SpoonX / aurelia-authentication

Authentication plugin for aurelia.
http://aurelia-authentication.spoonx.org
MIT License
90 stars 60 forks source link

Popup not closing: DOMException blocked frame due to cross-origin #373

Closed baconinthemorn closed 3 years ago

baconinthemorn commented 6 years ago

I'm troubleshooting an issue with my implementation where the login popup window does not close and redirect the user.

This only occurs when the user selects an account which is not already logged in/authenticated to the provider (Google, in this case). If they are already logged in to the Google account, and select it, this behavior is not witnessed.

See below for example:

auth-bug

What's more peculiar, is that if the user closes the popup, and then re-opens it (via this.authService.authenticate()) the user is logged directly in without any sort of prompt.

In my investigation it seems to be relative to the pollPopup() function, specifically this snippet:

if (this.popupWindow.location.host ===  PLATFORM.global.document.location.host
            && (this.popupWindow.location.search || this.popupWindow.location.hash)) {

From what I can tell, it seems the value for this.popupWindow.location.host cannot be determined due to a cross-origin conflict.

My provider is OIDC (IdentityServer4) and I am using aurelia-authentication version 3.7.0. Any insight you can provide will be greatly appreciated.

Please let me know if I can provide any additional information that may be useful/helpful.

baconinthemorn commented 6 years ago

Some additional info on what is showing in a console log for popupWindow when the popup is opened:

popupwindow-domexception

RWOverdijk commented 6 years ago

It looks like you're using localhost for both providers. The url needs to be different.

Update: I mean auth and the app itself are both running on localhost.