Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

renewAuth does not work anymore due to location.hash being empty in SilentAuthenticationHandler #601

Closed
damien-gl opened this issue Dec 22, 2017 · 10 comments
Closed

renewAuth does not work anymore due to location.hash being empty in SilentAuthenticationHandler #601

damien-gl opened this issue Dec 22, 2017 · 10 comments

Comments

@damien-gl
Copy link
Contributor

Hi!
The renewAuth does not work anymore for us on v8.12.1 on Chrome (Windows & MacOS).

It seems that the location.hash in SilentAuthenticationHandler. getCallbackHandler is empty here:
https://github.com/auth0/auth0.js/blob/v8/src/web-auth/silent-authentication-handler.js#L68

Here is the value of eventData.sourceObject.contentWindow.location that we get:

{
    "href": "about:blank",
    "ancestorOrigins": {
        "0": "http://localhost:5000"
    },
    "origin": "null",
    "protocol": "about:",
    "host": "",
    "hostname": "",
    "port": "",
    "pathname": "blank",
    "search": "",
    "hash": ""
}

We suspect that this bug got introduced with this commit:
2d7243d
Because the iframe source URL is set after addEventListener and the event is then called for the about:blank Chrome page being loaded instead of the actual renewal URL page being loaded.

Can you please have a look.
Thanks!
@luisrudge
Copy link
Contributor

What version were you using before?

@damien-gl
Copy link
Contributor Author

Version 8.10.x

@luisrudge
Copy link
Contributor

how do you use the renewAuth method? there's more context about this issue here: #565 (comment)

@damien-gl
Copy link
Contributor Author

Thanks for the info regarding the issue.
We are simply using renewAuth like this:

renewAuth({
      scope: 'openid email user_metadata app_metadata',
      responseType: 'token',
      responseMode: 'fragment',
      redirectUri: ...
    }, (err, result) => {...})

To fix this issue can you maybe do the following check here:
https://github.com/auth0/auth0.js/blob/v8/src/web-auth/silent-authentication-handler.js#L56

case 'load': 
          if (eventData.sourceObject.contentWindow.location.protocol === 'about:') {
            return false;
          }
// Fall through to default
default:
          return true;

@luisrudge
Copy link
Contributor

Can you send a PR with that change and a test?

This was referenced Jan 2, 2018
Merged
Merged
@damien-gl
Copy link
Contributor Author

Hi @luisrudge

Here are the 2 PRs.
V9: #619
V8: #620

Please have a look.
Thanks

@damien-gl
Copy link
Contributor Author

Hi @luisrudge
Any update on this? We are looking forward to have this fix merged for our production release.
Thx.

@damien-gl
Copy link
Contributor Author

Any update on this? (@luisrudge @aaguiarz)

@luisrudge
Copy link
Contributor

luisrudge commented Jan 15, 2018
edited
Loading

@damien-gl thanks for both PRs! Sorry to keep you waiting, I was on vacation 🌴 I'm still catching up with stuff, but I'll cut a new release today 🎉

@damien-gl
Copy link
Contributor Author

thanks @luisrudge

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@luisrudge @damien-gl