In both flows based on the PKCE or implicit, it should extract URL param fields.
Describe the problem
This library works with implicit flow. But when I extend this library for PKCE, auth code from the URL was not extracted because of the limitation in URL param extraction by # marker only but not by ? query param.
I created PR #69 fixing the issue. And this is open for discussion and I will fix any code review changes.
[REQUIRED] Actual Behavior
Implicit flow works but not auth code PKCE.
[REQUIRED] Steps to reproduce the behavior
Either change the authorizationRequest to response type to "id_token"
let request = new AuthorizationRequest(
clientId,
redirectUri,
scope,
"id_token",
undefined, / state /
{'prompt': 'consent', 'access_type': 'offline', 'nonce': '1234'});
Or change
let request = new AuthorizationRequest(
clientId,
redirectUri,
scope,
"code",
undefined, / state /
{'prompt': 'consent', 'access_type': 'offline'});
in RedirectRequestHandler
queryParams = this.utils.parse(this.locationLike, false / use ? /);
Expected Behavior
When extending the library for PKCE flow, it should extract auth code from the URL.
[REQUIRED] Describe expected behavior
Implicit flow: localhost:8080/app#id_token=..... PKCE flow: localhost:8080/app?code=.....
In both flows based on the PKCE or implicit, it should extract URL param fields.
Describe the problem
This library works with implicit flow. But when I extend this library for PKCE, auth code from the URL was not extracted because of the limitation in URL param extraction by # marker only but not by ? query param.
I created PR #69 fixing the issue. And this is open for discussion and I will fix any code review changes.
[REQUIRED] Actual Behavior
Implicit flow works but not auth code PKCE.
[REQUIRED] Steps to reproduce the behavior
Either change the authorizationRequest to response type to "id_token"
let request = new AuthorizationRequest( clientId, redirectUri, scope, "id_token", undefined, / state / {'prompt': 'consent', 'access_type': 'offline', 'nonce': '1234'});
Or change let request = new AuthorizationRequest( clientId, redirectUri, scope, "code", undefined, / state / {'prompt': 'consent', 'access_type': 'offline'});
in RedirectRequestHandler queryParams = this.utils.parse(this.locationLike, false / use ? /);
[REQUIRED] Environment