Add code comment and update sample project

spoonjoy · Sep 17, 2024 · 43f1383 · 43f1383
1 parent fc66221
commit 43f1383
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 10 deletions.
diff --git a/sample-oauth-project/api/src/functions/auth.ts b/sample-oauth-project/api/src/functions/auth.ts
@@ -156,14 +156,21 @@ export const handler = async (
     // Specifies attributes on the cookie that dbAuth sets in order to remember
     // who is logged in. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies
     cookie: {
-      HttpOnly: true,
-      Path: '/',
-      SameSite: 'Strict',
-      Secure: process.env.NODE_ENV !== 'development',
-
-      // If you need to allow other domains (besides the api side) access to
-      // the dbAuth session cookie:
-      // Domain: 'example.com',
+      attributes: {
+        Path: '/',
+        HttpOnly: true,
+        // WHen using sameSite: 'None', you must also set Secure: true
+        Secure: true,
+        // Secure: process.env.NODE_ENV !== 'development',
+        // When using Apple auth, because the redirect is via form_post, if the cookie is not set to SameSite: 'None',
+        // when attempting to, for example, link an Apple account, the cookie won't come along for the ride,
+        // and the server won't know that the user is logged in.
+        SameSite: 'None',
+
+        // If you need to allow other domains (besides the api side) access to
+        // the dbAuth session cookie:
+        // Domain: 'example.com',
+      }
     },
 
     forgotPassword: forgotPasswordOptions,
@@ -189,8 +196,7 @@ export const handler = async (
     case '/auth':
       return await authHandler.invoke()
     case '/auth/oauth':
-      const oAuthHandlerRes = await oAuthHandler.invoke()
-      return oAuthHandlerRes
+      return await oAuthHandler.invoke()
     default:
       throw new Error('Unknown auth path')
   }

diff --git a/web/src/oauth.ts b/web/src/oauth.ts
@@ -189,6 +189,7 @@ export default class OAuthClient {
     switch (provider) {
       case 'apple':
         clientSpecificOptions = {
+          // See: https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms/#3332113
           response_mode: 'form_post',
         }
         break