Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: History Back to callback route breaks the application #1692

Open
Spinnenzunge opened this issue Feb 20, 2023 · 3 comments
Open

[Bug]: History Back to callback route breaks the application #1692

Spinnenzunge opened this issue Feb 20, 2023 · 3 comments
Labels
bug

Comments

@Spinnenzunge
Copy link

Spinnenzunge commented Feb 20, 2023
edited
Loading

Version

15.0.3

Please provide a link to a minimal reproduction of the bug

https://github.com/damienbod/angular-auth-oidc-client/tree/main/projects/sample-code-flow-auto-login-all-routes

Please provide the exception or error you saw

The callback route can not be consumed twice in the same navigation history and the user won't be redirected again and stays on a template-less callback route.


Error: could not find matching config for state

Steps to reproduce the behavior

1. Open application
2. Get redirected to authentication provider
3. Login
4. Get redirected to applications callback url
5. `checkAuth()` finishes PKCE flow and redirects user to the `/home` route
6. User performs a browser history back navigation and lands on the callback route again
7. Callback route fails with an error

A clear and concise description of what you expected to happen.

One of two things:

1. Either the Callback url wont stay part of the navigation history as it does not really make sense in a user journey to navigate back to callback anyway, as this is simply a template-less technical route that should only be called via a redirect in the OAuth Flow

2. The `checkAuth()` method can handle a call differently when there is already an existing user session existing in the application

Additional context

In our case we do handle a checkAuth() by navigating to a generic error page, as in the PKCE flow this usually means that there was an error with a code exchange or a state check. But by having the navigation history back problem, this means that we have users landing on an error page that just clicked the history back button in the browser once too many.
@damienbod
Copy link
Owner

@FabianGosebrink ? I think this is ok, the history back should not login again. Wondering if we could, should do something here

Greetings Damien

@FabianGosebrink
Copy link
Collaborator

IMHO checkAuth() should be able to handle this. We need to fix this. Short on time and can look at this in June the soonest,.

@damienbod damienbod added bug and removed investigate labels Apr 16, 2023
@Yberion
Copy link
Contributor

Yberion commented Jun 6, 2023
edited
Loading

Hello, I'm also facing this problem (more or less):

  • Login
  • Redirected to the app
  • Navigate back on previous state which contain the query params
  • F5
  • Error: could not find matching config for state 25c8301c7...
  • It also seems to be blocked on event CheckingAuth = 1

We don't have a callback component, we directly call checkAuth() in an APP_INITIALIZER (no idea if it's the best way to do that) because we need to ensure that the user is connected or not for some of our guards (on those guards it is not required to be connected, so we can't call AutoLoginPartialRoutesGuard on this route) and doing it in app.component is too late.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@damienbod @Yberion @Spinnenzunge @FabianGosebrink