@@ -15,19 +15,23 @@ export const createCallbackEndpoint = (
1515 // Support both GET (default OAuth2) and POST (required for Apple OAuth with form_post)
1616 // - GET: Used by most OAuth providers (Google, GitHub, etc.)
1717 // - POST: Required by Apple when requesting name/email scopes with response_mode=form_post
18- method : [ 'get' , ' post'] ,
18+ method : ' post' as const ,
1919 path : pluginOptions . callbackPath || '/oauth/callback' ,
2020 handler : async ( req ) => {
2121 try {
22- // Handle authorization code from both GET query params and POST body
23- // This enables support for Apple's form_post response mode while maintaining
24- // compatibility with traditional OAuth2 GET responses
25- const code = req . method === 'POST' ? req . body ?. code : req . query ?. code
22+ // Handle authorization code from both GET query params and POST body
23+ // This enables support for Apple's form_post response mode while maintaining
24+ // compatibility with traditional OAuth2 GET responses
25+ const code = req . method === "POST"
26+ ? ( req . body ) ?. code // Type assertion for body
27+ : ( req . query ) ?. code // Type assertion for query
2628 // Improved error handling to clearly indicate whether we're missing the code
2729 // from POST body (Apple OAuth) or GET query parameters (standard OAuth)
2830 if ( typeof code !== 'string' )
2931 throw new Error (
30- `Code not found in ${ req . method === 'POST' ? 'body' : 'query' } ${ JSON . stringify ( req . method === 'POST' ? req . body : req . query ) } ,
32+ `Code not found in ${ req . method === 'POST' ? 'body' : 'query' } ${ JSON . stringify (
33+ req . method === 'POST' ? req . body : req . query
34+ ) } `,
3135 )
3236
3337 // /////////////////////////////////////
0 commit comments