Comments (5)
soofstad
commented on July 20, 2024
Could you be running into this issue? https://github.com/soofstad/react-oauth2-pkce#after-redirect-back-from-auth-provider-with-code-no-token-request-is-made
Specifically:
This could also happend if some routes in your app are not wrapped by the <AuthProvider>.
from react-oauth2-pkce.
pablojakub
commented on July 20, 2024
Yeah I read about it and it's not this case. When I'm redirected from my provider everything works fine. It happens when I enter the page -> provider/ library somehow remembers session -> no redirect to provider to login -> error 'bad authorization state...'
All my routes are wrapper inside AuthProvider. AuthProvider is in index.sx and App routes in App.tsx one level lower
from react-oauth2-pkce.
soofstad
commented on July 20, 2024
Are you able to make minimal example on how to recreate this bug?
If not, I'd like so see the state of localStorage, both before and after you are redirected to the authentication provider. If everything there looks alright, then you should have a look at what parameters the auth servers sets when it redirects you back after login.
from react-oauth2-pkce.
pablojakub
commented on July 20, 2024
Ok - most updated version:
First scenario:
- Local storage is empty - everything works fine. I'm redirected to provider -> there log in -> redirect to my app and everything works
Second scenario:
Local storage is NOT empty. There is some ROCP data. I'm NOT redirected to provider -> there is no 'code' param in my url and error occurs.
My local storage:
I think in order to reproduce it I need to:
- Log in to the provider first OUTSIDE my application environment.
- Turn on my app
- Then there is no redirect and beforementioned data in local storage.
from react-oauth2-pkce.
soofstad
commented on July 20, 2024
react-oauth2-code-pkce will only attempts to retrive code from url if loginInProgress is true.
That is set right before redirecting to auth provider.
The login flow needs to start from the web app using the package. Any redirects to the web-app with code besides that will not work. However, it should just automatically log the user in anyway, with a new redirect.
Have you tried clearing all the web apps persistent data? Calling "logout()" should be enough.
If you wan't some more help with this, I realy need an example on how to recreate it.
from react-oauth2-pkce.
Related Issues (20)
- Compatibility with ie11 HOT 1
- 💡 [REQUEST] - Add ability to add headers to requests HOT 6
- 💡 [REQUEST] - Scope parameter is not supported on an authorization code access_token exchange request HOT 8
- Bug: Client authentication with confidential access isn't working HOT 6
- Bug: Redirects replace instead of creating a history entry HOT 2
- 💡 [REQUEST] - Parse (refresh) token expiration from token payload HOT 5
- 💡 [REQUEST] - Refresh access token without resetting the refresh token HOT 1
- Bug: "codeVerifier" and "state" are stored in sessionStorage despite "storage" parameter being "local" HOT 4
- Bug: Does not work correctly if routing type is hash HOT 2
- 💡 [Feature] - Ability to send custom headers in the authorization, token requests HOT 5
- 💡 [REQUEST] - Pass extra parameters to login()-function
- 💡 [FEATURE] - Option in login()-function to not redirect, but instead do it in an iframe or popup HOT 1
- 💡 [REQUEST] - Enhance Logout Functionality HOT 2
- 💡 [Feature] - `postLogout`-callback HOT 1
- 💡 [Feature] - Allow for passing arbitrary arguments to `logOut()`
- Bug: codeVerifier is not set in sessionStorage (sometimes) HOT 3
- Bug: Refresh token has a fixed expiration time HOT 1
- /authorized?code complains 404 Not Found HOT 1
- Bug: Token is cleared before Logout HOT 4
- Bug: refreshAccessToken is only called once
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react-oauth2-pkce.