From e230827335d7710e08feb8d159e94de3dd5cbf06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pierre=20No=C3=ABl?= <petersg83@gmail.com>
Date: Tue, 21 Dec 2021 12:12:55 +0100
Subject: [PATCH] fix dynamic callback

---
 packages/core/strapi/lib/middlewares/session.js            | 7 ++++---
 .../plugins/users-permissions/server/controllers/auth.js   | 5 ++++-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/packages/core/strapi/lib/middlewares/session.js b/packages/core/strapi/lib/middlewares/session.js
index 504f478c2f..7a5bb31dfb 100644
--- a/packages/core/strapi/lib/middlewares/session.js
+++ b/packages/core/strapi/lib/middlewares/session.js
@@ -1,7 +1,7 @@
 'use strict';
 
 const crypto = require('crypto');
-const { defaultsDeep, isEmpty, omit, has } = require('lodash/fp');
+const { defaultsDeep, isEmpty, isString, omit, has } = require('lodash/fp');
 const session = require('koa-session');
 
 const defaultConfig = {
@@ -22,7 +22,9 @@ module.exports = (userConfig, { strapi }) => {
     let secretKeys = [];
 
     if (has('secretKeys', userConfig)) {
-      secretKeys = userConfig.secretKeys;
+      secretKeys = isString(userConfig.secretKeys)
+        ? userConfig.secretKeys.split(',')
+        : userConfig.secretKeys;
     } else if (has('SESSION_SECRET_KEYS', process.env)) {
       secretKeys = process.env.SESSION_SECRET_KEYS.split(',');
     } else {
@@ -38,7 +40,6 @@ module.exports = (userConfig, { strapi }) => {
 
     strapi.server.app.keys = secretKeys;
   }
-
   const config = defaultsDeep(defaultConfig, omit('secretKeys', userConfig));
 
   strapi.server.use(session(config, strapi.server.app));
diff --git a/packages/plugins/users-permissions/server/controllers/auth.js b/packages/plugins/users-permissions/server/controllers/auth.js
index 5ec43ae63f..d1b4e5c37d 100644
--- a/packages/plugins/users-permissions/server/controllers/auth.js
+++ b/packages/plugins/users-permissions/server/controllers/auth.js
@@ -188,7 +188,10 @@ module.exports = {
     }
 
     // Ability to pass OAuth callback dynamically
-    grantConfig[provider].callback = _.get(ctx, 'query.callback') || grantConfig[provider].callback;
+    grantConfig[provider].callback =
+      _.get(ctx, 'query.callback') ||
+      _.get(ctx, 'session.grant.dynamic.callback') ||
+      grantConfig[provider].callback;
     grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider);
 
     return grant(grantConfig)(ctx, next);