search

openid / AppAuth-JS

JavaScript client SDK for communicating with OAuth 2.0 and OpenID Connect providers.
Apache License 2.0
977 stars 162 forks source link

URL format support for auth code response #70

Closed ChinthakaSenanayaka closed 5 years ago

ChinthakaSenanayaka commented 6 years ago

Expected Behavior

When extending the library for PKCE flow, it should extract auth code from the URL.

[REQUIRED] Describe expected behavior

Implicit flow: localhost:8080/app#id_token=..... PKCE flow: localhost:8080/app?code=.....

In both flows based on the PKCE or implicit, it should extract URL param fields.

Describe the problem

This library works with implicit flow. But when I extend this library for PKCE, auth code from the URL was not extracted because of the limitation in URL param extraction by # marker only but not by ? query param.

I created PR #69 fixing the issue. And this is open for discussion and I will fix any code review changes.

[REQUIRED] Actual Behavior

Implicit flow works but not auth code PKCE.

[REQUIRED] Steps to reproduce the behavior

Either change the authorizationRequest to response type to "id_token"

let request = new AuthorizationRequest( clientId, redirectUri, scope, "id_token", undefined, / state / {'prompt': 'consent', 'access_type': 'offline', 'nonce': '1234'});

Or change let request = new AuthorizationRequest( clientId, redirectUri, scope, "code", undefined, / state / {'prompt': 'consent', 'access_type': 'offline'});

in RedirectRequestHandler queryParams = this.utils.parse(this.locationLike, false / use ? /);

[REQUIRED] Environment

tikurahul commented 5 years ago

We have out of the box support for PKCE now.