File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -85,13 +85,21 @@ export default defineEventHandler(async event => {
8585 try {
8686 const params = new URLSearchParams ( query as Record < string , string > )
8787 const result = await atclient . callback ( params )
88+ try {
89+ const state = decodeOAuthState ( event , result . state )
90+ const profile = await getMiniProfile ( result . session )
8891
89- await session . update ( {
90- public : await getMiniProfile ( result . session ) ,
91- } )
92-
93- const state = decodeOAuthState ( event , result . state )
94- return sendRedirect ( event , state . redirectPath )
92+ await session . update ( { public : profile } )
93+ return sendRedirect ( event , state . redirectPath )
94+ } catch ( error ) {
95+ // If we are unable to cleanly handle the callback, meaning that the
96+ // user won't be able to use the session, we sign them out of the
97+ // session to prevent dangling sessions. This can happen if the state is
98+ // invalid (e.g. user has cookies disabled, or the state expired) or if
99+ // there is an issue fetching the user's profile after authentication.
100+ await result . session . signOut ( )
101+ throw error
102+ }
95103 } catch ( error ) {
96104 // user cancelled explicitly
97105 if ( query . error === 'access_denied' && error instanceof OAuthCallbackError && error . state ) {
You can’t perform that action at this time.
0 commit comments