💡 [FEATURE] - Option in login()-function to not redirect, but instead do it in an iframe or popup

soofstad / react-oauth2-pkce

Provider agnostic OAuth2 Authorization Code flow with PKCE for React

MIT License

125 stars 53 forks source link

💡 [FEATURE] - Option in login()-function to not redirect, but instead do it in an iframe or popup #147

Closed soofstad closed 5 months ago

soofstad commented 7 months ago

Summary

Scenario

The user has already logged in (has a cookie from the IDP)
The user need a new token with a different claim than the one configured in authConfig

Basic Example

<Button onClick={()=>login(mode='iframe', extraParams={"scope": "oldClaim newClaim")}>

Drawbacks

none

Unresolved questions

No response

Implementation PR

No response

Reference Issues

See discussion https://github.com/soofstad/react-oauth2-pkce/discussions/146

sebastianvitterso commented 3 months ago

Just a comment on this one: If you use the popup functionality, then any postLogin callback will be called in that window, not in the main window. That's a caveat with the current implementation that one should be aware of.