LukeParke/better-auth
1
0
Fork 0
mirror of https://github.com/LukeHagar/better-auth.git synced 2025-12-10 04:19:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(oidc-provider): allow passing oauth consent code via query params (#3845)

Browse Source 
* feat: pass oauth consent code via query params

* address cubic comments

* fix tests

* address comments
This commit is contained in:
Grant G
2025-08-07 00:03:05 -07:00
committed by Bereket Engida
parent dabc51a62a
commit 18f72643ef
5 changed files with 94 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/content/docs/plugins/oidc-provider.mdx
View File

@@ -264,17 +264,40 @@ export const auth = betterAuth({
})
```
The plugin will redirect the user to the specified path with a `client_id` and `scope` query parameter. You can use this information to display a custom consent screen. Once the user consents, you can call `oauth2.consent` to complete the authorization.
The plugin will redirect the user to the specified path with `consent_code`, `client_id` and `scope` query parameters. You can use this information to display a custom consent screen. Once the user consents, you can call `oauth2.consent` to complete the authorization.
<Endpoint path="/oauth2/consent" method="POST" />
```ts title="server.ts"
The consent endpoint supports two methods for passing the consent code:
**Method 1: URL Parameter**
```ts title="consent-page.ts"
// Get the consent code from the URL
const params = new URLSearchParams(window.location.search);
// Submit consent with the code in the request body
const consentCode = params.get('consent_code');
if (!consentCode) {
throw new Error('Consent code not found in URL parameters');
}
const res = await client.oauth2.consent({
accept: true, // or false to deny
consent_code: consentCode,
});
```
The `client_id` and other necessary information are stored in the browser cookie, so you don't need to pass them in the request. If they don't exist in the cookie, the consent method will return an error.
**Method 2: Cookie-Based**
```ts title="consent-page.ts"
// The consent code is automatically stored in a signed cookie
// Just submit the consent decision
const res = await client.oauth2.consent({
accept: true, // or false to deny
// consent_code not needed when using cookie-based flow
});
```
Both methods are fully supported. The URL parameter method works well with mobile apps and third-party contexts, while the cookie-based method provides a simpler implementation for web applications.
### Handling Login