search

mattmazzola / react-simple-auth

Authentication library for React based on Ember-Simple-Auth
MIT License
56 stars 15 forks source link

facebook changes window.name #2

Open eugeneglova opened 6 years ago

eugeneglova commented 6 years ago

I checked how it works and found that the script uses window.name as requestKey to communicate via local storage to set url in it. There is an issue with login with facebook in case you are not logged in. Facebook changes window.name on load the page so once you logged in it redirects you to redirect url but it has already different window.name and we set wrong item. I suggest to use window.opener to communicate between windows. As a workaround I update url in window.opener, close the window and then update session key in localStorage with url and just get access token without async

mattmazzola commented 6 years ago

I can understand the reason for using window.opener, but I'm not following how you can do it without async. The act of user filling out the login form seems inherently asynchronous.

I suppose alternatives to polling the window could be polling localStorage or being notified through postMessage but both of those seem more complex.

junjchen commented 5 years ago

Follow up on this, how about utilizing state field to pass the value of requestKey param into the child window?

As such provider would need to implement IProvider.buildAuthorizeUrl(requestKey: string) to populate state field in the url. This can be validated after the url was built by checking the value of state param.