diff --git a/apps/backend/src/app/api/v1/integrations/neon/oauth/idp/[[...route]]/idp.ts b/apps/backend/src/app/api/v1/integrations/neon/oauth/idp/[[...route]]/idp.ts index 67f317df4..0bae03f74 100644 --- a/apps/backend/src/app/api/v1/integrations/neon/oauth/idp/[[...route]]/idp.ts +++ b/apps/backend/src/app/api/v1/integrations/neon/oauth/idp/[[...route]]/idp.ts @@ -168,9 +168,6 @@ function createPrismaAdapter(idpId: string) { }); } -// TODO: add stateful session management - - export async function createOidcProvider(options: { id: string, baseUrl: string }) { const privateJwk = await getPrivateJwk(getPerAudienceSecret({ audience: `https://idp-jwk-audience.stack-auth.com/${encodeURIComponent(options.id)}`, @@ -186,9 +183,7 @@ export async function createOidcProvider(options: { id: string, baseUrl: string const oidc = new Provider(options.baseUrl, { adapter: createPrismaAdapter(options.id), clients: JSON.parse(getEnvVariable("STACK_NEON_INTEGRATION_CLIENTS_CONFIG", "[]")), - ttl: { - Session: 60, // we always want to ask for login again, though the session needs to survive for a bit during the token exchange - }, + ttl: {}, cookies: { keys: [ await sha512(`oidc-idp-cookie-encryption-key:${getEnvVariable("STACK_SERVER_SECRET")}`), @@ -272,6 +267,22 @@ export async function createOidcProvider(options: { id: string, baseUrl: string ctx.type = 'text/html'; ctx.body = ` + + Redirecting... — Stack Auth + +
If you are not redirected, please press the button below.
@@ -281,6 +292,7 @@ export async function createOidcProvider(options: { id: string, baseUrl: string document.getElementById('continue-form').style.visibility = 'hidden'; document.getElementById('continue-form').submit(); setTimeout(() => { + document.getElementById('gradient-style').remove(); document.getElementById('continue-form').style.visibility = 'visible'; }, 3000); diff --git a/apps/backend/src/app/api/v1/integrations/neon/oauth/idp/[[...route]]/route.tsx b/apps/backend/src/app/api/v1/integrations/neon/oauth/idp/[[...route]]/route.tsx index 2ea3a7792..c7fc50594 100644 --- a/apps/backend/src/app/api/v1/integrations/neon/oauth/idp/[[...route]]/route.tsx +++ b/apps/backend/src/app/api/v1/integrations/neon/oauth/idp/[[...route]]/route.tsx @@ -45,8 +45,22 @@ const handler = handleApiRequest(async (req: NextRequest) => { const body = new Uint8Array(serverResponse.bodyChunks.flatMap(chunk => [...chunk])); + let headers: [string, string][] = []; + for (const [k, v] of Object.entries(serverResponse.getHeaders())) { + if (Array.isArray(v)) { + for (const vv of v) { + headers.push([k, vv]); + } + } else { + headers.push([k, `${v}`]); + } + } + + // filter out session cookies; we don't want to keep sessions open, every OAuth flow should start a new session + headers = headers.filter(([k, v]) => k !== "set-cookie" || !v.toString().match(/^_session\.?/)); + return new NextResponse(body, { - headers: Object.entries(serverResponse.getHeaders()).filter(([k, v]) => v) as any, + headers: headers, status: { // our API never returns 301 or 302 by convention, so transform them to 307 or 308 301: 308, diff --git a/apps/dashboard/src/app/(main)/integrations/neon/confirm/neon-confirm-card.tsx b/apps/dashboard/src/app/(main)/integrations/neon/confirm/neon-confirm-card.tsx index 81be42c0a..4133dc8b1 100644 --- a/apps/dashboard/src/app/(main)/integrations/neon/confirm/neon-confirm-card.tsx +++ b/apps/dashboard/src/app/(main)/integrations/neon/confirm/neon-confirm-card.tsx @@ -106,7 +106,7 @@ export default function NeonConfirmCard(props: { onContinue: (options: { project
-