feat: add authorizationParams in oauth config

playground/app.vue

@@ -3,67 +3,67 @@ const { loggedIn, user, session, clear } = useUserSession()
 
 const providers = computed(() => [
   {
-    label: session.value.user?.github?.login || 'GitHub',
+    label: session.value.user?.github || 'GitHub',
     to: '/auth/github',
     disabled: Boolean(user.value?.github),
     icon: 'i-simple-icons-github',
   },
   {
-    label: session.value.user?.spotify?.display_name || 'Spotify',
+    label: session.value.user?.spotify || 'Spotify',
     to: '/auth/spotify',
     disabled: Boolean(user.value?.spotify),
     icon: 'i-simple-icons-spotify',
   },
   {
-    label: session.value.user?.google?.email || 'Google',
+    label: session.value.user?.google || 'Google',
     to: '/auth/google',
     disabled: Boolean(user.value?.google),
     icon: 'i-simple-icons-google',
   },
   {
-    label: session.value.user?.twitch?.login || 'Twitch',
+    label: session.value.user?.twitch || 'Twitch',
     to: '/auth/twitch',
     disabled: Boolean(user.value?.twitch),
     icon: 'i-simple-icons-twitch',
   },
   {
-    label: user.value?.auth0?.email || 'Auth0',
+    label: user.value?.auth0 || 'Auth0',
     to: '/auth/auth0',
     disabled: Boolean(user.value?.auth0),
     icon: 'i-simple-icons-auth0',
   },
   {
-    label: user.value?.discord?.username || 'Discord',
+    label: user.value?.discord || 'Discord',
     to: '/auth/discord',
     disabled: Boolean(user.value?.discord),
     icon: 'i-simple-icons-discord',
   },
   {
-    label: user.value?.battledotnet?.battletag || 'Battle.net',
+    label: user.value?.battledotnet || 'Battle.net',
     to: '/auth/battledotnet',
     disabled: Boolean(user.value?.battledotnet),
     icon: 'i-simple-icons-battledotnet',
   },
   {
-    label: user.value?.microsoft?.displayName || 'Microsoft',
+    label: user.value?.microsoft || 'Microsoft',
     to: '/auth/microsoft',
     disabled: Boolean(user.value?.microsoft),
     icon: 'i-simple-icons-microsoft',
   },
   {
-    label: user.value?.keycloak?.preferred_username || 'Keycloak',
+    label: user.value?.keycloak || 'Keycloak',
     to: '/auth/keycloak',
     disabled: Boolean(user.value?.keycloak),
     icon: 'i-simple-icons-redhat'
   },
   {
-    label: user.value?.linkedin?.email || 'LinkedIn',
+    label: user.value?.linkedin || 'LinkedIn',
     to: '/auth/linkedin',
     disabled: Boolean(user.value?.linkedin),
     icon: 'i-simple-icons-linkedin',
   },
   {
-    label: user.value?.cognito?.email || 'Cognito',
+    label: user.value?.cognito || 'Cognito',
     to: '/auth/cognito',
     disabled: Boolean(user.value?.cognito),
     icon: 'i-simple-icons-amazonaws',

playground/auth.d.ts

@@ -1,15 +1,16 @@
 declare module '#auth-utils' {
   interface User {
-    spotify?: any
-    github?: any
-    google?: any
-    twitch?: any
-    auth0?: any
-    microsoft?: any;
-    discord?: any
-    battledotnet?: any
-    keycloak?: any
-    linkedin?: any
+    spotify?: string
+    github?: string
+    google?: string
+    twitch?: string
+    auth0?: string
+    microsoft?: string
+    discord?: string
+    battledotnet?: string
+    keycloak?: string
+    linkedin?: string
+    cognito?: string
   }
 
   interface UserSession {

playground/server/routes/auth/auth0.get.ts

@@ -5,7 +5,7 @@ export default oauth.auth0EventHandler({
   async onSuccess(event, { user }) {
     await setUserSession(event, {
       user: {
-        auth0: user,
+        auth0: user.email
       },
       loggedInAt: Date.now()
     })

playground/server/routes/auth/battledotnet.get.ts

@@ -2,7 +2,7 @@ export default oauth.battledotnetEventHandler({
   async onSuccess(event, { user }) {
     await setUserSession(event, {
       user: {
-        battledotnet: user,
+        battledotnet: user.battletag
       },
       loggedInAt: Date.now()
     })

playground/server/routes/auth/cognito.get.ts

@@ -2,7 +2,7 @@ export default oauth.cognitoEventHandler({
   async onSuccess(event, { user }) {
     await setUserSession(event, {
       user: {
-        cognito: user,
+        cognito: user.email
       },
       loggedInAt: Date.now()
     })

playground/server/routes/auth/discord.get.ts

@@ -2,7 +2,7 @@ export default oauth.discordEventHandler({
   async onSuccess(event, { user }) {
     await setUserSession(event, {
       user: {
-        discord: user,
+        discord: user.username
       },
       loggedInAt: Date.now()
     })

playground/server/routes/auth/github.get.ts

@@ -2,7 +2,7 @@ export default oauth.githubEventHandler({
   async onSuccess(event, { user }) {
     await setUserSession(event, {
       user: {
-        github: user,
+        github: user.login
       },
       loggedInAt: Date.now()
     })

playground/server/routes/auth/google.get.ts

@@ -1,8 +1,13 @@
 export default oauth.googleEventHandler({
+  config: {
+    authorizationParams: {
+      access_type: 'offline'
+    }
+  },
   async onSuccess(event, { user }) {
     await setUserSession(event, {
       user: {
-        google: user,
+        google: user.email
       },
       loggedInAt: Date.now()
     })

playground/server/routes/auth/keycloak.get.ts

@@ -2,7 +2,7 @@ export default oauth.keycloakEventHandler({
   async onSuccess(event, { user }) {
     await setUserSession(event, {
       user: {
-        keycloak: user,
+        keycloak: user.preferred_username
       },
       loggedInAt: Date.now(),
     })

playground/server/routes/auth/linkedin.get.ts

@@ -5,7 +5,7 @@ export default oauth.linkedinEventHandler({
   async onSuccess(event, { user }) {
     await setUserSession(event, {
       user: {
-        linkedin: user,
+        linkedin: user.email
       },
       loggedInAt: Date.now()
     })

playground/server/routes/auth/microsoft.get.ts

@@ -2,12 +2,11 @@ export default oauth.microsoftEventHandler({
     async onSuccess(event, { user }) {
       await setUserSession(event, {
         user: {
-          microsoft: user,
+          microsoft: user.email
         },
         loggedInAt: Date.now()
       })
-  
+
       return sendRedirect(event, '/')
     }
   })
-

playground/server/routes/auth/spotify.get.ts

@@ -2,7 +2,7 @@ export default oauth.spotifyEventHandler({
   async onSuccess(event, { user }) {
     await setUserSession(event, {
       user: {
-        spotify: user,
+        spotify: user.id
       },
       loggedInAt: Date.now()
     })

playground/server/routes/auth/twitch.get.ts

@@ -5,7 +5,7 @@ export default oauth.twitchEventHandler({
   async onSuccess(event, { user }) {
     await setUserSession(event, {
       user: {
-        twitch: user,
+        twitch: user.login
       },
       loggedInAt: Date.now()
     })

src/runtime/server/lib/oauth/auth0.ts

@@ -52,12 +52,20 @@ export interface OAuthAuth0Config {
    * @example 'github'
    */
   connection?: string
+  /**
+   * Extra authorization parameters to provide to the authorization URL
+   * @see https://auth0.com/docs/api/authentication#social
+   * @example { display: 'popup' }
+   */
+  authorizationParams?: Record<string, string>
 }
 
 export function auth0EventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthAuth0Config>) {
   return eventHandler(async (event: H3Event) => {
     // @ts-ignore
-    config = defu(config, useRuntimeConfig(event).oauth?.auth0) as OAuthAuth0Config
+    config = defu(config, useRuntimeConfig(event).oauth?.auth0, {
+      authorizationParams: {}
+    }) as OAuthAuth0Config
     const { code } = getQuery(event)
 
     if (!config.clientId || !config.clientSecret || !config.domain) {
@@ -87,7 +95,8 @@ export function auth0EventHandler({ config, onSuccess, onError }: OAuthConfig<OA
           scope: config.scope.join(' '),
           audience: config.audience || '',
           max_age: config.maxAge || 0,
-          connection: config.connection || ''
+          connection: config.connection || '',
+          ...config.authorizationParams
         })
       )
     }

src/runtime/server/lib/oauth/battledotnet.ts

@@ -42,6 +42,11 @@ export interface OAuthBattledotnetConfig {
    * @default 'https://oauth.battle.net/token'
    */
   tokenURL?: string
+  /**
+   * Extra authorization parameters to provide to the authorization URL
+   * @see https://develop.battle.net/documentation/guides/using-oauth/authorization-code-flow
+   */
+  authorizationParams?: Record<string, string>
 }
 
 export function battledotnetEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthBattledotnetConfig>) {
@@ -50,7 +55,8 @@ export function battledotnetEventHandler({ config, onSuccess, onError }: OAuthCo
     // @ts-ignore
     config = defu(config, useRuntimeConfig(event).oauth?.battledotnet, {
       authorizationURL: 'https://oauth.battle.net/authorize',
-      tokenURL: 'https://oauth.battle.net/token'
+      tokenURL: 'https://oauth.battle.net/token',
+      authorizationParams: {}
     }) as OAuthBattledotnetConfig
 
     const query = getQuery(event)
@@ -94,6 +100,7 @@ export function battledotnetEventHandler({ config, onSuccess, onError }: OAuthCo
           scope: config.scope.join(' '),
           state: randomUUID(), // Todo: handle PKCE flow
           response_type: 'code',
+          ...config.authorizationParams
         })
       )
     }

src/runtime/server/lib/oauth/cognito.ts

@@ -32,12 +32,19 @@ export interface OAuthCognitoConfig {
    * @default []
    */
   scope?: string[]
+  /**
+   * Extra authorization parameters to provide to the authorization URL
+   * @see https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
+   */
+  authorizationParams?: Record<string, string>
 }
 
 export function cognitoEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthCognitoConfig>) {
   return eventHandler(async (event: H3Event) => {
     // @ts-ignore
-    config = defu(config, useRuntimeConfig(event).oauth?.cognito) as OAuthCognitoConfig
+    config = defu(config, useRuntimeConfig(event).oauth?.cognito, {
+      authorizationParams: {}
+    }) as OAuthCognitoConfig
     const { code } = getQuery(event)
 
     if (!config.clientId || !config.clientSecret || !config.userPoolId || !config.region) {
@@ -63,6 +70,7 @@ export function cognitoEventHandler({ config, onSuccess, onError }: OAuthConfig<
           redirect_uri: redirectUrl,
           response_type: 'code',
           scope: config.scope.join(' '),
+          ...config.authorizationParams
         })
       )
     }
@@ -103,4 +111,4 @@ export function cognitoEventHandler({ config, onSuccess, onError }: OAuthConfig<
       user
     })
   })
-}
+}

src/runtime/server/lib/oauth/discord.ts

@@ -45,6 +45,13 @@ export interface OAuthDiscordConfig {
    * @default 'https://discord.com/api/oauth2/token'
    */
   tokenURL?: string
+
+  /**
+   * Extra authorization parameters to provide to the authorization URL
+   * @see 'https://discord.com/developers/docs/topics/oauth2#authorization-code-grant'
+   * @example { allow_signup: 'true' }
+   */
+  authorizationParams?: Record<string, string>
 }
 
 export function discordEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthDiscordConfig>) {
@@ -53,7 +60,8 @@ export function discordEventHandler({ config, onSuccess, onError }: OAuthConfig<
     config = defu(config, useRuntimeConfig(event).oauth?.discord, {
       authorizationURL: 'https://discord.com/oauth2/authorize',
       tokenURL: 'https://discord.com/api/oauth2/token',
-      profileRequired: true
+      profileRequired: true,
+      authorizationParams: {}
     }) as OAuthDiscordConfig
     const { code } = getQuery(event)
 
@@ -83,7 +91,8 @@ export function discordEventHandler({ config, onSuccess, onError }: OAuthConfig<
           response_type: 'code',
           client_id: config.clientId,
           redirect_uri: redirectUrl,
-          scope: config.scope.join(' ')
+          scope: config.scope.join(' '),
+          ...config.authorizationParams
         })
       )
     }

src/runtime/server/lib/oauth/github.ts

@@ -41,14 +41,22 @@ export interface OAuthGitHubConfig {
    * @default 'https://github.com/login/oauth/access_token'
    */
   tokenURL?: string
+
+  /**
+   * Extra authorization parameters to provide to the authorization URL
+   * @see https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity
+   * @example { allow_signup: 'true' }
+   */
+  authorizationParams?: Record<string, string>
 }
 
 export function githubEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthGitHubConfig>) {
   return eventHandler(async (event: H3Event) => {
     // @ts-ignore
     config = defu(config, useRuntimeConfig(event).oauth?.github, {
       authorizationURL: 'https://github.com/login/oauth/authorize',
-      tokenURL: 'https://github.com/login/oauth/access_token'
+      tokenURL: 'https://github.com/login/oauth/access_token',
+      authorizationParams: {}
     }) as OAuthGitHubConfig
     const { code } = getQuery(event)
 
@@ -73,7 +81,8 @@ export function githubEventHandler({ config, onSuccess, onError }: OAuthConfig<O
         withQuery(config.authorizationURL as string, {
           client_id: config.clientId,
           redirect_uri: redirectUrl,
-          scope: config.scope.join(' ')
+          scope: config.scope.join(' '),
+          ...config.authorizationParams
         })
       )
     }