From 575478bd010e817a5a514f93f3e0f9a5bea400c8 Mon Sep 17 00:00:00 2001
From: Mary Zhong <mary@clerk.dev>
Date: Mon, 29 Jan 2024 16:19:26 -0500
Subject: [PATCH] fix(clerk-js): Fix FAPI initiated redirect flow for OAuth2
 IDP flow with email_link verification

For the OAuth2 IDP flow, we should not redirect when the referrer is
the sign up url. This way, the second factor can be completed
after a first factor like email verification link. Previously,
users were being redirected back to FAPI /oauth/authorize
prematurely. This change ensures that users will not be
redirected as such and have the chance to complete their second
factor verification, like phone code.
---
 .changeset/twenty-lamps-rule.md     | 5 +++++
 packages/clerk-js/src/core/clerk.ts | 8 +++++---
 2 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 .changeset/twenty-lamps-rule.md

diff --git a/.changeset/twenty-lamps-rule.md b/.changeset/twenty-lamps-rule.md
new file mode 100644
index 00000000000..eca620b373a
--- /dev/null
+++ b/.changeset/twenty-lamps-rule.md
@@ -0,0 +1,5 @@
+---
+'@clerk/clerk-js': patch
+---
+
+Fix redirect flow for OAuth2 IDP flow with email_link verification.
diff --git a/packages/clerk-js/src/core/clerk.ts b/packages/clerk-js/src/core/clerk.ts
index fd96d767b63..30531c3aaf6 100644
--- a/packages/clerk-js/src/core/clerk.ts
+++ b/packages/clerk-js/src/core/clerk.ts
@@ -1613,11 +1613,13 @@ export class Clerk implements ClerkInterface {
     }
 
     const userSignedIn = this.session;
-    const signInUrl = this.#environment?.displayConfig.signInUrl;
+    const signInUrl = this.#options.signInUrl || this.#environment?.displayConfig.signInUrl;
     const referrerIsSignInUrl = signInUrl && window.location.href.startsWith(signInUrl);
+    const signUpUrl = this.#options.signUpUrl || this.#environment?.displayConfig.signUpUrl;
+    const referrerIsSignUpUrl = signUpUrl && window.location.href.startsWith(signUpUrl);
 
-    // don't redirect if user is not signed in and referrer is sign in url
-    if (requiresUserInput(redirectUrl) && !userSignedIn && referrerIsSignInUrl) {
+    // don't redirect if user is not signed in and referrer is sign in/up url
+    if (requiresUserInput(redirectUrl) && !userSignedIn && (referrerIsSignInUrl || referrerIsSignUpUrl)) {
       return false;
     }