docs: fix callback validation for third-party authentication (medusajs#14109)

* docs: fix callback validation for third-party authentication

* address comment

Author: shahednasser

www/apps/api-reference/specs/admin/code_samples/JavaScript/auth_user_{auth_provider}_callback/post.js

@@ -1,4 +1,5 @@
 import Medusa from "@medusajs/js-sdk"
+import { decodeToken } from "react-jwt"
 
 export const sdk = new Medusa({
   baseUrl: import.meta.env.VITE_BACKEND_URL || "/",
@@ -8,24 +9,33 @@ export const sdk = new Medusa({
   },
 })
 
-await sdk.auth.callback(
+const token = await sdk.auth.callback(
   "user",
   "google",
   {
     code: "123",
     state: "456"
   }
 )
-
 // all subsequent requests will use the token in the header
-sdk.admin.invite.accept(
-  {
-    email: "[email protected]",
-    first_name: "John",
-    last_name: "Smith",
-    invite_token: "12345..."
-  },
-)
-.then(({ user }) => {
-  console.log(user)
-})
+
+const decodedToken = decodeToken(token) as { actor_id: string, user_metadata: Record<string, unknown> }
+
+const shouldCreateUser = decodedToken.actor_id === ""
+
+if (shouldCreateUser) {
+  const user = await sdk.admin.invite.accept(
+    {
+      email: decodedToken.user_metadata.email as string,
+      first_name: "John",
+      last_name: "Smith",
+      invite_token: "12345..."
+    },
+  )
+
+  // refresh auth token
+  await sdk.auth.refresh()
+  // all subsequent requests will use the new token in the header
+} else {
+  // User already exists and is authenticated
+}

www/apps/api-reference/specs/admin/code_samples/TypeScript/auth_user_{auth_provider}_callback/post.ts

@@ -1,4 +1,5 @@
 import Medusa from "@medusajs/js-sdk"
+import { decodeToken } from "react-jwt"
 
 export const sdk = new Medusa({
   baseUrl: import.meta.env.VITE_BACKEND_URL || "/",
@@ -8,24 +9,33 @@ export const sdk = new Medusa({
   },
 })
 
-const authToken = await sdk.auth.callback(
+const token = await sdk.auth.callback(
   "user",
-  "google",
+  "github",
   {
     code: "123",
     state: "456"
   }
 )
-
 // all subsequent requests will use the token in the header
-sdk.admin.invite.accept(
-  {
-    email: "[email protected]",
-    first_name: "John",
-    last_name: "Smith",
-    invite_token: "12345..."
-  },
-)
-.then(({ user }) => {
-  console.log(user)
-})
+
+const decodedToken = decodeToken(token) as { actor_id: string, user_metadata: Record<string, unknown> }
+
+const shouldCreateUser = decodedToken.actor_id === ""
+
+if (shouldCreateUser) {
+  const user = await sdk.admin.invite.accept(
+    {
+      email: decodedToken.user_metadata.email as string,
+      first_name: "John",
+      last_name: "Smith",
+      invite_token: "12345..."
+    },
+  )
+
+  // refresh auth token
+  await sdk.auth.refresh()
+  // all subsequent requests will use the new token in the header
+} else {
+  // User already exists and is authenticated
+}

www/apps/api-reference/specs/admin/openapi.full.yaml

@@ -64080,6 +64080,7 @@ paths:
           label: Google Provider
           source: |-
             import Medusa from "@medusajs/js-sdk"
+            import { decodeToken } from "react-jwt"
 
             export const sdk = new Medusa({
               baseUrl: import.meta.env.VITE_BACKEND_URL || "/",
@@ -64089,31 +64090,41 @@ paths:
               },
             })
 
-            await sdk.auth.callback(
+            const token = await sdk.auth.callback(
               "user",
               "google",
               {
                 code: "123",
                 state: "456"
               }
             )
-
             // all subsequent requests will use the token in the header
-            sdk.admin.invite.accept(
-              {
-                email: "[email protected]",
-                first_name: "John",
-                last_name: "Smith",
-                invite_token: "12345..."
-              },
-            )
-            .then(({ user }) => {
-              console.log(user)
-            })
+
+            const decodedToken = decodeToken(token) as { actor_id: string, user_metadata: Record<string, unknown> }
+
+            const shouldCreateUser = decodedToken.actor_id === ""
+
+            if (shouldCreateUser) {
+              const user = await sdk.admin.invite.accept(
+                {
+                  email: decodedToken.user_metadata.email as string,
+                  first_name: "John",
+                  last_name: "Smith",
+                  invite_token: "12345..."
+                },
+              )
+
+              // refresh auth token
+              await sdk.auth.refresh()
+              // all subsequent requests will use the new token in the header
+            } else {
+              // User already exists and is authenticated
+            }
         - lang: TypeScript
           label: GitHub Provider
           source: |-
             import Medusa from "@medusajs/js-sdk"
+            import { decodeToken } from "react-jwt"
 
             export const sdk = new Medusa({
               baseUrl: import.meta.env.VITE_BACKEND_URL || "/",
@@ -64123,27 +64134,36 @@ paths:
               },
             })
 
-            const authToken = await sdk.auth.callback(
+            const token = await sdk.auth.callback(
               "user",
-              "google",
+              "github",
               {
                 code: "123",
                 state: "456"
               }
             )
-
             // all subsequent requests will use the token in the header
-            sdk.admin.invite.accept(
-              {
-                email: "[email protected]",
-                first_name: "John",
-                last_name: "Smith",
-                invite_token: "12345..."
-              },
-            )
-            .then(({ user }) => {
-              console.log(user)
-            })
+
+            const decodedToken = decodeToken(token) as { actor_id: string, user_metadata: Record<string, unknown> }
+
+            const shouldCreateUser = decodedToken.actor_id === ""
+
+            if (shouldCreateUser) {
+              const user = await sdk.admin.invite.accept(
+                {
+                  email: decodedToken.user_metadata.email as string,
+                  first_name: "John",
+                  last_name: "Smith",
+                  invite_token: "12345..."
+                },
+              )
+
+              // refresh auth token
+              await sdk.auth.refresh()
+              // all subsequent requests will use the new token in the header
+            } else {
+              // User already exists and is authenticated
+            }
       tags:
         - Auth
       responses:

www/apps/api-reference/specs/store/code_samples/JavaScript/auth_customer_{auth_provider}_callback/post.js

@@ -1,4 +1,5 @@
 import Medusa from "@medusajs/js-sdk"
+import { decodeToken } from "react-jwt"
 
 let MEDUSA_BACKEND_URL = "http://localhost:9000"
 
@@ -12,17 +13,28 @@ export const sdk = new Medusa({
   publishableKey: process.env.NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY,
 })
 
-await sdk.auth.callback(
+const token = await sdk.auth.callback(
   "customer",
   "google",
   {
     code: "123",
     state: "456"
   }
 )
-
 // all subsequent requests will use the token in the header
-const { customer } = await sdk.store.customer.create({
-  email: "[email protected]",
-  password: "supersecret"
-})
+
+const decodedToken = decodeToken(token) as { actor_id: string, user_metadata: Record<string, unknown> }
+
+const shouldCreateCustomer = decodedToken.actor_id === ""
+
+if (shouldCreateCustomer) {
+  const { customer } = await sdk.store.customer.create({
+    email: decodedToken.user_metadata.email as string,
+  })
+
+  // refresh auth token
+  await sdk.auth.refresh()
+  // all subsequent requests will use the new token in the header
+} else {
+  // Customer already exists and is authenticated
+}

www/apps/api-reference/specs/store/code_samples/TypeScript/auth_customer_{auth_provider}_callback/post.ts

@@ -1,4 +1,5 @@
 import Medusa from "@medusajs/js-sdk"
+import { decodeToken } from "react-jwt"
 
 let MEDUSA_BACKEND_URL = "http://localhost:9000"
 
@@ -12,17 +13,28 @@ export const sdk = new Medusa({
   publishableKey: process.env.NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY,
 })
 
-await sdk.auth.callback(
+const token = await sdk.auth.callback(
   "customer",
   "github",
   {
     code: "123",
     state: "456"
   }
 )
-
 // all subsequent requests will use the token in the header
-const { customer } = await sdk.store.customer.create({
-  email: "[email protected]",
-  password: "supersecret"
-})
+
+const decodedToken = decodeToken(token) as { actor_id: string, user_metadata: Record<string, unknown> }
+
+const shouldCreateCustomer = decodedToken.actor_id === ""
+
+if (shouldCreateCustomer) {
+  const { customer } = await sdk.store.customer.create({
+    email: decodedToken.user_metadata.email as string,
+  })
+
+  // refresh auth token
+  await sdk.auth.refresh()
+  // all subsequent requests will use the new token in the header
+} else {
+  // Customer already exists and is authenticated
+}

www/apps/api-reference/specs/store/openapi.full.yaml

@@ -290,6 +290,7 @@ paths:
           label: Google Provider
           source: |-
             import Medusa from "@medusajs/js-sdk"
+            import { decodeToken } from "react-jwt"
 
             let MEDUSA_BACKEND_URL = "http://localhost:9000"
 
@@ -303,24 +304,36 @@ paths:
               publishableKey: process.env.NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY,
             })
 
-            await sdk.auth.callback(
+            const token = await sdk.auth.callback(
               "customer",
               "google",
               {
                 code: "123",
                 state: "456"
               }
             )
-
             // all subsequent requests will use the token in the header
-            const { customer } = await sdk.store.customer.create({
-              email: "[email protected]",
-              password: "supersecret"
-            })
+
+            const decodedToken = decodeToken(token) as { actor_id: string, user_metadata: Record<string, unknown> }
+
+            const shouldCreateCustomer = decodedToken.actor_id === ""
+
+            if (shouldCreateCustomer) {
+              const { customer } = await sdk.store.customer.create({
+                email: decodedToken.user_metadata.email as string,
+              })
+
+              // refresh auth token
+              await sdk.auth.refresh()
+              // all subsequent requests will use the new token in the header
+            } else {
+              // Customer already exists and is authenticated
+            }
         - lang: TypeScript
           label: GitHub Provider
           source: |-
             import Medusa from "@medusajs/js-sdk"
+            import { decodeToken } from "react-jwt"
 
             let MEDUSA_BACKEND_URL = "http://localhost:9000"
 
@@ -334,20 +347,31 @@ paths:
               publishableKey: process.env.NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY,
             })
 
-            await sdk.auth.callback(
+            const token = await sdk.auth.callback(
               "customer",
               "github",
               {
                 code: "123",
                 state: "456"
               }
             )
-
             // all subsequent requests will use the token in the header
-            const { customer } = await sdk.store.customer.create({
-              email: "[email protected]",
-              password: "supersecret"
-            })
+
+            const decodedToken = decodeToken(token) as { actor_id: string, user_metadata: Record<string, unknown> }
+
+            const shouldCreateCustomer = decodedToken.actor_id === ""
+
+            if (shouldCreateCustomer) {
+              const { customer } = await sdk.store.customer.create({
+                email: decodedToken.user_metadata.email as string,
+              })
+
+              // refresh auth token
+              await sdk.auth.refresh()
+              // all subsequent requests will use the new token in the header
+            } else {
+              // Customer already exists and is authenticated
+            }
       tags:
         - Auth
       responses: