| 481 | } |
| 482 | |
| 483 | func (a *API) prepErrorRedirectURL(err *HTTPError, r *http.Request, rurl string, flowType models.FlowType) (string, error) { |
| 484 | u, perr := url.Parse(rurl) |
| 485 | if perr != nil { |
| 486 | return "", err |
| 487 | } |
| 488 | q := u.Query() |
| 489 | |
| 490 | // Maintain separate query params for hash and query |
| 491 | hq := url.Values{} |
| 492 | log := observability.GetLogEntry(r).Entry |
| 493 | errorID := utilities.GetRequestID(r.Context()) |
| 494 | err.ErrorID = errorID |
| 495 | log.WithError(err.Cause()).Info(err.Error()) |
| 496 | if str, ok := oauthErrorMap[err.HTTPStatus]; ok { |
| 497 | hq.Set("error", str) |
| 498 | q.Set("error", str) |
| 499 | } |
| 500 | hq.Set("error_code", err.ErrorCode) |
| 501 | hq.Set("error_description", err.Message) |
| 502 | |
| 503 | q.Set("error_code", err.ErrorCode) |
| 504 | q.Set("error_description", err.Message) |
| 505 | if flowType == models.PKCEFlow { |
| 506 | // Additionally, may override existing error query param if set to PKCE. |
| 507 | u.RawQuery = q.Encode() |
| 508 | } |
| 509 | // Left as hash fragment to comply with spec. |
| 510 | // Add Supabase Auth identifier to help clients distinguish Supabase Auth redirects |
| 511 | hq.Set("sb", "") |
| 512 | u.Fragment = hq.Encode() |
| 513 | return u.String(), nil |
| 514 | } |
| 515 | |
| 516 | func (a *API) prepRedirectURL(message string, rurl string, flowType models.FlowType) (string, error) { |
| 517 | u, perr := url.Parse(rurl) |