-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hasCodeInUrl checks both hashParams and searchParams even though the OIDC Auth is configured for just one of them. #864
Comments
Hello 👋 Thanks for reaching out! You are definitely right, I haven't thought to much about this. Do you have an idea to fix it? I'm not sure we should introduce the callback component as many others have, since it produces more boilerplate. What do you think? Maybe add the option to use a component like that, and/or disable hadCodeInUrl function? |
Since we have access to the I would just use the same check oidc-client-js uses
|
We also have the |
Nice, I haven't thought about that. We can check against that! Do you want to open a pull request on this? |
Closing this as stale. Please open a new issue or let me know you still have this issue in a comment 👍 |
Hi
I am hoping you can help with this issue
Using "oidc-react": "^1.5.1",
Please note my Authentication callback is configured to use the query delimiter '?'
In my app, I have a non-authentication callback from a third party to a page which includes the hash parameter 'code'
example 'myapp.com/mypage#code=12345'
This page is wrapped in the oidc-react AuthProvider component. And because of that, the following code is executed
https://github.com/bjerkio/oidc-react/blob/main/src/AuthContext.tsx#L109
The
hasCodeInUrl
function sees the hashcode
parameter in the URL and returns true.The issue is
userManager.signinCallback();
will callreadSigninResponseState
and it checks to see what delimiter to use and it correctly chooses '?' because this is what is configured but since this a non-authentication callback and it is not using the '?' delimiter, it will always throw an errorError: No state in response
Possible solution
hasCodeInUrl
should not blindly look for hashParams 'code' OR searchParams 'code' but instead should check which delimiter has been configured, '?' or '#' and just check for parameters using that delimiter.Thanks
John
The text was updated successfully, but these errors were encountered: