diff --git a/pages/api/consent.ts b/pages/api/consent.ts index 7a43e60..925afb5 100644 --- a/pages/api/consent.ts +++ b/pages/api/consent.ts @@ -1,15 +1,7 @@ -import { Configuration, OAuth2Api } from "@ory/client" import { NextApiRequest, NextApiResponse } from "next" +import axios from "axios" // Using axios for HTTP requests -const hydra = new OAuth2Api( - new Configuration({ - basePath: process.env.HYDRA_ADMIN_URL, - baseOptions: { - "X-Forwarded-Proto": "https", - withCredentials: true, - }, - }), -) +const baseURL = process.env.HYDRA_ADMIN_URL // Helper function to extract session data const extractSession = (identity: any, grantScope: string[]) => { @@ -33,40 +25,49 @@ export default async (req: NextApiRequest, res: NextApiResponse) => { try { if (req.method === "GET") { const { consent_challenge } = req.query - const response = await hydra.getOAuth2ConsentRequest({ - consentChallenge: String(consent_challenge), - }) + const response = await axios.get( + `${baseURL}/oauth2/auth/requests/consent`, + { + params: { + consent_challenge: String(consent_challenge), + }, + }, + ) return res.status(200).json(response.data) } else { if (!consentChallenge || !consentAction) { return res.status(400).json({ error: "Missing required parameters" }) } if (consentAction === "accept") { - const { data: body } = await hydra.getOAuth2ConsentRequest({ - consentChallenge, - }) + const { data: body } = await axios.get( + `${baseURL}/oauth2/auth/requests/consent`, + { + params: { consent_challenge: consentChallenge }, + }, + ) + const session = extractSession(identity, grantScope) - const acceptResponse = await hydra.acceptOAuth2ConsentRequest({ - consentChallenge, - acceptOAuth2ConsentRequest: { + const acceptResponse = await axios.put( + `${baseURL}/oauth2/auth/requests/consent/accept?consent_challenge=${consentChallenge}`, + { grant_scope: session.access_token.scope, grant_access_token_audience: body.requested_access_token_audience, session, remember: Boolean(remember), remember_for: 3600, }, - }) + ) return res .status(200) .json({ redirect_to: acceptResponse.data.redirect_to }) } else { - const rejectResponse = await hydra.rejectOAuth2ConsentRequest({ - consentChallenge, - rejectOAuth2Request: { + const rejectResponse = await axios.put( + `${baseURL}/oauth2/auth/requests/consent/${consentChallenge}/reject`, + { error: "access_denied", error_description: "The resource owner denied the request", }, - }) + ) return res .status(200) diff --git a/pages/consent.tsx b/pages/consent.tsx index f13d225..f4d25d0 100644 --- a/pages/consent.tsx +++ b/pages/consent.tsx @@ -11,6 +11,8 @@ const Consent = () => { const [csrfToken, setCsrfToken] = useState("") const [isLoading, setIsLoading] = useState(false) + const basePath = process.env.BASE_PATH || "" + useEffect(() => { const { consent_challenge } = router.query @@ -27,7 +29,7 @@ const Consent = () => { } const consentResponse = await fetch( - `/api/consent?consent_challenge=${consent_challenge}`, + `${basePath}/api/consent?consent_challenge=${consent_challenge}`, ) const consentData = await consentResponse.json() @@ -40,7 +42,7 @@ const Consent = () => { // Automatically handle skipping consent if enabled if (consentData.client?.skip_consent) { console.log("Skipping consent, automatically submitting.") - const skipResponse = await fetch("/api/consent", { + const skipResponse = await fetch(`${basePath}/api/consent`, { method: "POST", headers: { "Content-Type": "application/json", @@ -58,7 +60,7 @@ const Consent = () => { if (skipData.error) { throw new Error(skipData.error) } - router.push(skipData.redirect_to) + window.location.href = skipData.redirect_to return } } catch (error) { @@ -90,7 +92,7 @@ const Consent = () => { } try { - const response = await fetch("/api/consent", { + const response = await fetch(`${basePath}/api/consent`, { method: "POST", headers: { "Content-Type": "application/json", @@ -109,8 +111,7 @@ const Consent = () => { console.error("Error submitting consent:", data.error) return } - - router.push(data.redirect_to) + window.location.href = data.redirect_to } catch (error) { console.error("Error during consent submission:", error) }