Update index.js

index.js

@@ -82,8 +82,9 @@ async function oauthLogin(opts) {
 			throw new Error("Missing oauth state from query parameters in redirected URL");
 		}
 
-		if (!state.startsWith(nonce + ":")) {
-            console.log(state, nonce+":")
+    	const [stateNonce, stateRedirectUri, stateVal] = state.split(":");
+
+		if (stateNonce !== nonce) {
 			throw new Error("Invalid oauth state in redirected URL");
 		}
 
@@ -95,7 +96,7 @@ async function oauthLogin(opts) {
 			body: new URLSearchParams({
 				grant_type: "authorization_code",
 				code,
-				redirect_uri: opts?.redirectUri || window.location.href,
+  				redirect_uri: stateRedirectUri,
 				code_verifier: codeVerifier,
 			}).toString(),
 		});
@@ -137,13 +138,11 @@ async function oauthLogin(opts) {
 				isPro: userInfo.isPro,
 				orgs: userInfo.orgs || [],
 			},
-			state: state.split(":")[1],
+			state: stateVal,
 			scope: token.scope,
 		};
 	}
 
-	const opensInNewWindow = false;
-
 	const newNonce = crypto.randomUUID();
 	// Two random UUIDs concatenated together, because min length is 43 and max length is 128
 	const newCodeVerifier = crypto.randomUUID() + crypto.randomUUID();
@@ -151,9 +150,8 @@ async function oauthLogin(opts) {
 	localStorage.setItem("huggingface.co:oauth:nonce", newNonce);
 	localStorage.setItem("huggingface.co:oauth:code_verifier", newCodeVerifier);
 
-	const state = `${newNonce}:${opts?.state || ""}`;
-
 	const redirectUri = opts?.redirectUri || window.location.href;
+  	const state = `${newNonce}:${redirectUri}:${opts?.state || ""}`;
 
 	// @ts-expect-error window.huggingface is defined inside static Spaces.
 	const variables = window?.huggingface?.variables ?? null;
@@ -172,33 +170,17 @@ async function oauthLogin(opts) {
 	);
 
     console.log("localstorage after", JSON.parse(JSON.stringify(localStorage)))
-
-	if (opensInNewWindow) {
-		window.open(
-			`${opendidConfig.authorization_endpoint}?${new URLSearchParams({
-				client_id: clientId,
-				scope: opts?.scopes || "openid profile",
-				response_type: "code",
-				redirect_uri: redirectUri,
-				state,
-				code_challenge: challenge,
-				code_challenge_method: "S256",
-			}).toString()}`,
-			"_blank"
-		);
-		throw new Error("Opened in new window");
-	} else {
-		window.location.href = `${opendidConfig.authorization_endpoint}?${new URLSearchParams({
-			client_id: clientId,
-			scope: opts?.scopes || "openid profile",
-			response_type: "code",
-			redirect_uri: redirectUri,
-			state,
-			code_challenge: challenge,
-			code_challenge_method: "S256",
-		}).toString()}`;
-		throw new Error("Redirected");
-	}
+  
+    window.location.href = `${opendidConfig.authorization_endpoint}?${new URLSearchParams({
+        client_id: clientId,
+        scope: opts?.scopes || "openid profile",
+        response_type: "code",
+        redirect_uri: redirectUri,
+        state,
+        code_challenge: challenge,
+        code_challenge_method: "S256",
+    }).toString()}`;
+    throw new Error("Redirected");
 }
 
 oauthLogin().then(console.log);