diff --git a/package-lock.json b/package-lock.json index da96814cf..ab1bd92fe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -34860,7 +34860,7 @@ }, "packages/javascript-sdk": { "name": "@forgerock/javascript-sdk", - "version": "3.4.1-beta.0", + "version": "3.4.1-beta.1", "license": "MIT" }, "samples/angular-todo": { diff --git a/packages/javascript-sdk/src/oauth2-client/index.ts b/packages/javascript-sdk/src/oauth2-client/index.ts index 3c45a8238..7a9d3487b 100644 --- a/packages/javascript-sdk/src/oauth2-client/index.ts +++ b/packages/javascript-sdk/src/oauth2-client/index.ts @@ -38,6 +38,9 @@ const allowedErrors = { NetworkError: 'NetworkError when attempting to fetch resource.', // Webkit browser error CORSError: 'Cross-origin redirection', + + // prompt=none errors + InteractionNotAllowed: 'The request requires some interaction that is not allowed.', }; /** @@ -46,7 +49,6 @@ const allowedErrors = { abstract class OAuth2Client { public static async createAuthorizeUrl(options: GetAuthorizationUrlOptions): Promise { const { clientId, middleware, redirectUri, scope } = Config.get(options); - const requestParams: StringDict = { ...options.query, client_id: clientId, @@ -54,6 +56,7 @@ abstract class OAuth2Client { response_type: options.responseType, scope, state: options.state, + ...(options.prompt ? { prompt: options.prompt } : {}), }; if (options.verifier) { @@ -82,7 +85,8 @@ abstract class OAuth2Client { * New Name: getAuthCodeByIframe */ public static async getAuthCodeByIframe(options: GetAuthorizationUrlOptions): Promise { - const url = await this.createAuthorizeUrl(options); + const url = await this.createAuthorizeUrl({ ...options, prompt: 'none' }); + const { serverConfig } = Config.get(options); return new Promise((resolve, reject) => { diff --git a/packages/javascript-sdk/src/oauth2-client/interfaces.ts b/packages/javascript-sdk/src/oauth2-client/interfaces.ts index 7ad6bb09b..57dcc95c3 100644 --- a/packages/javascript-sdk/src/oauth2-client/interfaces.ts +++ b/packages/javascript-sdk/src/oauth2-client/interfaces.ts @@ -40,6 +40,7 @@ interface GetAuthorizationUrlOptions extends ConfigOptions { state?: string; verifier?: string; query?: StringDict; + prompt?: 'none' | 'login' | 'consent'; } /** diff --git a/packages/javascript-sdk/src/token-manager/index.ts b/packages/javascript-sdk/src/token-manager/index.ts index 9df246aad..fd2086fa7 100644 --- a/packages/javascript-sdk/src/token-manager/index.ts +++ b/packages/javascript-sdk/src/token-manager/index.ts @@ -118,9 +118,12 @@ abstract class TokenManager { */ const verifier = PKCE.createVerifier(); const state = PKCE.createState(); - const authorizeUrlOptions = { ...options, responseType: ResponseType.Code, state, verifier }; - const authorizeUrl = await OAuth2Client.createAuthorizeUrl(authorizeUrlOptions); - + const authorizeUrlOptions = { + ...options, + responseType: ResponseType.Code, + state, + verifier, + }; /** * Attempt to call the authorize URL to retrieve authorization code */ @@ -155,6 +158,7 @@ abstract class TokenManager { allowedErrors.AuthorizationTimeout !== err.message && allowedErrors.FailedToFetch !== err.message && allowedErrors.NetworkError !== err.message && + allowedErrors.InteractionNotAllowed !== err.message && // Safari has a very long error message, so we check for a substring !err.message.includes(allowedErrors.CORSError) ) { @@ -165,6 +169,9 @@ abstract class TokenManager { // Since `login` is configured for "redirect", store authorize values and redirect window.sessionStorage.setItem(clientId as string, JSON.stringify(authorizeUrlOptions)); + + const authorizeUrl = await OAuth2Client.createAuthorizeUrl(authorizeUrlOptions); + return window.location.assign(authorizeUrl); }