Cancel login on "Same Device" gives blank screen #143
Comments
|
I got an email with your comment @span, but seems to be gone here. I think it is a valid scenario. We have an orderRef and I've tried it, and BankID does accept that we cancel it. To try it out, I used my PC but didn't allow the BankID app to open, then I cancelled it.
A scenario could be you choose "this device" but realize you actually wanted "other device" and want to cancel the first operation. While on it, I realize we do get an error almost every time we cancel. That's because it tries to get one last status for that cancel, and the orderRef does not longer exists. I think we should check for cancel earlier, like this: function checkStatus(requestVerificationToken, returnUrl, loginOptions, orderRef) {
if (loginIsCancelledByUser) {
return;
}
......
} |
|
Yes, sorry. I totally lost my head and was thinking of using qr codes with same device. |
Nah, still valid to question it, cause it is a different scenario :) Will look at this later today, should be a quick thing. |
|
Let me know if you want me to have a look at it. |
|
I was hoping to find time today, but I didn’t. Might have time tomorrow night. If you find time before that, please go ahead :)
/Peter Örneholm
0738-031398
… On 29 Oct 2019, at 21:16, Daniel Kvist ***@***.***> wrote:
Let me know if you want me to have a look at it.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
Ok, added an initial naive implementation. It was more work than I expected. Hopefully I did not overengineer it :P I added a new form field to map to a new view model property A few shortcuts if wanted:
One argument for doing it as a separate property is that perhaps people want to redirect to different pages on success vs. cancel. |
Note that we still need the same check within the 'then' clause since a check might have been started before the user cancels and the response comes in after cancellation. Ref ActiveLogin#143
This commit adds a new property 'cancelReturnUrl' that is used by the samedevice scheme to redirect the user back to the initial page if they cancel an ongoing auth process. Currently it limits the cancelUrl to the samedevice only but it is possible to allow the cancel url to be set for the otherdevice scheme as well without too much hassle. Ref ActiveLogin#143
* Do not check for another status if user cancelled Note that we still need the same check within the 'then' clause since a check might have been started before the user cancels and the response comes in after cancellation. Ref #143 * Use cancel return url for samedevice auth This commit adds a new property 'cancelReturnUrl' that is used by the samedevice scheme to redirect the user back to the initial page if they cancel an ongoing auth process. Currently it limits the cancelUrl to the samedevice only but it is possible to allow the cancel url to be set for the otherdevice scheme as well without too much hassle. Ref #143 * Add testdata for cancel url and other form fields * Fix redirect on cancel with qr codes * Fixes for review on cancelling same device * Re-add possibility to override cancel url It was accidently removed ina previous commit. * Add documentation on how to override the cancellation return url * Fix bug in dictionary access for return urls on cancellation * Restructure resolving of cancellation url * Fix redirect bug in identity server example * Enhances UI on cancel * Always add cancelReturnUrl
|
Closed by #145 |
Describe the bug
I obviously forgot to test this scenario, but if you cancel the login when choosing "Same Device" the page becomes empty, only showing the title "BankID".
What area is it related to
BankID
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I've checked how Handelsbanken does it, and if you cancel on "Other device", they do like we do. Show the PIN input again. But when you cancel on "Same device", they take you back to the selection of schemes (Same / Other etc). I'd expect that to happen.
Screenshots
NuGet package version
Latest code in master.
Additional context
Suggestion would be that the server response for Cancel would include a redirectUrl, if set, the client would redirect there. That redirectUri would point to the "initial" page.
The text was updated successfully, but these errors were encountered: