Skip to content

Invalid url after authentication #959

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
FiReBlUe45 opened this issue Oct 22, 2020 · 10 comments · Fixed by #963
Closed

Invalid url after authentication #959

FiReBlUe45 opened this issue Oct 22, 2020 · 10 comments · Fixed by #963
Labels
bug For tagging faulty or unexpected behavior. investigation-needed Indication that the maintainer or involved community members may need to investigate more.

Comments

@FiReBlUe45
Copy link

Hello,
I have a problem with several projects, I hope you can help me.

Describe the bug
When I authenticate on my application with authorization code flow, I am back on my application with a url of this type:

The library finalizes the authentication and cleans the url but this gives an invalid url for my application. Example :

Expected behavior
I expect the library to clean up url and have a url like this:

Desktop (please complete the following information):

  • OS: Windows 10
  • Browser chrome
  • Version 85
@jeroenheijmans jeroenheijmans added bug For tagging faulty or unexpected behavior. investigation-needed Indication that the maintainer or involved community members may need to investigate more. labels Oct 22, 2020
@jeroenheijmans
Copy link
Collaborator

Hmm, I've tagged as a bug for now, but not sure if it is one?

I don't think login.language is part of the specs, and am not sure if the specs allow for additional query string parameters? If it is allowed (or left open) then I suppose things could be handled a bit more graciously in this scenario.

@kranich
Copy link
Contributor

kranich commented Oct 27, 2020

I have encountered a similar problem, where a URL of the form http://example.com/?code=abc&state=xyz#/route?param1=value1&param2=value2 results in the URL http://example.com/&param2=value2.

The problem is the regular expression used for replacing the code and state params in OAuthService. I will send a pull request.

@mreschke
Copy link

This is the same issue as #725 which was supposed to be fixed in version 9, but now using 10, it is still missing the ?

@tbilli
Copy link

tbilli commented Nov 12, 2020

I've tested and verified the same issue. Looks like the pull request by @kranich should fix it though.

@kranich
Copy link
Contributor

kranich commented Mar 8, 2021

@jeroenheijmans Based on the comments here and at #963, this seems to be an issue that several people are facing. Is there any chance #963 is going to be merged soon?

@jeroenheijmans
Copy link
Collaborator

Is there any chance #963 is going to be merged soon?

I honestly do not know. I moderate the issues list, and contribute a PR of my own here and there. But otherwise we currently have one maintainer, will leave it up to him to decide.

@FiReBlUe45
Copy link
Author

@manfredsteyer Do you have any news regarding this merge request?

@Sebastian-G
Copy link

Sebastian-G commented Jul 9, 2021

I think I have the same issue.

After login the url gehts extended by the parameter code. e.g. https://example.com/?code=0.AYvz5kut43bo1u212e<....>
Im using an Azure AD, with SPA config as redirect.

On Page refresh the page breaks. When I remove the code parameter, the login is successful.

@gihnih
Copy link

gihnih commented Apr 6, 2022

Hi. I think I have the same issue.

I try to get authorization from Strava, after getting a link to return the page
http://localhost:4200/strava?state=&code=d1a952efc2d4csacd23f83s0f23d27e98csaddc2&scope=read

then URL change to http://localhost:4200/strava

my expectation: the URL will remain like this
http://localhost:4200/strava?state=&code=d1a952efc2d4csacd23f83s0f23d27e98csaddc2&scope=read
so I can get the data from URL

@MajaEffenberg
Copy link

We ran into the same problem in our application. After logging in, redirect url is extended by the parameters code and state, e.g. https://example.com/?code=K1aSexXTjhkftC07LvtAoRJQoQV8&state=MVBlZ29EU25KSWV3SDQ4Tk9DN3JXV0RIVC0zUmhQMm5Lc2VBUW5Kd3NSZEIx

After refreshing the page, only a white screen is displayed and during authorization we get the error:
{"error":"invalid_grant","error_description":"invalid code"}

If remove these additional parameters from the url (code and state parameters) and refresh, the page is loaded correctly and login is successful.

Short movie showing wrong behavior:
https://user-images.githubusercontent.com/89073193/208441690-7315d3c0-4223-4d33-bd76-b947bbed4277.mp4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug For tagging faulty or unexpected behavior. investigation-needed Indication that the maintainer or involved community members may need to investigate more.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants