feat(auth): Add ExtraQueryParams to AuthSignInWithRedirectInput

[sarossilli]

Description of changes

Adding extraQueryParams to AuthSignInWithRedirectInput.

Adding paramters from extraQueryParams to queryString of oAuthUrl

This will allow users to define extra 'custom' query parameters to the /authorize url for custom ODIC auth providers.

Issue #, if available

Feature Request: #13861

Description of how you validated changes

yarn test passes

Built and linked local changes using yarn link

Ran test app with linked local changes.

Validated authorization url now contains new custom-added parameters when calling signInIWithRedirect.

Example usage:

        signInWithRedirect({
            provider: {
                custom: "TwitchOIDC",
            },
            extraQueryParams: {
                claims: 'test'
            }
        })

And /authorize URL query params are:

redirect_uri=[uri]
&response_type=code
&client_id=[id]&identity_provider=TwitchOIDC
&scope=[scope]&state=[state]&code_challenge=[uuid]
&code_challenge_method=S256
&claims=test

Checklist

• PR description included
• yarn test passes
• Unit Tests are changed or added
• Relevant documentation is changed or added (and PR referenced)

Checklist for repo maintainers

• Verify E2E tests for existing workflows are working as expected or add E2E tests for newly added workflows
• New source file paths included in this PR have been added to CODEOWNERS, if appropriate

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[wildjames]

We've also run into an issue with this on our team, are there any temporary workarounds that can be used while this PR is in review?

[bobbor]

hey @sarossilli

thanks for your contribution.

We've looked at this PR and in combination with a bunch of other requirements (from us and other contributors) to signInWithRedirect we've come up with another solution, which you might find useful.

For context:
In v5, there was a function (urlOpener), in which it was possible to control the behavior of opening the /authorize?query..., even though it wasn't necessarily designed to be used like this.
And since the URL was passed as parameter, it was possible to change it.
So we introduced a similar behaviour to v6 and signInWithRedirect

signInWithRedirect({
    provider: {
        custom: "TwitchOIDC",
    },
    options: {
        authSessionOpener: async (href) => {
            const url = new URL(href);
            url.searchParams.append('claims', 'test');
            window.location.href = url.toString()
        }
    }
})

I hope this helps.

Now, since the desired outcome can be achieved with an existing approach, I will close this Pull Request.

Feel free to leave comments or reopen in case you feel strongly about the implementation and I'm happy to discuss this further. Nothing really speaks against a two-option solution.

P.S.: @wildjames this solution, I presume, will help you most probably as well.
P.P.S.:
The types of authSessionOpener speak of () => Promise<OpenAuthSessionResult | void>, which is why you see an async
This would ideally be more like () => Promise<OpenAuthSessionResult | void> | void