New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth: Inform the user that the app origin is incorrect #3223
Comments
I'd like to take a look at this, could you assign me @Rugvip ?🙂 |
@erictnilsson sure, thanks! 😁 |
Hey! I've unassigned myself from this issue @Rugvip, I'm swamped with school work, can't really find time to work on this :/ |
@erictnilsson alright, no problem, thank you for the update! |
Hi @Rugvip , I had a look at this. I am looking at https://github.com/backstage/backstage/blob/master/plugins/auth-backend/src/lib/flow/authFlowHelpers.ts#L41-L46 but need a bit of help on the following:
|
@jot-hub Thanks! The things that can differ are the origin in I'm thinking the simplest way to handle this might be to post two messages from the auth frame. First the auth response message that already exists, and then a second message that is posted with target origin |
@Rugvip cool, took a dig at this ⬆️ - one thing to note is the order of the messages is different - please take a look. |
Expected Behavior
The error dialog in some way informs the user that the
app.baseUrl
is incorrectCurrent Behavior
The error dialog says that auth failed be cause the "popup was closed".
Possible Solution
Detect incorrect origins in the script returned from
/api/auth/<provider>/handler/frame
, and pass on a more descriptive error from the popup withpostMessage
Steps to Reproduce
Set up any auth provider correctly, but use an
app.baseUrl
that does not match the origin that the app is hosted at.The text was updated successfully, but these errors were encountered: