuthContext } from '../context/AuthContext';
|
||||
import type { User } from '../context/AuthContext';
|
||||
|
||||
@@ -16,22 +17,50 @@ export default function CallbackPage() {
|
||||
|
||||
useEffect(() => {
|
||||
const params = new URLSearchParams(window.location.search);
|
||||
const token = params.get('token');
|
||||
|
||||
if (!token) {
|
||||
navigate('/', { replace: true });
|
||||
// --- Erreur OAuth explicite (state=error, error=access_denied, etc.) ---
|
||||
const oauthError = params.get('error');
|
||||
if (oauthError) {
|
||||
const desc = params.get('error_description') ?? oauthError;
|
||||
setError(`Erreur OAuth : ${desc}`);
|
||||
return;
|
||||
}
|
||||
|
||||
apiFetch<SessionResponse>('/auth/session', {
|
||||
method: 'POST',
|
||||
body: JSON.stringify({ token }),
|
||||
})
|
||||
.then((res) => {
|
||||
setUser(res.data.user);
|
||||
navigate('/', { replace: true });
|
||||
// --- Flow PKCE : ?code= présent ---
|
||||
const code = params.get('code');
|
||||
if (code) {
|
||||
const verifier = loadVerifier();
|
||||
if (!verifier) {
|
||||
setError('Session PKCE expirée. Recommence la connexion.');
|
||||
return;
|
||||
}
|
||||
const redirectUri = `${window.location.origin}/callback`;
|
||||
|
||||
exchangeCode(code, verifier, redirectUri)
|
||||
.then(() => {
|
||||
navigate('/app', { replace: true });
|
||||
})
|
||||
.catch(() => setError("Échec de l'échange de code OAuth. Réessaie."));
|
||||
return;
|
||||
}
|
||||
|
||||
// --- Flow session (Step 2 — token JWT passé en query param) ---
|
||||
const token = params.get('token');
|
||||
if (token) {
|
||||
apiFetch<SessionResponse>('/auth/session', {
|
||||
method: 'POST',
|
||||
body: JSON.stringify({ token }),
|
||||
})
|
||||
.catch(() => setError("Échec de l'authentification. Réessaie."));
|
||||
.then((res) => {
|
||||
setUser(res.data.user);
|
||||
navigate('/', { replace: true });
|
||||
})
|
||||
.catch(() => setError("Échec de l'authentification. Réessaie."));
|
||||
return;
|
||||
}
|
||||
|
||||
// Aucun paramètre reconnu → retour accueil
|
||||
navigate('/', { replace: true });
|
||||
}, [navigate, setUser]);
|
||||
|
||||
if (error) {
|
||||
|
||||
Reference in New Issue
Block a user