search

authts / react-oidc-context

Lightweight auth library based on oidc-client-ts for React single page applications (SPA). Support for hooks and higher-order components (HOC).
MIT License
609 stars 60 forks source link

Is there a way to stay in http with oidc-client-ts ? #1288

Closed davidbourrel closed 1 week ago

davidbourrel commented 2 weeks ago

Hello,

My team and I are currently developing an app but we want to stay temporarily in http instead of https.

However, http in not a secure context (localhost and https yes) so we have a problem with Crypto.subtle probably called by generateCodeChallenge in : src/utils/CryptoUtils.ts (oidc-client-ts)

Crypto.subtle is available only in secure contexts (HTTPS).

Do you thing there is a way to use react-oidc-context (depend of oidc-client-ts) with http or it's not possible ?

Thank you !

pamapa commented 2 weeks ago

That is a browser built int feature and therefore we can not control it, which is good. If you really need something else you would either have to use the older version of this library (v2.3.1) or manually patch that code part yourself by reverting it back to the old behaviour...

davidbourrel commented 1 week ago

Downgrade to an older verson doesn't work too, Crypto interface is there too ^^ Ok we gonna switch to https.

Thank you for your reply !