Skip to content

[Question]: After calling authorize() not redirected to login page #2072

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
lukaszpy opened this issue Jan 23, 2025 · 0 comments
Open

[Question]: After calling authorize() not redirected to login page #2072

lukaszpy opened this issue Jan 23, 2025 · 0 comments
Labels
question

Comments

@lukaszpy
Copy link

What Version of the library are you using?
18.0.2
...

Question
After calling authorize(), page reload, but not redirect on login page (which stands on https://login.singlepageappdomain.app). In browser network inspect I see only that network call to https://login.singlepageappdomain.app/.well-known/openid-configuration is canceled. And page back to previous page on main domain (angular app stands on https://singlepageappdomain.app).

In console i see only:

[DEBUG] 0-parkme-client - BEGIN Authorize OIDC Flow with popup, no auth data
 XHR failed loading: GET "https://login.singlepageappdomain.app/.well-known/openid-configuration".
Navigated to https://singlepageappdomain.app/

My config:

config: {
    authority:  "https://login.singlepageappdomain.app",
    redirectUrl: window.location.origin +  "/home",
    postLogoutRedirectUri: window.location.origin +  "/",
    clientId: 'singlepage-client',
    scope: 'openid',
    responseType: 'code',
    customParamsCodeRequest: {
      client_secret: 'secret'
    },
    silentRenew: true,
    // silentRenewUrl: 
    useRefreshToken: false,
    ignoreNonceAfterRefresh: false,
    triggerRefreshWhenIdTokenExpired: true,
    renewTimeBeforeTokenExpiresInSeconds: 10,
    silentRenewUrl: window.location.origin + "/silentrenew",
    autoUserInfo: false,
    logLevel: LogLevel.Debug
  }

CORS should also should be ok, I try it with:

curl 'https://login.singlepageappdomain.app/.well-known/openid-configuration' \
  -H 'cache-control: no-cache' \
  -H 'origin: https://singlepageappdomain.app' \
  -H 'pragma: no-cache' \
  -H "Access-Control-Request-Method: GET" \
  -H "Access-Control-Request-Headers: X-Requested-With" \
  -H "Access-Control-Request-Headers: X-Requested-With" \
  -H 'sec-gpc: 1' \
  -X OPTIONS --verbose

and get:

* Host login.singlepageappdomain.app:443 was resolved.
* IPv6: (none)
* IPv4: 55.55.555.55
*   Trying 55.55.555.55:443...
* Connected to login.singlepageappdomain.app (55.55.555.55) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=singlepageappdomain.app
*  start date: Jan 16 07:58:26 2025 GMT
*  expire date: Apr 16 07:58:25 2025 GMT
*  subjectAltName: host "login.singlepageappdomain.app" matched cert's "login.singlepageappdomain.app"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://login.singlepageappdomain.app/.well-known/openid-configuration
* [HTTP/2] [1] [:method: OPTIONS]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: login.singlepageappdomain.app]
* [HTTP/2] [1] [:path: /.well-known/openid-configuration]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
* [HTTP/2] [1] [cache-control: no-cache]
* [HTTP/2] [1] [origin: https://singlepageappdomain.app]
* [HTTP/2] [1] [pragma: no-cache]
* [HTTP/2] [1] [access-control-request-method: GET]
* [HTTP/2] [1] [access-control-request-headers: X-Requested-With]
* [HTTP/2] [1] [access-control-request-headers: X-Requested-With]
* [HTTP/2] [1] [sec-gpc: 1]
> OPTIONS /.well-known/openid-configuration HTTP/2
> Host: login.singlepageappdomain.app
> User-Agent: curl/8.7.1
> Accept: */*
> cache-control: no-cache
> origin: https://singlepageappdomain.app
> pragma: no-cache
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
> Access-Control-Request-Headers: X-Requested-With
> sec-gpc: 1
>
* Request completely sent off
< HTTP/2 200
< vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
< access-control-allow-origin: https://singlepageappdomain.app
< access-control-allow-methods: GET,POST,PUT,DELETE
< access-control-allow-headers: X-Requested-With, X-Requested-With
< access-control-allow-credentials: true
< x-content-type-options: nosniff
< x-xss-protection: 0
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< pragma: no-cache
< expires: 0
< strict-transport-security: max-age=31536000 ; includeSubDomains
< x-frame-options: DENY
< content-security-policy: *
< content-length: 0
< date: Thu, 23 Jan 2025 20:54:06 GMT
< x-envoy-upstream-service-time: 3
< server: istio-envoy
<
* Connection #0 to host login.singlepageappdomain.app left intact
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lukaszpy