search

bradamelton / saberfin.io

Issues for the https://saberfin.io website
0 stars 0 forks source link

My tokens have been expiring! wth #94

Closed bradamelton closed 1 year ago

bradamelton commented 1 year ago

Error is "interaction_required"

http://localhost:8080/?state=96c64e00c44f4bdfacc8f491429cd4da&error_subtype=access_denied&error=interaction_required

bradamelton commented 1 year ago

related?

Cookie “__Host-GAPS” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

bradamelton commented 1 year ago

I think this is more of the sandbox issue:

https://html.spec.whatwg.org/multipage/iframe-embed-object.html#attr-iframe-sandbox

An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.

https://stackoverflow.com/questions/16677893/evil-firefox-error-a-parameter-or-an-operation-is-not-supported-by-the-under

InstallTrigger is deprecated and will be removed in the future. AuthContext.js:27 onmozfullscreenchange is deprecated. AuthContext.js:27 onmozfullscreenerror is deprecated.

bradamelton commented 1 year ago

Another says it can be a CORS thing:

The CORS (Cross-Domain Resource Sharing) calls I was making were set to 'async: false' -- (which I realize I did not include in my original post, as I thought it was inconsequential) this, seems to operate fine in all browsers except Firefox, where jQuery will bark at you and your ajax call will fail.

https://stackoverflow.com/questions/16677893/evil-firefox-error-a-parameter-or-an-operation-is-not-supported-by-the-under

bradamelton commented 1 year ago

Not seeing any issue with my CORS

bradamelton commented 1 year ago

Sounds similar:

https://github.com/authts/oidc-client-ts/issues/608

bradamelton commented 1 year ago

DOMException: A parameter or an operation is not supported by the underlying object

bradamelton commented 1 year ago

Error: IFrame timed out without a response columnNumber: 21 fileName: "http://localhost:8080/static/js/bundle.js" lineNumber: 68009 message: "IFrame timed out without a response" name: "ErrorTimeout"

inside oidc-client-ts navigators AbstractChildWindow when trying to renew

bradamelton commented 1 year ago

DOMException: A parameter or an operation is not supported by the underlying object

this is from a window.open in oidc-client-ts PopupWindow.ts ln 33

bradamelton commented 1 year ago

Could very well be sandbox related

" An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing. "

Can we disable the iframes sandbox?

bradamelton commented 1 year ago

giving it a try in oidc-client-ts iFrameWindow.ts ln 45. Due to the above warning, this can probably be a pull request.

bradamelton commented 1 year ago

Looks like we may be able to reproduce with IdentityServer: https://github.com/IdentityServer/IdentityServer4/issues/5487

bradamelton commented 1 year ago

Switched to react-oidc-context. Added Login hint to oidc-client-ts. Allowing Popup instead of Silent, which resolves the "interaction_required" error.

Worklng well now. Still testing mobile.