search

HEPTACOM / HeptacomShopwarePlatformAdminOpenAuth

Shopware plugin to allow open auth logins in the administration
https://www.heptacom.de/
Apache License 2.0
30 stars 10 forks source link

[Bug]: Duplicate token request causes login to fail #26

Open htuscher opened 1 month ago

htuscher commented 1 month ago

Plugin Version

7.0.0

PHP Version

8.2.21

Shopware Version

6.6.4.0

Installation method

Composer

Identity provider

Keycloak

What happened?

If clicking on the SSO button in the admin, I see the following in the requests:

image

Unfortunately it looks like the first (canceled) token requests leads to Heptacom\AdminOpenAuth\Service\Login->pop() and therefore the second token request doesn't have a LoginState. The result is

throw OAuthServerException::invalidRequest('one_time_token', 'Expired');

Not sure what is causing this.

Probable useful hint: We're building our projects with shopware-cli project ci .

Relevant log output

No response

silviokennecke commented 3 days ago

Could you check in the network inspector if a redirect or something similar might be causing the cancelation of the first token request? This would be one of the more common reasons why XHR requests get cancelled by the browser.

The SSO plugin simply makes a token request, as soon as it discovers that the login page is open and a IdP redirect state is given

pbalcerzak commented 1 day ago

There is a redirect from /admin?state=SOME_STATE# to /admin?state=SOME_STATE#/login/ which is causing the issue. Most likely came with new VUE version in SW 6.6, in 6.5 the url was changing but wasn't considered as redirect in the browser.

In our case we have fixed it with a patch file for ClientRedirectRoute by adding

$targetUrl = $this->enrichRedirectUrl($targetUrl, $requestState);
$targetUrl .= '/login/'; // addition

Ugly fix as we are short on time with the upgrade, would be great to have a new plugin version with a proper fix!