Callback URL not removed from history. Error if user goes back
See original GitHub issueIssue and Steps to Reproduce
Summary
After logging in, /authentication/callback?code...
url is not removed from history. This allows users to go back and a not-authenticated page is shown.
Steps
- Git clone, npm install and start this demo: https://github.com/AxaGuilDEv/react-oidc/tree/master/examples/context
- Login
- Click back button
Versions
"@axa-fr/react-oidc-context": "^3.1.6",
"@axa-fr/react-oidc-context-fetch": "^3.1.6",
"oidc-client": "^1.10.1",
Screenshots
History right after logging in (but without pressing the back button)
Expected
History without callback entry
Actual
History with callback entry
Additional Details
After taking a look at the source code I found this line:
https://github.com/AxaGuilDEv/react-oidc/blob/c785f2d6cd92d9380c0c3ec99e01bb61f7ec2fcd/packages/core/src/routes/withRouter.tsx#L54
Changing it to
windowInternal.history.replaceState({ key, state }, null, url);
seems to do the trick, but I’m not sure about the implications of making this change to other parts of the app
Installed packages:
Same posted above
Issue Analytics
- State:
- Created 2 years ago
- Reactions:4
- Comments:8 (6 by maintainers)
Top Results From Across the Web
Facebook Callback appends '#_=_' to Return URL
A workaround that worked for me (using Backbone.js), was to add "#/" to the end of the redirect URL passed to Facebook. Facebook...
Read more >Window: popstate event - Web APIs | MDN
The popstate event of the Window interface is fired when the active history entry changes while the user navigates the session history.
Read more >Callback URLs | Docs | Twitter Developer Platform
If you use a callback URL that hasn't been properly added to your App's settings in the developer portal, you will receive the...
Read more >chrome.webNavigation - Chrome Developers
If a navigation restored a page from the Back Forward Cache, the onDOMContentLoaded event will not fire. The event is not fired because...
Read more >Using the Amazon Cognito hosted UI for sign-up and sign-in
A sign-out URL indicates where your user will be redirected after signing out. Select Authorization code grant to return an authorization code that...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Apologies for the delayed response. Unfortunately I left the place where we were implementing this, so I no longer have access to that code.
What about providing a way of overriding this callback function? https://github.com/AxaGuilDEv/react-oidc/blob/c785f2d6cd92d9380c0c3ec99e01bb61f7ec2fcd/packages/context/src/Callback/Callback.container.tsx#L6
But keeping the default behaviour if no callback is provided. That way every consumer could implement whatever they want