Skip to content
This repository has been archived by the owner on Jun 26, 2021. It is now read-only.

getRequestInfo iframe state match not working #698

Closed
kphung138 opened this issue Jan 12, 2018 · 2 comments
Closed

getRequestInfo iframe state match not working #698

kphung138 opened this issue Jan 12, 2018 · 2 comments

Comments

@kphung138
Copy link

Hi,

In 1.0.14, it obtained the _renewStates from the iframe parent. But in 1.1.16, this information seems to be lost, so the match checking doesnt work.

// external api requests may have many renewtoken requests for different resource
if (!requestInfo.stateMatch && window.parent && window.parent.AuthenticationContext) {
var statesInParentContext = window.parent.AuthenticationContext()._renewStates;
for (var i = 0; i < statesInParentContext.length; i++) {
if (statesInParentContext[i] === requestInfo.stateResponse) {
requestInfo.requestType = this.REQUEST_TYPE.RENEW_TOKEN;
requestInfo.stateMatch = true;
break;
}
}
}

In the new version I cant see any places where this variable is saved. So when it tries to compare the state in getRequestInfo it doesn't match.
// external api requests may have many renewtoken requests for different resource
if (!requestInfo.stateMatch && window.parent) {
requestInfo.requestType = this._requestType;
var statesInParentContext = this._renewStates;
for (var i = 0; i < statesInParentContext.length; i++) {
if (statesInParentContext[i] === requestInfo.stateResponse) {
requestInfo.stateMatch = true;
break;
}
}
}

Thanks
@rohitnarula7176
Copy link
Contributor

@kphung138 We first save the state as follows in the _renewToken and _renewIdToken method which are called internally from acquireToken as follows:

this._renewStates.push(expectedState); // this refers to the instance of adal in the parent window.

getRequestinfo method is called internally in handleWindowCallback. If you look at this line of code in handleWindowCallback

if (this._openedWindows.length > 0 && this._openedWindows[this._openedWindows.length - 1].opener
                && this._openedWindows[this._openedWindows.length - 1].opener._adalInstance) {
                self = this._openedWindows[this._openedWindows.length - 1].opener._adalInstance;
                isPopup = true;
            }
            else if (window.parent && window.parent._adalInstance) {
                self = window.parent._adalInstance;
            }

            var requestInfo = self.getRequestInfo(hash);

Since self refers to the parent instance, it should have the states defined which were saved earlier.
Closing this issue as it is not a bug in the library. Please reopen if you still have issues.

@kphung138
Copy link
Author

Thanks for your pointer.

I'm currently using adal-angular4 which uses your library. I think his code needs to be refactored, with the latest 1.0.16 changes. Otherwise the _renewStates is empty when calling getRequestInfo.

Adal4Service.prototype.handleWindowCallback = function () {
var hash = window.location.hash;
if (this.adalContext.isCallback(hash)) {
var requestInfo = this.adalContext.getRequestInfo(hash);
this.adalContext.saveTokenFromHash(requestInfo);
if (requestInfo.requestType === this.adalContext.REQUEST_TYPE.LOGIN) {
this.updateDataFromCache(this.adalContext.config.loginResource);
}
..
..

My work around for now is to maybe use your library directly.

Thanks for your help.

@claudiuconstantin claudiuconstantin mentioned this issue Jan 23, 2018
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rohitnarula7176 @kphung138