OAuth2 Provider Callbacks Do Not Preserve Custom Query Parameters

[aryanjangid]

When using an OAuth2 provider (e.g., Google) with NextAuth.js, custom query parameters in the callbackUrl are not preserved after the authentication process. This issue does not occur when using the Credentials provider.

Steps to Reproduce:

1. Set up a NextAuth.js application with Google as an OAuth2 provider.

import GoogleProvider from "next-auth/providers/google";
export default NextAuth({
  providers: [
    GoogleProvider({
      clientId: process.env.GOOGLE_CLIENT_ID,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
    }),
  ],
  callbacks: {
    redirect: async ({ url, baseUrl }) => {
      // Attempt to preserve custom query parameters
      if (url.startsWith("/")) {
        return `${baseUrl}${url}`;
      }
      return url;
    },
  },
  // ... other options ...
});

2. Initiate the sign-in process with a callbackUrl that includes custom query parameters.

import { signIn } from "next-auth/client";
const handleOAuth = async () => {
  const callbackUrl = "http://localhost:3000/authorize?org_id=123&redirect_uri=http://localhost:3001/";
  await signIn("google", { callbackUrl });
};

3. Complete the Google authentication process

Expected Behavior:

After the authentication process, the user should be redirected to the callbackUrl with the custom query parameters preserved, e.g., http://localhost:3000/authorize?org_id=123&redirect_uri=http://localhost:3001/.
Actual Behavior:
The user is redirected to the callbackUrl, but the custom query parameters are removed, e.g., http://localhost:3000/authorize.

Additional Context:

This issue seems to be a limitation of the OAuth2 protocol, as it does not preserve the query parameters in the redirect_uri after the authentication process. However, it would be helpful if NextAuth.js provided a way to preserve custom query parameters between the authentication request and the callback.