AxaFrance / oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).
MIT License
597 stars 160 forks source link

SilentCallback.component.tsx Bug: OIDC Client Error 'No state in response' #554

Closed DaleyKD closed 2 years ago

DaleyKD commented 3 years ago

Issue and Steps to Reproduce

Trying to use the Silent Callback, and when I have the OIDC logger set to DEBUG, I see an error about "No state in response."

After looking through your code, I can't find a way to override the SilentCallback.component (that's an enhancement request) in order to test my theory, so I had to fully bypass the React control.

If we look at your code here: https://github.com/AxaGuilDEv/react-oidc/blob/06ca2dd66e06bcc485c8e8cd57cdcff2da6ab6a5/packages/core/src/callbacks/SilentCallback.component.tsx#L11, we see that you're instantiating up a new UserManager without the same configuration as what we use to send the request.

To test my theory, I used a plain .html with a script on it.

    <script src="https://cdnjs.cloudflare.com/ajax/libs/oidc-client/1.10.1/oidc-client.min.js" integrity="sha512-J+l1VucK7pEidJ+w1fYQfo0Yq4LGkTXwKQ3w9Y9/c4O2NoQe+DgiIwvh2ocNVv4ost5H6W4uhy1K2sw5tWO+ew==" crossorigin="anonymous"></script>
    <script>
        var configuration = Object.assign(window.myConfig.oidc, {
            userStore: new Oidc.WebStorageStateStore({ store: window.localStorage }),
            automaticSilentRenew: true,
            filterProtocolClaims: true,
            loadUserInfo: true
        });
        var mgr = new Oidc.UserManager(configuration);
        mgr.signinSilentCallback().then(user => {
            console.log("Success????!!");
        }).catch(reason => {
            debugger;
        });
    </script>

And this works perfectly.

Versions

"@axa-fr/react-oidc-context": "^3.1.6",

Screenshots

Expected

Actual

Additional Details

DaleyKD commented 3 years ago

Further investigation shows that it's not because it's a different configuration. I've tried it with both: new Oidc.UserManager().signinSilentCallback(); and new Oidc.UserManager({}).signinSilentCallback(); and they both work outside of the SilentCallback.component.tsx. However, if I try to use your SilentCallback.component.tsx, it errors out every time.

youf-olivier commented 3 years ago

Thanks for the issue, sorry we were a bit overwhelmed. I'll look all the issues soon

DaleyKD commented 3 years ago

I appreciate it, @youf-olivier . I'm sorry that you've been overwhelmed. It's the holidays, and I pray that you get to enjoy them!

We're trying to use your library for a product for use in Microsoft Teams, and for the most part, it works, but we've had to work around quite a few things to make it work for our needs. I'd love to see it tighten up a bit more so these workarounds are as necessary.

Merry Christmas to you!

tielushko commented 3 years ago

Are there any updates for this issue?

DaleyKD commented 3 years ago

I honestly thought this project was dead. 💀 If I ever get back to my project that uses this, I may have to look elsewhere.

tielushko commented 3 years ago

Sadly, the entire oidc-client-js may soon be dead as well. The repo was recently archived.

DaleyKD commented 3 years ago

Not surprising. The guys who did Identity Server have started a new profit company. https://blog.duendesoftware.com/

guillaume-chervet commented 2 years ago

New v4 of react oidc use app auth js is simpler and solve this bug.

guillaume-chervet commented 2 years ago

https://www.npmjs.com/package/@axa-fr/react-oidc-context

guillaume-chervet commented 2 years ago

Thank you for the issue. I close it. Feel free to reopen it if you have the bug with the version 4.