New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
window.postmessage for Interactive Auth fallback #398
Conversation
Require that User-Interactive auth fallback pages call `window.postMessage` to notify apps of completion.
@@ -562,12 +567,13 @@ the type and session, if provided: | |||
.. code:: json | |||
|
|||
{ | |||
"type": "m.login.dummy" | |||
"type": "m.login.dummy", | |||
"session": "<session ID>" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could be slightly confusing since there's no reason you'd ever submit a session with dummy auth
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we agreed to leave this as-is for consistency with the other login types. The logic is "if you get a session id, send it back", not "if you get a session id, send it back, unless you're doing dummy auth, in which case you don't need to bother".
var popupWindow; | ||
|
||
var eventListener = function(ev) { | ||
if (ev.data !== "authDone" ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You probably ought to check the domain of the event sender here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
ptal? |
Require that User-Interactive auth fallback pages call
window.postMessage
to notify apps of completion.