Closed shockron22 closed 5 years ago
You can always override BasicQueryStringUtils
and override the method to always use false
if you want. You can then plumb that implementation through to RedirectBasedHandler
using the constructor.
https://github.com/openid/AppAuth-JS/blob/master/src/redirect_based_handler.ts#L51
We did this specifically in the sample because users using AppAuth-JS need to consider the downsides of using 3P JavaScript libraries (which have access to the redirect URI).
Thanks for this. I have been scratching my head as to why my listener wouldn't work. Took me ages to track down that line of code where the default listener is using location.hash
rather than location.search
. It would be good if there was some documentation around how to override the default behaviour, why you might need to, and the risks associated. I'm not sure I fully understand.
Here's my code snippet that seems to fix the issue, not sure if this is the best way to create the custom util function, but it seems to work: -
// We need to use a custom querystring parser because the default one
// assumes hash-based routing, which we don't use.
const regularQueryStringUtils = new BasicQueryStringUtils()
const myQueryStringUtils = new BasicQueryStringUtils()
myQueryStringUtils.parse = (input: Location) =>
regularQueryStringUtils.parse(input, false)
const authHandler = new RedirectRequestHandler(
new LocalStorageBackend(),
myQueryStringUtils,
window.location,
new DefaultCrypto()
)
Expected Behavior
I would expect that completeAuthorizationRequest would be able to get me the code_verifier when I am not using hash routing.
[REQUIRED] Describe expected behavior
Describe the problem
https://github.com/openid/AppAuth-JS/blob/master/src/redirect_based_handler.ts#L100
your parse function is hardcoded to use look in location.hash not location.search https://github.com/openid/AppAuth-JS/blob/master/src/query_string_utils.ts#L30
this means for me completeAuthorizationRequest will NEVER run my AuthorizationListener
[REQUIRED] Actual Behavior
my AuthorizationListener never runs.
[REQUIRED] Steps to reproduce the behavior
Attempt to use an AuthorizationListener with an application that does not use location.hash
[REQUIRED] Environment