docs: fix callback validation for third-party authentication (#14109)

* docs: fix callback validation for third-party authentication * address comment
2025-11-24 15:43:05 +02:00
parent b81f958d41
commit 22ca22a2f0
11 changed files with 272 additions and 166 deletions
--- a/www/apps/api-reference/specs/store/code_samples/JavaScript/auth_customer_{auth_provider}_callback/post.js
+++ b/www/apps/api-reference/specs/store/code_samples/JavaScript/auth_customer_{auth_provider}_callback/post.js
@@ -1,4 +1,5 @@
 import Medusa from "@medusajs/js-sdk"
+import { decodeToken } from "react-jwt"

 let MEDUSA_BACKEND_URL = "http://localhost:9000"

@@ -12,7 +13,7 @@ export const sdk = new Medusa({
  publishableKey: process.env.NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY,
 })

-await sdk.auth.callback(
+const token = await sdk.auth.callback(
  "customer",
  "google",
  {
@@ -20,9 +21,20 @@ await sdk.auth.callback(
    state: "456"
  }
 )
-
 // all subsequent requests will use the token in the header
-const { customer } = await sdk.store.customer.create({
-  email: "customer@gmail.com",
-  password: "supersecret"
-})
+
+const decodedToken = decodeToken(token) as { actor_id: string, user_metadata: Record<string, unknown> }
+
+const shouldCreateCustomer = decodedToken.actor_id === ""
+
+if (shouldCreateCustomer) {
+  const { customer } = await sdk.store.customer.create({
+    email: decodedToken.user_metadata.email as string,
+  })
+
+  // refresh auth token
+  await sdk.auth.refresh()
+  // all subsequent requests will use the new token in the header
+} else {
+  // Customer already exists and is authenticated
+}
--- a/www/apps/api-reference/specs/store/code_samples/TypeScript/auth_customer_{auth_provider}_callback/post.ts
+++ b/www/apps/api-reference/specs/store/code_samples/TypeScript/auth_customer_{auth_provider}_callback/post.ts
@@ -1,4 +1,5 @@
 import Medusa from "@medusajs/js-sdk"
+import { decodeToken } from "react-jwt"

 let MEDUSA_BACKEND_URL = "http://localhost:9000"

@@ -12,7 +13,7 @@ export const sdk = new Medusa({
  publishableKey: process.env.NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY,
 })

-await sdk.auth.callback(
+const token = await sdk.auth.callback(
  "customer",
  "github",
  {
@@ -20,9 +21,20 @@ await sdk.auth.callback(
    state: "456"
  }
 )
-
 // all subsequent requests will use the token in the header
-const { customer } = await sdk.store.customer.create({
-  email: "customer@gmail.com",
-  password: "supersecret"
-})
+
+const decodedToken = decodeToken(token) as { actor_id: string, user_metadata: Record<string, unknown> }
+
+const shouldCreateCustomer = decodedToken.actor_id === ""
+
+if (shouldCreateCustomer) {
+  const { customer } = await sdk.store.customer.create({
+    email: decodedToken.user_metadata.email as string,
+  })
+
+  // refresh auth token
+  await sdk.auth.refresh()
+  // all subsequent requests will use the new token in the header
+} else {
+  // Customer already exists and is authenticated
+}