v_deeplink

Author: dvoytenko

app/login/vercel/actions.ts

@@ -2,7 +2,34 @@
 
 import { cookies as getCookies, headers as getHeaders } from "next/headers";
 import { redirect } from "next/navigation";
-import { createAuthorizationUrl } from "./issuer";
+import { createAuthorizationUrl, OIDC_ISSUER } from "./issuer";
+
+export async function maybeStartAuthorizationAuto(
+  params: Record<string, string>
+) {
+  // See https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin
+  const { iss, login_hint, target_link_uri, v_deeplink } = params;
+  if (iss !== OIDC_ISSUER || !login_hint) {
+    return;
+  }
+
+  const headers = getHeaders();
+  const cookies = getCookies();
+
+  const host = headers.get("host");
+
+  const protocol = host?.startsWith("localhost") ? "http" : "https";
+  const callbackUrl = `${protocol}://${host}/login/vercel/callback`;
+
+  const { redirectTo, state } = await createAuthorizationUrl({
+    callbackUrl,
+    login_hint,
+    v_deeplink,
+  });
+
+  cookies.set("vercel-oidc-state", state, { httpOnly: true });
+  return redirect(redirectTo);
+}
 
 export async function startAuthorization(formData: FormData) {
   console.log("startAuthorization:", Object.fromEntries(formData));

app/login/vercel/callback/route.ts

@@ -4,6 +4,9 @@ import { getTokens } from "../issuer";
 export async function GET(req: Request) {
   const url = req.url;
 
+  const params = Object.fromEntries(new URL(url).searchParams);
+  const { v_deeplink } = params;
+
   const cookies = await getCookies();
   const expectedState = cookies.get("vercel-oidc-state")?.value || undefined;
   console.log("Callback:", { url, expectedState });
@@ -14,6 +17,6 @@ export async function GET(req: Request) {
     cookies.set("id-token", id_token);
   }
 
-  // TODO: redirect to the /dashboard
-  return Response.json({ id_token, claims });
+  // TODO: redirect to the /dashboard based on v_deeplink.
+  return Response.json({ id_token, claims, v_deeplink });
 }

app/login/vercel/issuer.ts

@@ -11,7 +11,7 @@ import {
 } from "openid-client";
 import { createRemoteJWKSet, jwtVerify } from "jose";
 
-const OIDC_ISSUER = "http://localhost:4000";
+export const OIDC_ISSUER = "http://localhost:4000";
 const OIDC_CLIENT_ID = "my_web_app1";
 const OIDC_CLIENT_SECRET = "super_secret_client_secret1";
 
@@ -53,9 +53,13 @@ export async function getOidcConfiguration(): Promise<Configuration> {
 
 export async function createAuthorizationUrl({
   callbackUrl,
+  login_hint,
+  v_deeplink,
   explicit = true,
 }: {
   callbackUrl: string;
+  login_hint?: string;
+  v_deeplink?: string;
   explicit?: boolean;
 }): Promise<{
   redirectTo: string;
@@ -70,6 +74,8 @@ export async function createAuthorizationUrl({
     scope: "openid",
     state,
     response_type: explicit ? "code" : "id_token",
+    ...(login_hint ? { login_hint } : null),
+    ...(v_deeplink ? { v_deeplink } : null),
   });
 
   return {

app/login/vercel/page.tsx renamed to app/login/vercel/prompt/page.tsx

@@ -1,12 +1,6 @@
-import { startAuthorization, startImplicitAuthorization } from "./actions";
-
-interface LoginSearchParams {}
-
-export default async function LoginVercelPage(props: {
-  searchParams: Promise<LoginSearchParams>;
-}) {
-  const searchParams = await props.searchParams;
+import { startAuthorization, startImplicitAuthorization } from "../actions";
 
+export default async function LoginVercelPage() {
   return (
     <div className="bg-gray-100 h-screen flex items-center justify-center">
       <div className="bg-white shadow-md rounded px-8 pt-6 pb-8 mb-4 w-full max-w-sm">

app/login/vercel/route.ts

@@ -0,0 +1,8 @@
+import { maybeStartAuthorizationAuto } from "./actions";
+
+export async function GET(req: Request) {
+  const params = Object.fromEntries(new URL(req.url).searchParams);
+  await maybeStartAuthorizationAuto(params);
+
+  return Response.redirect(new URL("/login/vercel/prompt", req.url), 307);
+}