State param not available after redirect

[martijnkorteweg]

After the redirect happens the state param on the url seems to disappear in our application. It does get set as the redirect url however when login is complete the state param is gone.

I did see in smart.js line:247 that you try to retrieve the state key if no key is set on the url. however a sessionStorage with "SMART_KEY" never gets set in authorize().

I was able to work around this by adding the state to sessionStorage with the smart_key in authorize() and then setting the key in completeAuth() like this

if (!key) {
        const tempState = await Storage.get(SMART_KEY);
        key = tempState.key
    }

this seems like a bit of a hack and there is probably an issue i am not seeing with the redirect.

[vlad-ignatov]

Hi @martijnkorteweg,

Thank you for checking out the latest version! There might be an issue, but I will need more info to reproduce it.

After the redirect happens the state param on the url seems to disappear in our application. It does get set as the redirect url however when login is complete the state param is gone.

That is how it is supposed to work, unless you've set FHIR.oauth2.settings.fullSessionStorageSupport or FHIR.oauth2.settings.replaceBrowserHistory to false.

The real problem would be that you don't have SMART_KEY set in your sessionStorage. Can you share more details? How are you launching your app, in what browser and OS, against which FHIR server, etc

P.S. This is to be released soon, but until then it changes frequently. You might have tried an already outdated version. Until it gets to NPM, it might be more convenient to make sure you are always using the latest build by including it as so:

<script src="https://combinatronics.com/smart-on-fhir/client-js/master/build/fhir-client.js"></script>

[martijnkorteweg]

Hi @vlad-ignatov

thanks for replying so quickly, here are some more details on how we have it setup

• we are on the latest chrome
• running the auth script in a component/route in angular 6
• gets redirected to a different component/route
• using the http://launch.smarthealthit.org launcher with localhost app
• importing the library with npm like this: "fhirclient": "git+https://github.com/smart-on-fhir/client-js.git",

if you do want to recreate with angular 6, you will need to import fhirClient in polyfills.ts before zone.js gets imported otherwise they conflict and start yelling :)

as far as not having SMART_KEY set in sessionStorage, i don't see this being set at all in authorize(). the only key its being set to is here await env.getStorage().set(stateKey, state);

in completeAuth() it does have the line if there is no key

if (!key) {
    key = await Storage.get(SMART_KEY);
}

how ever this sets key to the value and not the key itself, then the call later on fails because of that.
let state = await Storage.get(key);

[vlad-ignatov]

Hi @martijnkorteweg ,

I don't do Anglular so I hope you can excuse my confusion. In general though, I would say that you should be careful how you use this library, because it is doing some "global" stuff like redirects and sessionStorage manipulation. Here are some advices that might help with this:

1. Include the library via script tag. Don't try to require it as a module. Use the pre-built bundle from "/build/fhir-client.js"
2. When using frameworks (especially those with built-in routing functionality), make sure you initialize your app after the FHIR.oauth2.ready() promise is resolved. For example:

// This should be fine
FHIR.oauth2.ready().then(client => {
    // Create/initialize my app
});


// This might not work properly (pseudo code)
const app = new App();
app.onSomeRoute(() => FHIR.oauth2.ready());

3. Perhaps if you set localStorage.debug = 'FHIRClient:*' and look at the logs it will tell us something useful?

As for the auth flow, the SMART_KEY is only written once the authorization is complete at https://github.com/smart-on-fhir/client-js/blob/master/src/smart.js#L343

[martijnkorteweg]

It seems i have found the issue, it def has something todo with angular. the redirect lands on
uri/?state=....#/componentRoute. the state at that point gets removed by angular since it comes before the #/

Trying to figure out a work around for this. will let you know where i land on this

[martijnkorteweg]

Hey @vlad-ignatov
So I have tried the two settings you said, this doesn't seem to help my issue. However not using the hash locations in angular does fix our issue. Lets hope none of our customers want to run this on IE9 :)

thank you for you time.