From 4c9244f8ed20a13d909e73e8d1a558c23e823652 Mon Sep 17 00:00:00 2001 From: Jan Verhaeghe Date: Mon, 24 Feb 2020 09:40:02 +0100 Subject: [PATCH 1/2] fix: semicolon encoding workaround --- src/app/core/auth-config.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/app/core/auth-config.ts b/src/app/core/auth-config.ts index f447c76..70962ab 100644 --- a/src/app/core/auth-config.ts +++ b/src/app/core/auth-config.ts @@ -11,5 +11,6 @@ export const authConfig: AuthConfig = { timeoutFactor: 0.25, // For faster testing sessionChecksEnabled: true, showDebugInformation: true, // Also requires enabling "Verbose" level in devtools - clearHashAfterLogin: false, // https://github.com/manfredsteyer/angular-oauth2-oidc/issues/457#issuecomment-431807040 + clearHashAfterLogin: false, // https://github.com/manfredsteyer/angular-oauth2-oidc/issues/457#issuecomment-431807040, + nonceStateSeparator : 'semicolon' // Real semicolon gets mangled by IdentityServer's URI encoding }; From 8d17c95d4f2649f3673fed5680842d3697a3c344 Mon Sep 17 00:00:00 2001 From: Jan Verhaeghe Date: Mon, 24 Feb 2020 09:46:08 +0100 Subject: [PATCH 2/2] fix: IdentityServer encoding the state url --- src/app/core/auth.service.ts | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/app/core/auth.service.ts b/src/app/core/auth.service.ts index 0702538..046b6ec 100644 --- a/src/app/core/auth.service.ts +++ b/src/app/core/auth.service.ts @@ -150,8 +150,12 @@ export class AuthService { // login(...) should never have this, but in case someone ever calls // initImplicitFlow(undefined | null) this could happen. if (this.oauthService.state && this.oauthService.state !== 'undefined' && this.oauthService.state !== 'null') { - console.log('There was state, so we are sending you to: ' + this.oauthService.state); - this.router.navigateByUrl(this.oauthService.state); + let stateUrl = this.oauthService.state; + if (stateUrl.startsWith('/') === false) { + stateUrl = decodeURIComponent(stateUrl); + } + console.log(`There was state of ${this.oauthService.state}, so we are sending you to: ${stateUrl}`); + this.router.navigateByUrl(stateUrl); } }) .catch(() => this.isDoneLoadingSubject$.next(true));