Uncaught SyntaxError: "undefined" is not valid JSON

AxaFrance / oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).

MIT License

582 stars 160 forks source link

Uncaught SyntaxError: "undefined" is not valid JSON #1257

Closed gitawego closed 8 months ago

gitawego commented 9 months ago

Issue and Steps to Reproduce

when calling method getLoginParams in file initSession.ts, if there is no param set in localStorage, then it throws error

Uncaught SyntaxError: "undefined" is not valid JSON

It happens very frequently.

based on the code, JSON.parse can't parse the undefined value, if dataString is undefined, then oidc can't initialize the session.

const getLoginParams = () => {
        const dataString = storage[`oidc.login.${configurationName}`];
        if (!getLoginParamsCache[configurationName]) {
            getLoginParamsCache[configurationName] = JSON.parse(dataString);
        }
        return getLoginParamsCache[configurationName];
    };

maybe we should add a default value to dataString, like

const dataString = storage[`oidc.login.${configurationName}`] || 'null';

Versions

all

guillaume-chervet commented 9 months ago

Hi @gitawego , Thank you for your issue. Which version of the library are you using ? Do you have a sample (ofuscated) of your configuration ?

I'am searching from a long time why storage can be null. It never set to null in the code and values are required to refresh tokens correctly.

gitawego commented 9 months ago

I put null is only to make JSON.parse works, because undefined can't be parsed.

in this line of code: https://github.com/AxaFrance/oidc-client/blob/main/packages/oidc-client/src/initSession.ts#L66

const dataString = storage[`oidc.login.${configurationName}`];

dataString could be undefined,

and when parsed at line 68: https://github.com/AxaFrance/oidc-client/blob/main/packages/oidc-client/src/initSession.ts#L68

getLoginParamsCache[configurationName] = JSON.parse(dataString);

if dataString is undefined, it throws error, because JSON.parse can't parse undefined.

JSON.parse(JSON.stringify(undefined)) // throw Uncaught SyntaxError: "undefined" is not valid JSON
JSON.parse(undefined) //Uncaught SyntaxError: "undefined" is not valid JSON
JSON.parse(null) // return value null
JSON.parse(JSON.stringify(null)) // return value null

in my company, it's v7.6.0, but I compared, this part of the code is never changed.

guillaume-chervet commented 9 months ago

I will manage this case with a warning instead of a crash. It would not be a problem for 90% of configurations cases.

But i Wonder how storage[oidc.login.${configurationName}] can be null because it is set during authentication.

guillaume-chervet commented 9 months ago

Hi @gitawego,

Do you have a sample of the stack trace of the error ?

gitawego commented 9 months ago

I'll try to get it Monday.

gitawego commented 8 months ago

after investigated the code, it's caused by a custom wrapper component which forces to do a code/authorization_code exchange without authorization, sorry for the confusion.

but I think your PR is still worthy to avoid breaking the application.

Maingart commented 8 months ago

@gitawego, hello! What was the reason?

I have same problem

LeadcodeDev commented 8 months ago

Same issue with Next application