okta / okta-auth-js

The official js wrapper around Okta's auth API
Other
455 stars 267 forks source link

Trend Micro Password Manager - Unable to parse iframe response #416

Open jrwpatterson opened 4 years ago

jrwpatterson commented 4 years ago

Hi we are using your code and some of our clients have Trend Micro Password Manager. It adds an iframe and also sends data between the iframe and the main window.

This means that the data on the message handler instead of looking like {"type":"FingerprintAvailable","fingerprint":"Wbog5CFwciaCx0EpH1ZMl3WoXC6D6ady|dfbffa51dba2352113fb7f689abb1ef84ce0498b100042046eb491fe674278c6|c3c1e94be502a60a8b2868fb6f93078e","fingerprintExpiry":1594698112292}" it has a token that looks like JTIydGFyZ2V0SWQlMjIlM0ElMjJNZXNzYWdlLlRvcEZyYW1lJTIyJTJDJTIybWVzc2FnZUlkJTIyJTNBJTIyRnJhbWVSZWFkeSUyMiUyQyUyMnNlbmRlcklkJTIyJTNBJTIyTWVzc2FnZS5GcmFtZS40YjY1NDFkMjNhOGYlMjIlN0Q

This is causing the Unable to parse iframe response error from https://github.com/okta/okta-auth-js/blob/d7ba7ca2385fd0b3678bb27bb268a6622ffeb122/packages/okta-auth-js/lib/browser/browser.js#L368

It appears the way the password manager works it also injects an iframe into the code and either encrypts messages or responses with a fingerprint so when your iFrame sends the FingerprintServiceReady message it sends its message creating the issue.

swiftone commented 4 years ago

Internal ref: OKTA-314036

swiftone commented 4 years ago

@jrwpatterson - Just want to confirm, did the latest version of okta-auth-js correct your issue?