Forward the login_hint upstream.

2026-03-29 08:50:10 +00:00 · 2025-05-06 15:18:11 +01:00
parent f527c17545
commit b58344faf1
2 changed files with 18 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,9 @@
+# Rust
 target/
+
+# Editors
+.idea
+.nova
+
+# OS garbage
+.DS_Store
--- a/crates/handlers/src/upstream_oauth2/authorize.rs
+++ b/crates/handlers/src/upstream_oauth2/authorize.rs
@@ -12,7 +12,7 @@ use hyper::StatusCode;
 use mas_axum_utils::{cookies::CookieJar, record_error};
 use mas_data_model::UpstreamOAuthProvider;
 use mas_oidc_client::requests::authorization_code::AuthorizationRequestData;
-use mas_router::UrlBuilder;
+use mas_router::{PostAuthAction, UrlBuilder};
 use mas_storage::{
    BoxClock, BoxRepository, BoxRng,
    upstream_oauth2::{UpstreamOAuthProviderRepository, UpstreamOAuthSessionRepository},
@@ -92,6 +92,15 @@ pub(crate) async fn get(
        data = data.with_response_mode(response_mode.into());
    }

+    // Forward the raw login hint upstream for the provider to handle however it sees fit
+    if let Some(post_auth_action) = &query.post_auth_action {
+        if let PostAuthAction::ContinueAuthorizationGrant { id } = post_auth_action {
+            if let Some(grant) = repo.oauth2_authorization_grant().lookup(*id).await? {
+                data.login_hint = grant.login_hint;
+            }
+        }
+    }
+
    let data = if let Some(methods) = lazy_metadata.pkce_methods().await? {
        data.with_code_challenge_methods_supported(methods)
    } else {