🐛 fix(mana-core-auth): handle form-urlencoded token requests

Better Auth OIDC token endpoint now correctly handles both: - application/x-www-form-urlencoded (OAuth 2.0 spec) - application/json This fixes SSO login from Synapse which uses form-urlencoded.
2026-05-14 23:41:08 +02:00 · 2026-02-01 03:48:55 +01:00 · 2026-02-01 03:48:55 +01:00 · 191c7b4cc7
commit 191c7b4cc7
parent 0229b1c9c3
1 changed files with 24 additions and 1 deletions
--- a/services/mana-core-auth/src/auth/services/better-auth.service.ts
+++ b/services/mana-core-auth/src/auth/services/better-auth.service.ts
@ -1293,11 +1293,34 @@ export class BetterAuthService {
 				}
 			}

+			// Prepare body based on content type
+			let requestBody: string | undefined;
+			if (req.method !== 'GET' && req.method !== 'HEAD' && req.body) {
+				const contentType = req.headers['content-type'] || '';
+				if (contentType.includes('application/x-www-form-urlencoded')) {
+					// Convert object to URL-encoded form data
+					const params = new URLSearchParams();
+					for (const [key, value] of Object.entries(req.body)) {
+						if (value !== undefined && value !== null) {
+							params.append(key, String(value));
+						}
+					}
+					requestBody = params.toString();
+				} else {
+					// Default to JSON
+					requestBody = JSON.stringify(req.body);
+					// Ensure content-type is set for JSON
+					if (!headers.has('content-type')) {
+						headers.set('content-type', 'application/json');
+					}
+				}
+			}
+
 			// Create Fetch Request
 			const fetchRequest = new Request(url.toString(), {
 				method: req.method,
 				headers,
-				body: req.method !== 'GET' && req.method !== 'HEAD' ? JSON.stringify(req.body) : undefined,
+				body: requestBody,
 			});

 			// Call Better Auth's handler