From fa68c33fa3b214f6a3d3d43fb901d7e6e43e8882 Mon Sep 17 00:00:00 2001
From: Mary Zhong <mary@clerk.dev>
Date: Wed, 31 Jan 2024 09:53:10 -0500
Subject: [PATCH] fix(clerk-js): Fix FAPI initiated redirect flow for OAuth2
 IDP flow with email_link verification (#2677)

For the OAuth2 IDP flow, we should not redirect when the referrer is
the sign up url. This way, the second factor can be completed
after a first factor like email verification link. Previously,
users were being redirected back to FAPI /oauth/authorize
prematurely. This change ensures that users will not be
redirected as such and have the chance to complete their second
factor verification, like phone code.

(cherry picked from commit 750337633a07bf3bb92d015f558ead2bfdca8613)
---
 .changeset/twenty-lamps-rule.md     | 5 +++++
 packages/clerk-js/src/core/clerk.ts | 8 +++++---
 2 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 .changeset/twenty-lamps-rule.md

diff --git a/.changeset/twenty-lamps-rule.md b/.changeset/twenty-lamps-rule.md
new file mode 100644
index 00000000000..eca620b373a
--- /dev/null
+++ b/.changeset/twenty-lamps-rule.md
@@ -0,0 +1,5 @@
+---
+'@clerk/clerk-js': patch
+---
+
+Fix redirect flow for OAuth2 IDP flow with email_link verification.
diff --git a/packages/clerk-js/src/core/clerk.ts b/packages/clerk-js/src/core/clerk.ts
index f1e3fd7a2f2..971af96ad4c 100644
--- a/packages/clerk-js/src/core/clerk.ts
+++ b/packages/clerk-js/src/core/clerk.ts
@@ -1681,11 +1681,13 @@ export default class Clerk implements ClerkInterface {
     }
 
     const userSignedIn = this.session;
-    const signInUrl = this.#environment?.displayConfig.signInUrl;
+    const signInUrl = this.#options.signInUrl || this.#environment?.displayConfig.signInUrl;
     const referrerIsSignInUrl = signInUrl && window.location.href.startsWith(signInUrl);
+    const signUpUrl = this.#options.signUpUrl || this.#environment?.displayConfig.signUpUrl;
+    const referrerIsSignUpUrl = signUpUrl && window.location.href.startsWith(signUpUrl);
 
-    // don't redirect if user is not signed in and referrer is sign in url
-    if (requiresUserInput(redirectUrl) && !userSignedIn && referrerIsSignInUrl) {
+    // don't redirect if user is not signed in and referrer is sign in/up url
+    if (requiresUserInput(redirectUrl) && !userSignedIn && (referrerIsSignInUrl || referrerIsSignUpUrl)) {
       return false;
     }