302 redirects not followed

[jonjrodriguez]

Describe the bug

302 redirects are not followed for the profileUrl when authenticating with OAuth 2. The root cause is due to the underlying library used for authentication, oauth. However, this library is unmaintained and has had an open issue for it for 6+ years: ciaranj/node-oauth#201.

This issue causes profileData to be an empty string. Then in getProfile, an error is raised due to JSON.parse.

Steps to reproduce

I'm creating a custom provider where the profileUrl returns a redirect to the actual url. In this instance, /api/users/current redirects to /api/users/{current_user_id}.

Expected behavior

The Location header is followed for 302 redirects. Alternatively, the library includes a way for developers to follow the redirects themselves.

Additional context

If help is needed, I can open a PR for this. I think the callback to _request here can take in the response and issue another request if it's a response with a Location header and 3xx status code.

Feedback
Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.

• Found the documentation helpful
• Found documentation but was incomplete
• Could not find relevant documentation
• Found the example project helpful
• Did not find the example project helpful

[balazsorban44]

Hi there, would #1846 help here if you got full control on how to fetch the user's profile?

[jonjrodriguez]

@balazsorban44 yeah that looks like it would solve my issue.

[ThangHuuVu]

See #2276 (comment)
Closing because we're no longer using oauth as underlying package for @auth/core.