4 replies

Cross-site issue with oauth provider plugin

Plugins related

Astro

NuxtOAuth related

Hi everyone! Hope you'r all doing well. I'm trying to create my own oauth provider and i'm facing this issue in my test client

const tokenResponse = await fetch('https://democraft.fun/api/auth/oauth2/token', {
            method: 'POST',
            headers: {
              'Content-Type': 'application/x-www-form-urlencoded',
              'Origin': 'https://democraft.fun',
              'Referer': 'https://democraft.fun/',
            },
            body: tokenParams,
          });
// Logs
ℹ [auth:democraft] token:start { callbackUrl: 'http://localhost:3000/api/auth/callback/democraft' }
ℹ [auth:democraft] token:failed { status: 403, body: { rawBody: 'Cross-site POST form submissions are forbidden' } }

const tokenResponse = await fetch('https://democraft.fun/api/auth/oauth2/token', {
            method: 'POST',
            headers: {
              'Content-Type': 'application/x-www-form-urlencoded',
              'Origin': 'https://democraft.fun',
              'Referer': 'https://democraft.fun/',
            },
            body: tokenParams,
          });
// Logs
ℹ [auth:democraft] token:start { callbackUrl: 'http://localhost:3000/api/auth/callback/democraft' }
ℹ [auth:democraft] token:failed { status: 403, body: { rawBody: 'Cross-site POST form submissions are forbidden' } }

I tried to look up on the docs but wasn't able to find relevant informations. I'm using nuxt for my test client and have specified

checks: ['pkce', 'state']

checks: ['pkce', 'state']

accordint to what the plugin ensure as a security. Here is my backend auth.ts config file:

export const auth = betterAuth({
    appName: "DEMOCRAFT",
    emailAndPassword: {
        enabled: true,
    },
    database: prismaAdapter(prisma, {
        provider: 'postgresql',
    }),
    disabledPaths: [
        "/token",
    ],
    plugins: [
        jwt(),
        twoFactor(),
        oauthProvider({
            loginPage: "/auth/login",
            consentPage: "/auth/consent",
            scopes: ["openid", "profile", "email", "offline_access", "stats"],
        }),
        stripe({
            stripeClient,
            stripeWebhookSecret: secretWebhook,
            createCustomerOnSignUp: true,
        })
    ]
});

export const auth = betterAuth({
    appName: "DEMOCRAFT",
    emailAndPassword: {
        enabled: true,
    },
    database: prismaAdapter(prisma, {
        provider: 'postgresql',
    }),
    disabledPaths: [
        "/token",
    ],
    plugins: [
        jwt(),
        twoFactor(),
        oauthProvider({
            loginPage: "/auth/login",
            consentPage: "/auth/consent",
            scopes: ["openid", "profile", "email", "offline_access", "stats"],
        }),
        stripe({
            stripeClient,
            stripeWebhookSecret: secretWebhook,
            createCustomerOnSignUp: true,
        })
    ]
});

Thanks you for any help! If any more file is needed, just ping me and i'll send you asap

Better Auth•2w ago•

4 replies

Funasitien ⛅

Cross-site issue with oauth provider plugin

Plugins related

Astro

NuxtOAuth related

Hi everyone! Hope you'r all doing well. I'm trying to create my own oauth provider and i'm facing this issue in my test client

const tokenResponse = await fetch('https://democraft.fun/api/auth/oauth2/token', {
            method: 'POST',
            headers: {
              'Content-Type': 'application/x-www-form-urlencoded',
              'Origin': 'https://democraft.fun',
              'Referer': 'https://democraft.fun/',
            },
            body: tokenParams,
          });
// Logs
ℹ [auth:democraft] token:start { callbackUrl: 'http://localhost:3000/api/auth/callback/democraft' }
ℹ [auth:democraft] token:failed { status: 403, body: { rawBody: 'Cross-site POST form submissions are forbidden' } }

const tokenResponse = await fetch('https://democraft.fun/api/auth/oauth2/token', {
            method: 'POST',
            headers: {
              'Content-Type': 'application/x-www-form-urlencoded',
              'Origin': 'https://democraft.fun',
              'Referer': 'https://democraft.fun/',
            },
            body: tokenParams,
          });
// Logs
ℹ [auth:democraft] token:start { callbackUrl: 'http://localhost:3000/api/auth/callback/democraft' }
ℹ [auth:democraft] token:failed { status: 403, body: { rawBody: 'Cross-site POST form submissions are forbidden' } }

I tried to look up on the docs but wasn't able to find relevant informations. I'm using nuxt for my test client and have specified

checks: ['pkce', 'state']

checks: ['pkce', 'state']

accordint to what the plugin ensure as a security. Here is my backend auth.ts config file:

export const auth = betterAuth({
    appName: "DEMOCRAFT",
    emailAndPassword: {
        enabled: true,
    },
    database: prismaAdapter(prisma, {
        provider: 'postgresql',
    }),
    disabledPaths: [
        "/token",
    ],
    plugins: [
        jwt(),
        twoFactor(),
        oauthProvider({
            loginPage: "/auth/login",
            consentPage: "/auth/consent",
            scopes: ["openid", "profile", "email", "offline_access", "stats"],
        }),
        stripe({
            stripeClient,
            stripeWebhookSecret: secretWebhook,
            createCustomerOnSignUp: true,
        })
    ]
});

export const auth = betterAuth({
    appName: "DEMOCRAFT",
    emailAndPassword: {
        enabled: true,
    },
    database: prismaAdapter(prisma, {
        provider: 'postgresql',
    }),
    disabledPaths: [
        "/token",
    ],
    plugins: [
        jwt(),
        twoFactor(),
        oauthProvider({
            loginPage: "/auth/login",
            consentPage: "/auth/consent",
            scopes: ["openid", "profile", "email", "offline_access", "stats"],
        }),
        stripe({
            stripeClient,
            stripeWebhookSecret: secretWebhook,
            createCustomerOnSignUp: true,
        })
    ]
});

Thanks you for any help! If any more file is needed, just ping me and i'll send you asap

Cross-site issue with oauth provider plugin

Similar Threads

Cross-site issue with oauth provider plugin

Similar Threads

Similar Threads

Similar Threads