diff --git a/packages/core/src/routes/experience/verification-routes/social-verification.ts b/packages/core/src/routes/experience/verification-routes/social-verification.ts index dd0c3cbd6..d2bedc49d 100644 --- a/packages/core/src/routes/experience/verification-routes/social-verification.ts +++ b/packages/core/src/routes/experience/verification-routes/social-verification.ts @@ -90,9 +90,12 @@ export default function socialVerificationRoutes { - const { connectorId } = ctx.params; + const { connectorId } = ctx.guard.params; const { connectorData, verificationId } = ctx.guard.body; const { verificationAuditLog } = ctx; + const { + socials: { getConnector }, + } = libraries; verificationAuditLog.append({ payload: { @@ -102,17 +105,12 @@ export default function socialVerificationRoutes { - if (verificationId) { - return ctx.experienceInteraction.getVerificationRecordByTypeAndId( - VerificationType.Social, - verificationId - ); - } + const connector = await getConnector(connectorId); + const socialVerificationRecord = (() => { // Check if is Google one tap verification if ( - connectorId === GoogleConnector.factoryId && + connector.metadata.id === GoogleConnector.factoryId && connectorData[GoogleConnector.oneTapParams.credential] ) { const socialVerificationRecord = SocialVerification.create( @@ -124,6 +122,13 @@ export default function socialVerificationRoutes => { const { - socials: { getUserInfo }, + socials: { getUserInfo, getConnector }, } = libraries; const log = ctx.createLog('Interaction.SignIn.Identifier.Social.Submit'); log.append({ connectorId, connectorData }); + const connector = await getConnector(connectorId); + // Verify the CSRF token if it's a Google connector and has credential (a Google One Tap // verification) if ( - connectorId === GoogleConnector.factoryId && + connector.metadata.id === GoogleConnector.factoryId && connectorData[GoogleConnector.oneTapParams.credential] ) { const csrfToken = connectorData[GoogleConnector.oneTapParams.csrfToken];