Skip to content

feat(core): add OAuth2 consent flow support #584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Jorgagu wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(core): add OAuth2 consent flow support #584

Jorgagu wants to merge 3 commits into from

Conversation

@Jorgagu
Copy link
Contributor

@Jorgagu Jorgagu commented Jan 5, 2026

Add complete OAuth2 consent flow support to @ory/nextjs and @ory/elements-react packages, enabling applications to handle OAuth2 authorization consent screens with Ory Hydra.

Related Issue or Design Document

Fixex #327

Add complete OAuth2 consent flow support to @ory/nextjs and @ory/elements-react packages, enabling applications to handle OAuth2 authorization consent screens with Ory Hydra.

Features

  • Consent Flow Utilities (@ory/nextjs)

    • getConsentFlow - Fetch consent challenge from Ory Hydra
    • acceptConsentRequest - Accept consent with selected scopes
    • rejectConsentRequest - Reject consent request

  • OAuth2 Client Logo Display

    • Display OAuth2 client logo on login, registration, and consent cards
    • Shared getConfigWithOAuth2Logo utility for consistent behavior

  • Example Implementations

    • App Router: consent page + API route
    • Pages Router: consent page + API route
    • Custom Components: ConsentFooter, custom scope checkbox with toggle switches

  • Exported Utilities

    • getConsentNodeKey, isFooterNode from card-consent
    • isUiNodeInput, UiNodeInput type helpers

Improvements

  • Optimize rewriteUrls to single-pass regex replacement
  • Add OAuth2 path exclusion in URL rewriting
  • Add null/undefined handling in rewriteJsonResponse

Tests

  • Unit tests for consent utilities and rewrite functions

Checklist

  • I have read the contributing guidelines and signed the CLA.
  • I have referenced an issue containing the design document if my change introduces a new feature.
  • I have read the security policy.
  • I confirm that this pull request does not address a security vulnerability.
    If this pull request addresses a security vulnerability,
    I confirm that I got approval (please contact security@ory.sh) from the maintainers to push the changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added the necessary documentation within the code base (if appropriate).

Further comments

This implementation follows the pattern established in kratos-selfservice-ui-node for handling OAuth2 flows. The OAuth2 client logo is displayed by overriding the project configuration's logo_light_url when an OAuth2 client logo is available, keeping the existing DefaultCardLogo component unchanged.

@Jorgagu
feat(oauth2): add consent flow support with client info display
55f7dd2 
- Add getConsentFlow, acceptConsentRequest, rejectConsentRequest in @ory/nextjs
- Add consent page and API routes for app-router, pages-router, custom-components
- Display OAuth2 client logo and subtitle on login/registration cards
- Add ConsentFooter and custom scope checkbox for custom-components example
- Export getConsentNodeKey, isFooterNode, isUiNodeInput, UiNodeInput utilities
- Optimize rewriteUrls to single-pass replacement with OAuth2 path exclusion
- Add null/undefined handling in rewriteJsonResponse
- Add unit tests for consent utilities, card-consent functions, and rewrite
@Jorgagu
feat(oauth2): display OAuth2 client logo on login, registration, and …
20b009e 
…consent flows

Add shared utility getConfigWithOAuth2Logo to override project logo with
OAuth2 client logo when available. Apply to Login, Registration, and Consent
flows to display the OAuth2 client's logo during OAuth2-initiated flows.
@changeset-bot
Copy link

changeset-bot bot commented Jan 5, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: cb7ce4f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel
Copy link

vercel bot commented Jan 5, 2026

@Jorgagu is attempting to deploy a commit to the ory Team on Vercel.

A member of the Team first needs to authorize it.

@codecov
Copy link

codecov bot commented Jan 5, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 49.54955% with 56 lines in your changes missing coverage. Please review.
✅ Project coverage is 55.61%. Comparing base (f3fad4d) to head (cb7ce4f).
⚠️ Report is 273 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff             @@
##             main     #584       +/-   ##
===========================================
+ Coverage   42.43%   55.61%   +13.18%     
===========================================
  Files         136      177       +41     
  Lines        2008     3278     +1270     
  Branches      288      481      +193     
===========================================
+ Hits          852     1823      +971     
- Misses       1149     1387      +238     
- Partials        7       68       +61
Components Coverage Δ
@ory/elements-react 54.88% <ø> (+18.09%) ⬆️
@ory/nextjs 59.23% <ø> (-6.75%) ⬇️
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Jorgagu Jorgagu changed the title feat(oauth2): add OAuth2 consent flow support feat(core): add OAuth2 consent flow support Jan 5, 2026
@Jorgagu
Copy link
Contributor Author

Jorgagu commented Jan 7, 2026

@vinckr @jonas-jonas @aeneasr Happy New Year ! 🎉 Could you please review this one ?

@jonas-jonas
Copy link
Member

jonas-jonas commented Jan 7, 2026

hi @Jorgagu, thank you very much for this contribution, and happy new year!

We'll take a look at this in the coming weeks. We do have some code for this already; it just wasn't ready to be published, so we might need to do some merging with that.

And just a heads-up, we're quite busy ramping up after the holidays again, so it might take a couple days longer for us to get to this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Jorgagu @jonas-jonas