fix: cookies type in oauth2provider

CHANGELOG.md

@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [21.1.1] - 2024-12-27
+
+-   Fixes type of `cookies` to `string[]` instead of `string` in:
+    -   Return type of `authorization` in `RecipeInterface` in `oauth2provider` recipe
+    -   Return type of `authGET` in `APIInterface` in `oauth2provider` recipe
+    -   Return type of `loginGET` in `APIInterface` in `oauth2provider` recipe
+
 ## [21.1.0] - 2024-11-19
 
 -   Adds `getCookieNameForTokenType` config option to allow customizing the cookie name for a token type.

lib/build/recipe/oauth2provider/api/utils.d.ts

@@ -15,19 +15,19 @@ export declare function loginGET({
     loginChallenge: string;
     session?: SessionContainerInterface;
     shouldTryRefresh: boolean;
-    cookies?: string;
+    cookies?: string[];
     userContext: UserContext;
     isDirectCall: boolean;
 }): Promise<
     | ErrorOAuth2
     | {
           status: string;
           redirectTo: string;
-          cookies: string | undefined;
+          cookies: string[] | undefined;
       }
     | {
           redirectTo: string;
-          cookies: string | undefined;
+          cookies: string[] | undefined;
           status?: undefined;
       }
 >;
@@ -41,7 +41,7 @@ export declare function handleLoginInternalRedirects({
 }: {
     response: {
         redirectTo: string;
-        cookies?: string;
+        cookies?: string[];
     };
     recipeImplementation: RecipeInterface;
     session?: SessionContainerInterface;
@@ -51,7 +51,7 @@ export declare function handleLoginInternalRedirects({
 }): Promise<
     | {
           redirectTo: string;
-          cookies?: string;
+          cookies?: string[];
       }
     | ErrorOAuth2
 >;

lib/build/recipe/oauth2provider/api/utils.js

@@ -162,13 +162,17 @@ function getMergedCookies({ origCookies = "", newCookies }) {
         .join(";");
 }
 function mergeSetCookieHeaders(setCookie1, setCookie2) {
-    if (!setCookie1) {
-        return setCookie2 || "";
+    if (setCookie1 == undefined || setCookie1.length === 0) {
+        return setCookie2 === undefined ? [] : setCookie2;
     }
-    if (!setCookie2 || setCookie1 === setCookie2) {
+    if (
+        !setCookie2 ||
+        (new Set(setCookie1).size === new Set(setCookie2).size &&
+            new Set(setCookie1).size === new Set([...setCookie1, ...setCookie2]).size)
+    ) {
         return setCookie1;
     }
-    return `${setCookie1}, ${setCookie2}`;
+    return [...setCookie1, ...setCookie2];
 }
 function isLoginInternalRedirect(redirectTo) {
     const { apiDomain, apiBasePath } = supertokens_1.default.getInstanceOrThrowError().appInfo;

lib/build/recipe/oauth2provider/types.d.ts

@@ -104,7 +104,7 @@ export declare type RecipeInterface = {
     }): Promise<
         | {
               redirectTo: string;
-              cookies: string | undefined;
+              cookies: string[] | undefined;
           }
         | ErrorOAuth2
     >;
@@ -379,7 +379,7 @@ export declare type APIInterface = {
           }) => Promise<
               | {
                     frontendRedirectTo: string;
-                    cookies?: string;
+                    cookies?: string[];
                 }
               | ErrorOAuth2
               | GeneralErrorResponse
@@ -396,7 +396,7 @@ export declare type APIInterface = {
           }) => Promise<
               | {
                     redirectTo: string;
-                    cookies?: string;
+                    cookies?: string[];
                 }
               | ErrorOAuth2
               | GeneralErrorResponse

lib/ts/recipe/oauth2provider/api/utils.ts

@@ -22,7 +22,7 @@ export async function loginGET({
     loginChallenge: string;
     session?: SessionContainerInterface;
     shouldTryRefresh: boolean;
-    cookies?: string;
+    cookies?: string[];
     userContext: UserContext;
     isDirectCall: boolean;
 }) {
@@ -143,7 +143,7 @@ export async function loginGET({
     };
 }
 
-function getMergedCookies({ origCookies = "", newCookies }: { origCookies?: string; newCookies?: string }): string {
+function getMergedCookies({ origCookies = "", newCookies }: { origCookies?: string; newCookies?: string[] }): string {
     if (!newCookies) {
         return origCookies;
     }
@@ -168,14 +168,18 @@ function getMergedCookies({ origCookies = "", newCookies }: { origCookies?: stri
         .join(";");
 }
 
-function mergeSetCookieHeaders(setCookie1?: string, setCookie2?: string): string {
-    if (!setCookie1) {
-        return setCookie2 || "";
+function mergeSetCookieHeaders(setCookie1?: string[], setCookie2?: string[]): string[] {
+    if (setCookie1 == undefined || setCookie1.length === 0) {
+        return setCookie2 === undefined ? [] : setCookie2;
     }
-    if (!setCookie2 || setCookie1 === setCookie2) {
+    if (
+        !setCookie2 ||
+        (new Set(setCookie1).size === new Set(setCookie2).size &&
+            new Set(setCookie1).size === new Set([...setCookie1, ...setCookie2]).size)
+    ) {
         return setCookie1;
     }
-    return `${setCookie1}, ${setCookie2}`;
+    return [...setCookie1, ...setCookie2];
 }
 
 function isLoginInternalRedirect(redirectTo: string): boolean {
@@ -202,13 +206,13 @@ export async function handleLoginInternalRedirects({
     cookie = "",
     userContext,
 }: {
-    response: { redirectTo: string; cookies?: string };
+    response: { redirectTo: string; cookies?: string[] };
     recipeImplementation: RecipeInterface;
     session?: SessionContainerInterface;
     shouldTryRefresh: boolean;
     cookie?: string;
     userContext: UserContext;
-}): Promise<{ redirectTo: string; cookies?: string } | ErrorOAuth2> {
+}): Promise<{ redirectTo: string; cookies?: string[] } | ErrorOAuth2> {
     if (!isLoginInternalRedirect(response.redirectTo)) {
         return response;
     }

lib/ts/recipe/oauth2provider/types.ts

@@ -181,7 +181,7 @@ export type RecipeInterface = {
         cookies: string | undefined;
         session: SessionContainerInterface | undefined;
         userContext: UserContext;
-    }): Promise<{ redirectTo: string; cookies: string | undefined } | ErrorOAuth2>;
+    }): Promise<{ redirectTo: string; cookies: string[] | undefined } | ErrorOAuth2>;
     tokenExchange(input: {
         authorizationHeader?: string;
         body: Record<string, string | undefined>;
@@ -428,7 +428,7 @@ export type APIInterface = {
               session?: SessionContainerInterface;
               shouldTryRefresh: boolean;
               userContext: UserContext;
-          }) => Promise<{ frontendRedirectTo: string; cookies?: string } | ErrorOAuth2 | GeneralErrorResponse>);
+          }) => Promise<{ frontendRedirectTo: string; cookies?: string[] } | ErrorOAuth2 | GeneralErrorResponse>);
 
     authGET:
         | undefined
@@ -439,7 +439,7 @@ export type APIInterface = {
               shouldTryRefresh: boolean;
               options: APIOptions;
               userContext: UserContext;
-          }) => Promise<{ redirectTo: string; cookies?: string } | ErrorOAuth2 | GeneralErrorResponse>);
+          }) => Promise<{ redirectTo: string; cookies?: string[] } | ErrorOAuth2 | GeneralErrorResponse>);
     tokenPOST:
         | undefined
         | ((input: {

lib/ts/version.ts

@@ -12,7 +12,7 @@
  * License for the specific language governing permissions and limitations
  * under the License.
  */
-export const version = "21.1.0";
+export const version = "21.1.1";
 
 export const cdiSupported = ["5.2"];
 

package.json

@@ -1,6 +1,6 @@
 {
     "name": "supertokens-node",
-    "version": "21.1.0",
+    "version": "21.1.1",
     "description": "NodeJS driver for SuperTokens core",
     "main": "index.js",
     "scripts": {