New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization Code Flow for Single Page Applications: Authority and Protocol Classes #1133
Authorization Code Flow for Single Page Applications: Authority and Protocol Classes #1133
Conversation
} | ||
|
||
constructor(rawClientInfo: string, crypto: ICrypto) { | ||
if (!rawClientInfo || StringUtils.isEmpty(rawClientInfo)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are there times there are empty client info and we want to construct the class?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe there are cases in B2C where we may not receive the client info object, but I will double check to verify. It would probably be a better pattern to throw a warning and not create the object at all, so I will make some changes to reflect that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated, please re-review
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some cases of device flow had this issue but eSTS guarantees client_info and if it is empty, we need to raise a bug against them. However it may be necessary to confirm the expected behavior from msal js in case it returns empty.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added some comments, will review later.
…auth-classes Authorization Code Flow for Single Page Applications: Authority and Protocol Classes
Please review PR #1109 before this one.
This PR adds authority and protocol-specific classes to the Authorization Code Flow library. Any changes to the account, IdToken, client info or authority classes should be incorporated in this PR. Most of these classes have been lifted from the implicit flow library, and should be thoroughly reviewed before merging.