Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Callback URL not removed from history. Error if user goes back

See original GitHub issue

Issue and Steps to Reproduce

Summary After logging in, /authentication/callback?code... url is not removed from history. This allows users to go back and a not-authenticated page is shown.

Steps

Git clone, npm install and start this demo: https://github.com/AxaGuilDEv/react-oidc/tree/master/examples/context
Login
Click back button

Versions

"@axa-fr/react-oidc-context": "^3.1.6",
"@axa-fr/react-oidc-context-fetch": "^3.1.6",
"oidc-client": "^1.10.1",

Screenshots

History right after logging in (but without pressing the back button)

Expected

History without callback entry

Actual

History with callback entry

Additional Details

After taking a look at the source code I found this line: https://github.com/AxaGuilDEv/react-oidc/blob/c785f2d6cd92d9380c0c3ec99e01bb61f7ec2fcd/packages/core/src/routes/withRouter.tsx#L54 Changing it to windowInternal.history.replaceState({ key, state }, null, url); seems to do the trick, but I’m not sure about the implications of making this change to other parts of the app

Installed packages:

Same posted above

Issue Analytics

State:
Created 2 years ago
Reactions:4
Comments:8 (6 by maintainers)

Top GitHub Comments

1reaction

smariano88commented, Mar 4, 2022

Apologies for the delayed response. Unfortunately I left the place where we were implementing this, so I no longer have access to that code.

1reaction

smariano88commented, Jun 11, 2021

What about providing a way of overriding this callback function? https://github.com/AxaGuilDEv/react-oidc/blob/c785f2d6cd92d9380c0c3ec99e01bb61f7ec2fcd/packages/context/src/Callback/Callback.container.tsx#L6

But keeping the default behaviour if no callback is provided. That way every consumer could implement whatever they want

Top Results From Across the Web

Facebook Callback appends '#_=_' to Return URL

A workaround that worked for me (using Backbone.js), was to add "#/" to the end of the redirect URL passed to Facebook. Facebook...

Window: popstate event - Web APIs | MDN

The popstate event of the Window interface is fired when the active history entry changes while the user navigates the session history.

Callback URLs | Docs | Twitter Developer Platform

If you use a callback URL that hasn't been properly added to your App's settings in the developer portal, you will receive the...

chrome.webNavigation - Chrome Developers

If a navigation restored a page from the Back Forward Cache, the onDOMContentLoaded event will not fire. The event is not fired because...

Using the Amazon Cognito hosted UI for sign-up and sign-in

A sign-out URL indicates where your user will be redirected after signing out. Select Authorization code grant to return an authorization code that...