@@ -307,8 +307,11 @@ export default class GoTrueClient {
307307 */
308308 private async _initialize ( ) : Promise < InitializeResult > {
309309 try {
310- if ( isBrowser ( ) && this . detectSessionInUrl ) {
311- const { data, error } = await this . _getSessionFromURL ( )
310+ const isPKCEFlow = isBrowser ( ) ? await this . _isPKCEFlow ( ) : false
311+ this . _debug ( '#_initialize()' , 'begin' , 'is PKCE flow' , isPKCEFlow )
312+
313+ if ( isPKCEFlow || ( this . detectSessionInUrl && this . _isImplicitGrantFlow ( ) ) ) {
314+ const { data, error } = await this . _getSessionFromURL ( isPKCEFlow )
312315 if ( error ) {
313316 this . _debug ( '#_initialize()' , 'error detecting session from URL' , error )
314317
@@ -1411,7 +1414,7 @@ export default class GoTrueClient {
14111414 /**
14121415 * Gets the session data from a URL string
14131416 */
1414- private async _getSessionFromURL ( ) : Promise <
1417+ private async _getSessionFromURL ( isPKCEFlow : boolean ) : Promise <
14151418 | {
14161419 data : { session : Session ; redirectType : string | null }
14171420 error : null
@@ -1420,39 +1423,15 @@ export default class GoTrueClient {
14201423 > {
14211424 try {
14221425 if ( ! isBrowser ( ) ) throw new AuthImplicitGrantRedirectError ( 'No browser detected.' )
1423-
1424- const params = parseParametersFromURL ( window . location . href )
1425-
1426- // If there's an error in the URL, it doesn't matter what flow it is, we just return the error.
1427- if ( params . error || params . error_description || params . error_code ) {
1428- // The error class returned implies that the redirect is from an implicit grant flow
1429- // but it could also be from a redirect error from a PKCE flow.
1430- throw new AuthImplicitGrantRedirectError (
1431- params . error_description || 'Error in URL with unspecified error_description' ,
1432- {
1433- error : params . error || 'unspecified_error' ,
1434- code : params . error_code || 'unspecified_code' ,
1435- }
1436- )
1426+ if ( this . flowType === 'implicit' && ! this . _isImplicitGrantFlow ( ) ) {
1427+ throw new AuthImplicitGrantRedirectError ( 'Not a valid implicit grant flow url.' )
1428+ } else if ( this . flowType == 'pkce' && ! isPKCEFlow ) {
1429+ throw new AuthPKCEGrantCodeExchangeError ( 'Not a valid PKCE flow url.' )
14371430 }
14381431
1439- const isRedirectFromImplicitGrantFlow = this . _isImplicitGrantFlow ( params )
1440- const isRedirectFromPKCEFlow = await this . _isPKCEFlow ( params )
1441-
1442- // Checks for mismatches between the flowType initialised in the client and the URL parameters
1443- if ( ! isRedirectFromImplicitGrantFlow && ! isRedirectFromPKCEFlow ) {
1444- if ( this . flowType === 'implicit' ) {
1445- throw new AuthImplicitGrantRedirectError ( 'Not a valid implicit grant flow url.' )
1446- } else if ( this . flowType === 'pkce' ) {
1447- throw new AuthPKCEGrantCodeExchangeError ( 'Not a valid PKCE flow url.' )
1448- } else {
1449- throw new AuthError ( 'Invalid flow type.' )
1450- }
1451- }
1432+ const params = parseParametersFromURL ( window . location . href )
14521433
1453- // Since this is a redirect for PKCE, we attempt to retrieve the code from the URL for the code exchange
1454- if ( isRedirectFromPKCEFlow ) {
1455- this . _debug ( '#_initialize()' , 'begin' , 'is PKCE flow' , isRedirectFromPKCEFlow )
1434+ if ( isPKCEFlow ) {
14561435 if ( ! params . code ) throw new AuthPKCEGrantCodeExchangeError ( 'No code detected.' )
14571436 const { data, error } = await this . _exchangeCodeForSession ( params . code )
14581437 if ( error ) throw error
@@ -1465,6 +1444,16 @@ export default class GoTrueClient {
14651444 return { data : { session : data . session , redirectType : null } , error : null }
14661445 }
14671446
1447+ if ( params . error || params . error_description || params . error_code ) {
1448+ throw new AuthImplicitGrantRedirectError (
1449+ params . error_description || 'Error in URL with unspecified error_description' ,
1450+ {
1451+ error : params . error || 'unspecified_error' ,
1452+ code : params . error_code || 'unspecified_code' ,
1453+ }
1454+ )
1455+ }
1456+
14681457 const {
14691458 provider_token,
14701459 provider_refresh_token,
@@ -1542,20 +1531,24 @@ export default class GoTrueClient {
15421531 /**
15431532 * Checks if the current URL contains parameters given by an implicit oauth grant flow (https://www.rfc-editor.org/rfc/rfc6749.html#section-4.2)
15441533 */
1545- private _isImplicitGrantFlow ( params : { [ parameter : string ] : string } ) : boolean {
1546- return ! ! ( ( params . access_token || params . error_description ) && this . flowType === 'implicit' )
1534+ private _isImplicitGrantFlow ( ) : boolean {
1535+ const params = parseParametersFromURL ( window . location . href )
1536+
1537+ return ! ! ( isBrowser ( ) && ( params . access_token || params . error_description ) )
15471538 }
15481539
15491540 /**
15501541 * Checks if the current URL and backing storage contain parameters given by a PKCE flow
15511542 */
1552- private async _isPKCEFlow ( params : { [ parameter : string ] : string } ) : Promise < boolean > {
1543+ private async _isPKCEFlow ( ) : Promise < boolean > {
1544+ const params = parseParametersFromURL ( window . location . href )
1545+
15531546 const currentStorageContent = await getItemAsync (
15541547 this . storage ,
15551548 `${ this . storageKey }
15561549 )
15571550
1558- return ! ! ( params . code && currentStorageContent && this . flowType === 'pkce' )
1551+ return ! ! ( params . code && currentStorageContent )
15591552 }
15601553
15611554 /**
0 commit comments