Open eugeneglova opened 6 years ago
I can understand the reason for using window.opener, but I'm not following how you can do it without async. The act of user filling out the login form seems inherently asynchronous.
I suppose alternatives to polling the window could be polling localStorage or being notified through postMessage but both of those seem more complex.
Follow up on this, how about utilizing state
field to pass the value of requestKey
param into the child window?
As such provider would need to implement IProvider.buildAuthorizeUrl(requestKey: string)
to populate state field in the url. This can be validated after the url was built by checking the value of state param.
I checked how it works and found that the script uses
window.name
asrequestKey
to communicate via local storage to set url in it. There is an issue with login with facebook in case you are not logged in. Facebook changeswindow.name
on load the page so once you logged in it redirects you to redirect url but it has already differentwindow.name
and we set wrong item. I suggest to usewindow.opener
to communicate between windows. As a workaround I update url inwindow.opener
, close the window and then updatesession
key inlocalStorage
with url and just get access token without async