fix: Only first class supported idp providers should be present in the client config (#1683)

Amplifiyer · web-flow · commit 8968cf4325b6 · 2024-06-26T20:10:01.000+02:00
diff --git a/.changeset/healthy-monkeys-help.md b/.changeset/healthy-monkeys-help.md
@@ -0,0 +1,5 @@
+---
+'@aws-amplify/client-config': patch
+---
+
+fix: Only first class supported idp providers should be present in the client config
diff --git a/packages/client-config/src/client-config-contributor/client_config_contributor_v1.test.ts b/packages/client-config/src/client-config-contributor/client_config_contributor_v1.test.ts
@@ -129,7 +129,7 @@ void describe('auth client config contributor v1', () => {
             oauthRedirectSignIn: 'http://callback.com,http://callback2.com',
             oauthRedirectSignOut: 'http://logout.com,http://logout2.com',
             oauthResponseType: 'code',
-            socialProviders: `["GOOGLE","FACEBOOK"]`,
+            socialProviders: `["GOOGLE","FACEBOOK","SIGN_IN_WITH_APPLE","LOGIN_WITH_AMAZON","GITHUB","DISCORD"]`,
           },
         },
       }),
@@ -152,7 +152,12 @@ void describe('auth client config contributor v1', () => {
           username_attributes: ['email'],
           user_verification_types: ['email', 'phone_number'],
           oauth: {
-            identity_providers: ['GOOGLE', 'FACEBOOK'],
+            identity_providers: [
+              'GOOGLE',
+              'FACEBOOK',
+              'SIGN_IN_WITH_APPLE',
+              'LOGIN_WITH_AMAZON',
+            ], //Only first class supported idp providers
             domain: 'testDomain',
             scopes: ['email', 'profile'],
             redirect_sign_in_uri: [
diff --git a/packages/client-config/src/client-config-contributor/client_config_contributor_v1.ts b/packages/client-config/src/client-config-contributor/client_config_contributor_v1.ts
@@ -146,10 +146,14 @@ export class AuthClientConfigContributor implements ClientConfigContributor {
       authOutput.payload.oauthRedirectSignIn &&
       authOutput.payload.oauthRedirectSignOut
     ) {
+      let socialProviders = authOutput.payload.socialProviders
+        ? JSON.parse(authOutput.payload.socialProviders)
+        : [];
+      if (Array.isArray(socialProviders)) {
+        socialProviders = socialProviders.filter(this.isValidIdentityProvider);
+      }
       authClientConfig.auth.oauth = {
-        identity_providers: authOutput.payload.socialProviders
-          ? JSON.parse(authOutput.payload.socialProviders)
-          : [],
+        identity_providers: socialProviders,
         redirect_sign_in_uri: authOutput.payload.oauthRedirectSignIn.split(','),
         redirect_sign_out_uri:
           authOutput.payload.oauthRedirectSignOut.split(','),
@@ -168,6 +172,16 @@ export class AuthClientConfigContributor implements ClientConfigContributor {
 
     return authClientConfig;
   };
+
+  // Define a type guard function to check if a value is a valid IdentityProvider
+  isValidIdentityProvider = (identityProvider: string): boolean => {
+    return [
+      'GOOGLE',
+      'FACEBOOK',
+      'LOGIN_WITH_AMAZON',
+      'SIGN_IN_WITH_APPLE',
+    ].includes(identityProvider);
+  };
 }
 
 /**

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@aws-amplify/client-config': patch
 +---
++
 +fix: Only first class supported idp providers should be present in the client config