Code flow in a popup #1382
Comments
|
(Lib version 17.0.1, Angular 16, Browser: Vivaldi 6.5 (Chromium 120)) |
|
Have you read this? angular-oauth2-oidc/docs-src/popup.md Line 1 in f1d3c38 According to the code the angular-oauth2-oidc/projects/lib/src/oauth-service.ts Lines 1132 to 1134 in f1d3c38 |
|
Thanks for the answer @michaelfaith. It's a misconfiguration then? How can we debug this? |
First of all: Thanks so much for this library! So far we used the code flow by calling the initCodeFlow() method, which has been working fine for us in the last months.
However, we now tried adjusting our page (Angular SPA) to make it work with disabled cookies (and hence session storage) and therefore supplied a custom in-memory storage as a fallback when session storage access is impossible. By design, this forces us to stay on the page, because otherwise the nonce and pkce_verifier are lost and the returned code can't be checked anymore.
Hence we tried switching to initLoginFlowInPopup() instead of initCodeFlow() to stay on the page and getting the code via the popup in parallel.
For some reason, though, the opened popup (or tab if browser forces it to open as such) gets redirected to our SPA and the page shows in there (logged in if session storage is enabled) instead of closing the popup and passing the code back to the opener tab.
I noticed that there's no initCodeFlowInPopup method, but only initImplicitFlowInPopup, which makes me wonder, whether this scenario isn't supported at all or whether there's some kind of misconfiguration on our end either in the SPA config or our authentication server.
Could someone shed some light on this?
The text was updated successfully, but these errors were encountered: