Add support for OAuth 2.0 State

Author: dominik-kropp

package.json

@@ -8,7 +8,7 @@
     "clean": "rm -rf dist",
     "build": "tsc",
     "fix": "npx prettier src --write",
-    "prepare": "yarn fix && yarn clean && yarn build",
+    "prepare": "npm run fix && npm run clean && npm run build",
     "test": "vitest"
   },
   "exports": {

src/index.ts

@@ -132,6 +132,19 @@ function oAuthPluginServer(
   const sub = options.subField?.name || 'sub'
   const oAuthStrategyCount = (incoming.custom?.oAuthStrategyCount || 0) + 1
   const strategyName = `oauth2-${oAuthStrategyCount}`
+  const sessionMiddleware = session(
+    options.sessionOptions ?? {
+      resave: false,
+      saveUninitialized: false,
+      secret:
+        process.env.PAYLOAD_SECRET ||
+        log('Missing process.env.PAYLOAD_SECRET') ||
+        'unsafe',
+      store: options.databaseUri
+        ? MongoStore.create({ mongoUrl: options.databaseUri })
+        : undefined,
+    }
+  )
 
   if (options.clientID) {
     // Validate paths, they must be unique
@@ -252,6 +265,12 @@ function oAuthPluginServer(
       },
     },
     endpoints: (incoming.endpoints || []).concat([
+      {
+        path: authorizePath,
+        method: 'get',
+        root: true,
+        handler: sessionMiddleware,
+      },
       {
         path: authorizePath,
         method: 'get',
@@ -262,19 +281,7 @@ function oAuthPluginServer(
         path: callbackPath,
         method: 'get',
         root: true,
-        handler: session(
-          options.sessionOptions ?? {
-            resave: false,
-            saveUninitialized: false,
-            secret:
-              process.env.PAYLOAD_SECRET ||
-              log('Missing process.env.PAYLOAD_SECRET') ||
-              'unsafe',
-            store: options.databaseUri
-              ? MongoStore.create({ mongoUrl: options.databaseUri })
-              : undefined,
-          }
-        ),
+        handler: sessionMiddleware,
       },
       {
         path: callbackPath,