Merge pull request #456 from supertokens/fix/signin_up-invalid-redirect-uri-server-err

fix: server error when `redirect_uri_info` is not passed in the sign_in_up API

Author: rishabhpoddar

CHANGELOG.md

@@ -8,6 +8,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.16.6] - 2023-10-24
+
+- Fixed server error in `sign_in_up` API
+    - There was a bug in case where the API was called with just oAuth tokens without passing the `redirect_uri_info`.
+
 ## [0.16.5] - 2023-10-23
 
 - Relaxed constraint on `pyJWT` dependency.

setup.py

@@ -70,7 +70,7 @@
 
 setup(
     name="supertokens_python",
-    version="0.16.5",
+    version="0.16.6",
     author="SuperTokens",
     license="Apache 2.0",
     author_email="[email protected]",

supertokens_python/constants.py

@@ -14,7 +14,7 @@
 from __future__ import annotations
 
 SUPPORTED_CDI_VERSIONS = ["3.0"]
-VERSION = "0.16.5"
+VERSION = "0.16.6"
 TELEMETRY = "/telemetry"
 USER_COUNT = "/users/count"
 USER_DELETE = "/user/remove"

supertokens_python/recipe/thirdparty/api/signinup.py

@@ -42,16 +42,16 @@ async def handle_sign_in_up_api(
     if third_party_id is None or not isinstance(third_party_id, str):
         raise_bad_input_exception("Please provide the thirdPartyId in request body")
 
-    redirect_uri_info = body.get("redirectURIInfo")
-    oauth_tokens = body.get("oAuthTokens")
-
-    if redirect_uri_info is not None:
-        if redirect_uri_info.get("redirectURIOnProviderDashboard") is None:
+    oauth_tokens = None
+    redirect_uri_info = None
+    if body.get("redirectURIInfo") is not None:
+        if body.get("redirectURIInfo").get("redirectURIOnProviderDashboard") is None:
             raise_bad_input_exception(
                 "Please provide the redirectURIOnProviderDashboard in request body"
             )
-    elif oauth_tokens is not None:
-        pass  # Nothing to do here
+        redirect_uri_info = body.get("redirectURIInfo")
+    elif body.get("oAuthTokens") is not None:
+        oauth_tokens = body.get("oAuthTokens")
     else:
         raise_bad_input_exception(
             "Please provide one of redirectURIInfo or oAuthTokens in the request body"
@@ -71,15 +71,18 @@ async def handle_sign_in_up_api(
 
     provider = provider_response
 
-    result = await api_implementation.sign_in_up_post(
-        provider=provider,
-        redirect_uri_info=RedirectUriInfo(
+    if redirect_uri_info is not None:
+        redirect_uri_info = RedirectUriInfo(
             redirect_uri_on_provider_dashboard=redirect_uri_info.get(
                 "redirectURIOnProviderDashboard"
             ),
             redirect_uri_query_params=redirect_uri_info.get("redirectURIQueryParams"),
             pkce_code_verifier=redirect_uri_info.get("pkceCodeVerifier"),
-        ),
+        )
+
+    result = await api_implementation.sign_in_up_post(
+        provider=provider,
+        redirect_uri_info=redirect_uri_info,
         oauth_tokens=oauth_tokens,
         tenant_id=tenant_id,
         api_options=api_options,

tests/thirdparty/test_thirdparty.py

@@ -268,3 +268,63 @@ async def test_signinup_works_when_validate_access_token_does_not_throw(
     assert res.status_code == 200
     assert access_token_validated is True
     assert res.json()["status"] == "OK"
+
+
+async def test_signinup_android_without_redirect_uri(
+    fastapi_client: TestClient, mocker: MockerFixture
+):
+    time = str(datetime.datetime.now())
+    mocker.patch(
+        "supertokens_python.recipe.thirdparty.providers.custom.get_supertokens_user_info_result_from_raw_user_info",
+        return_value=UserInfo(
+            "" + time,
+            UserInfoEmail(f"johndoeprovidertest+{time}@supertokens.com", True),
+            RawUserInfoFromProvider({}, {}),
+        ),
+    )
+    st_init_args = {
+        **st_init_common_args,
+        "recipe_list": [
+            session.init(),
+            thirdpartyemailpassword.init(
+                providers=[
+                    ProviderInput(
+                        config=ProviderConfig(
+                            third_party_id="custom",
+                            clients=[
+                                ProviderClientConfig(
+                                    client_id="test",
+                                    client_secret="test-secret",
+                                    scope=["profile", "email"],
+                                    client_type="android",
+                                ),
+                            ],
+                            authorization_endpoint="https://example.com/oauth/authorize",
+                            authorization_endpoint_query_params={
+                                "response_type": "token",  # Changing an existing parameter
+                                "response_mode": "form",  # Adding a new parameter
+                                "scope": None,  # Removing a parameter
+                            },
+                            token_endpoint="https://example.com/oauth/token",
+                        ),
+                    )
+                ]
+            ),
+        ],
+    }
+    init(**st_init_args)  # type: ignore
+    start_st()
+
+    res = fastapi_client.post(
+        "/auth/signinup",
+        json={
+            "thirdPartyId": "custom",
+            "clientType": "android",
+            "oAuthTokens": {
+                "access_token": "accesstoken",
+                "id_token": "idtoken",
+            },
+        },
+    )
+    assert res.status_code == 200
+    assert res.json()["status"] == "OK"