New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixing navigateToLoginRequestUrl in Auth Code Library #1320
Fixing navigateToLoginRequestUrl in Auth Code Library #1320
Conversation
…e-flow-fixnavtologinrequesturl
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, also like extracting out sets of logic into specific functions similar to navigateToRequestUrl
here, makes it easier to test!
window.location.hash = ""; | ||
} else { | ||
responseHash = cachedHash; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This block of code is confusing to understand, given the if/else if/else
and mutation. From our discussion, each of these is for a different scenario, but it is hard to deduce that just from reading the code. My suggestions:
- Regardless of changes to syntax, add comments making clear why each part is happening.
- Avoid mutation if possible (not all mutation is bad, but I personally treat it as the exception, not the rule).
- Similar to redirect, I think there should be a helper function to modifying
window.location.hash
. else if
not needed when previous block returns, removing it helps break up code.- Refactor code as below:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've removed the if/else mutation and added some helpers instead. Please take a look.
lib/msal-common/rollup.config.js
Outdated
@@ -26,7 +26,7 @@ export default [ | |||
{ | |||
file: "./lib/msal-common.js", | |||
format: "umd", | |||
name: "msal", | |||
name: "msal-common", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should these match the npm package name @azure/msal-common
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is the name of the output from rollup (i.e. in the sample when you call import xyz from "@azure/msal-common"
), I wanted to change it to differentiate between msal-browser output.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right...we saw issue in msal
where there was a mismatch between the umd
name and the package name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a few comments.
let responseHash: string; | ||
if (this.config.auth.navigateToLoginRequestUrl && UrlString.hashContainsKnownProperties(hash)) { | ||
this.browserStorage.setItem(TemporaryCacheKeys.URL_HASH, hash); | ||
interactionHandler.navigateToRequestUrl(); | ||
return; | ||
} else if (!this.config.auth.navigateToLoginRequestUrl) { | ||
responseHash = UrlString.hashContainsKnownProperties(hash) ? hash : cachedHash; | ||
window.location.hash = ""; | ||
} else { | ||
responseHash = cachedHash; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let responseHash: string; | |
if (this.config.auth.navigateToLoginRequestUrl && UrlString.hashContainsKnownProperties(hash)) { | |
this.browserStorage.setItem(TemporaryCacheKeys.URL_HASH, hash); | |
interactionHandler.navigateToRequestUrl(); | |
return; | |
} else if (!this.config.auth.navigateToLoginRequestUrl) { | |
responseHash = UrlString.hashContainsKnownProperties(hash) ? hash : cachedHash; | |
window.location.hash = ""; | |
} else { | |
responseHash = cachedHash; | |
} | |
const validHash = UrlString.hashContainsKnownProperties(hash); | |
if (this.config.auth.navigateToLoginRequestUrl && validHash) { | |
this.browserStorage.setItem(TemporaryCacheKeys.URL_HASH, hash); | |
const loginRequestUrl = this.browserStorage.getItem(TemporaryCacheKeys.ORIGIN_URI); | |
interactionHandler.navigateToRequestUrl(loginRequestUrl); | |
return; | |
} | |
if (!this.config.auth.navigateToLoginRequestUrl) { | |
window.location.hash = ""; | |
} | |
const responseHash = validHash ? hash : cachedHash; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we back porting (I believe only the syntax) to msal-core
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've done something similar to this - please take a look
refactored handleRedirectCallbacks, renamed it to better reflect the feature, added utils for navigating without history.
BrowserUtils.clearHash(); | ||
return this.handleHash(hash); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: comments before the if
statements may make this more readable.
* - if true, performs logic to cache and navigate | ||
* - if false, handles hash string and parses response | ||
*/ | ||
private async handleRedirectResponse(): Promise<void> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
general comment: Are we back porting these to msal-core
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding @tnorling
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I'm looking into a related issue in msal-core so some of these changes may be ported over but I'm not able to say which ones yet
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
approved with some comments!
|
||
/** | ||
* Used to redirect the browser to the STS authorization endpoint | ||
* @param {string} urlNavigate - URL of the authorization endpoint | ||
*/ | ||
static navigateWindow(urlNavigate: string): void { | ||
window.location.assign(urlNavigate); | ||
static navigateWindow(urlNavigate: string, noHistory?: boolean): void { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be done incrementally, but I think we should have an interface for navigating a browser window, since it will be different in Node, for example.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's better to leave that entirely in the browser/node packages rather than exposing an interface in common. There is too much that goes into managing the UI that is platform specific.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although I may just be overthinking the node vs browser implementation differences.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking generally about an interface for "I want to send the user to this url" and then have each platform implement how that actually happens.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although the noHistory
nuance does make that a little more complicated, I suppose.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes to that if/elif/else are great! Looks good to me
This PR fixes an issue with looping redirects during the navigateToLoginRequestUrl flow in the 2.0 version of the MSAL library.
It also changes the name of the msal-common export from
msal
tomsal-common
.