[Bug]: Duplicate token request causes login to fail

[htuscher]

Plugin Version

7.0.0

PHP Version

8.2.21

Shopware Version

6.6.4.0

Installation method

Composer

Identity provider

Keycloak

What happened?

If clicking on the SSO button in the admin, I see the following in the requests:

Unfortunately it looks like the first (canceled) token requests leads to Heptacom\AdminOpenAuth\Service\Login->pop() and therefore the second token request doesn't have a LoginState.
The result is

throw OAuthServerException::invalidRequest('one_time_token', 'Expired');

Not sure what is causing this.

Probable useful hint: We're building our projects with shopware-cli project ci .

Relevant log output

No response

[silviokennecke]

Could you check in the network inspector if a redirect or something similar might be causing the cancelation of the first token request? This would be one of the more common reasons why XHR requests get cancelled by the browser.

The SSO plugin simply makes a token request, as soon as it discovers that the login page is open and a IdP redirect state is given

[pbalcerzak]

There is a redirect from /admin?state=SOME_STATE# to /admin?state=SOME_STATE#/login/ which is causing the issue.
Most likely came with new VUE version in SW 6.6, in 6.5 the url was changing but wasn't considered as redirect in the browser.

In our case we have fixed it with a patch file for ClientRedirectRoute by adding

$targetUrl = $this->enrichRedirectUrl($targetUrl, $requestState);
$targetUrl .= '/login/'; // addition

Ugly fix as we are short on time with the upgrade, would be great to have a new plugin version with a proper fix!