Fixing navigateToLoginRequestUrl in Auth Code Library #1320
Conversation
pkanher617
requested review from
jasonnutter,
DarylThayil,
tnorling,
jmckennon,
sameerag and
sangonzal
…e-flow-fixnavtologinrequesturl
| window.location.hash = ""; | ||
| } else { | ||
| responseHash = cachedHash; | ||
| } |
There was a problem hiding this comment.
This block of code is confusing to understand, given the if/else if/else and mutation. From our discussion, each of these is for a different scenario, but it is hard to deduce that just from reading the code. My suggestions:
- Regardless of changes to syntax, add comments making clear why each part is happening.
- Avoid mutation if possible (not all mutation is bad, but I personally treat it as the exception, not the rule).
- Similar to redirect, I think there should be a helper function to modifying
window.location.hash. else ifnot needed when previous block returns, removing it helps break up code.- Refactor code as below:
There was a problem hiding this comment.
I've removed the if/else mutation and added some helpers instead. Please take a look.
lib/msal-common/rollup.config.js
Outdated
| @@ -26,7 +26,7 @@ export default [ | |||
| { | |||
| file: "./lib/msal-common.js", | |||
| format: "umd", | |||
| name: "msal", | |||
| name: "msal-common", | |||
There was a problem hiding this comment.
Should these match the npm package name @azure/msal-common?
There was a problem hiding this comment.
this is the name of the output from rollup (i.e. in the sample when you call import xyz from "@azure/msal-common"), I wanted to change it to differentiate between msal-browser output.
There was a problem hiding this comment.
Right...we saw issue in msal where there was a mismatch between the umd name and the package name.
| let responseHash: string; | ||
| if (this.config.auth.navigateToLoginRequestUrl && UrlString.hashContainsKnownProperties(hash)) { | ||
| this.browserStorage.setItem(TemporaryCacheKeys.URL_HASH, hash); | ||
| interactionHandler.navigateToRequestUrl(); | ||
| return; | ||
| } else if (!this.config.auth.navigateToLoginRequestUrl) { | ||
| responseHash = UrlString.hashContainsKnownProperties(hash) ? hash : cachedHash; | ||
| window.location.hash = ""; | ||
| } else { | ||
| responseHash = cachedHash; | ||
| } |
There was a problem hiding this comment.
| let responseHash: string; | |
| if (this.config.auth.navigateToLoginRequestUrl && UrlString.hashContainsKnownProperties(hash)) { | |
| this.browserStorage.setItem(TemporaryCacheKeys.URL_HASH, hash); | |
| interactionHandler.navigateToRequestUrl(); | |
| return; | |
| } else if (!this.config.auth.navigateToLoginRequestUrl) { | |
| responseHash = UrlString.hashContainsKnownProperties(hash) ? hash : cachedHash; | |
| window.location.hash = ""; | |
| } else { | |
| responseHash = cachedHash; | |
| } | |
| const validHash = UrlString.hashContainsKnownProperties(hash); | |
| if (this.config.auth.navigateToLoginRequestUrl && validHash) { | |
| this.browserStorage.setItem(TemporaryCacheKeys.URL_HASH, hash); | |
| const loginRequestUrl = this.browserStorage.getItem(TemporaryCacheKeys.ORIGIN_URI); | |
| interactionHandler.navigateToRequestUrl(loginRequestUrl); | |
| return; | |
| } | |
| if (!this.config.auth.navigateToLoginRequestUrl) { | |
| window.location.hash = ""; | |
| } | |
| const responseHash = validHash ? hash : cachedHash; |
There was a problem hiding this comment.
Are we back porting (I believe only the syntax) to msal-core?
There was a problem hiding this comment.
I've done something similar to this - please take a look
refactored handleRedirectCallbacks, renamed it to better reflect the feature, added utils for navigating without history.
| BrowserUtils.clearHash(); | ||
| return this.handleHash(hash); | ||
| } | ||
| } |
There was a problem hiding this comment.
nitpick: comments before the if statements may make this more readable.
| * - if true, performs logic to cache and navigate | ||
| * - if false, handles hash string and parses response | ||
| */ | ||
| private async handleRedirectResponse(): Promise<void> { |
There was a problem hiding this comment.
general comment: Are we back porting these to msal-core?
There was a problem hiding this comment.
Yes, I'm looking into a related issue in msal-core so some of these changes may be ported over but I'm not able to say which ones yet
|
|
||
| /** | ||
| * Used to redirect the browser to the STS authorization endpoint | ||
| * @param {string} urlNavigate - URL of the authorization endpoint | ||
| */ | ||
| static navigateWindow(urlNavigate: string): void { | ||
| window.location.assign(urlNavigate); | ||
| static navigateWindow(urlNavigate: string, noHistory?: boolean): void { |
There was a problem hiding this comment.
This can be done incrementally, but I think we should have an interface for navigating a browser window, since it will be different in Node, for example.
There was a problem hiding this comment.
I think it's better to leave that entirely in the browser/node packages rather than exposing an interface in common. There is too much that goes into managing the UI that is platform specific.
There was a problem hiding this comment.
Although I may just be overthinking the node vs browser implementation differences.
There was a problem hiding this comment.
I was thinking generally about an interface for "I want to send the user to this url" and then have each platform implement how that actually happens.
There was a problem hiding this comment.
Although the noHistory nuance does make that a little more complicated, I suppose.
This PR fixes an issue with looping redirects during the navigateToLoginRequestUrl flow in the 2.0 version of the MSAL library.
It also changes the name of the msal-common export from
msaltomsal-common.