Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed Oauth redirect not working on Android Chrome #18513

Merged
merged 9 commits into from
Jan 8, 2024

Conversation

prajnamohan1
Copy link
Contributor

This fixes the issue described in #16778. Navigation is blocked in Android chrome while redirecting back after OIDC authentication. The issue is explained by the lead maintainer of
AppAuth(https://stackoverflow.com/a/41882732).
The latest Chrome version redirects to the app only if triggered by the user and not automatically redirect. Hence, a link is added in the UI to redirect back to the app.

This fixes the issue described in hashicorp#16778.
Navigation is blocked in Android chrome while redirecting back after OIDC authentication.
The issue is explained by the lead maintainer of
AppAuth(https://stackoverflow.com/a/41882732).
The latest Chrome version redirects to the app only if triggered by the user and not automatically redirect. Hence, a link is added in the UI to redirect back to the app.
@hashicorp-cla
Copy link

hashicorp-cla commented Dec 21, 2022

CLA assistant check
All committers have signed the CLA.

@austingebauer
Copy link
Contributor

Thanks for this contribution, @prajnamohan1! @siepkes would you be able to see if this fixes your issue?

Copy link
Contributor

@hashishaw hashishaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for catching this and making the fix! One small suggestion below so that we can still test this workflow, and we will need to replace all the UI tests that have assert.dom('[data-test-oidc-redirect]').hasTextContaining(...) with assert.dom('[data-test-oidc-redirect]').exists(...)

ui/app/templates/vault/cluster/oidc-provider.hbs Outdated Show resolved Hide resolved
@siepkes
Copy link
Contributor

siepkes commented Jan 3, 2023

@austingebauer I can confirm this fixes the issue (I verified it). But to clarify @prajnamohan1 is a co-worker of mine. I asked her to investigate this issue.

@prajnamohan1 prajnamohan1 requested review from hashishaw and removed request for austingebauer January 5, 2023 07:37
@prajnamohan1
Copy link
Contributor Author

@hashishaw Hi! I've made the requested changes! Is there something else I need to change?

@siepkes
Copy link
Contributor

siepkes commented Mar 16, 2023

Great to see the PR was approved! Is there anything you need from @prajnamohan1 or me in order to be able to merge the change? Let us know!

Copy link
Contributor

@hashishaw hashishaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay! Looking at this again, I think there are some changes we'd like to make sure we're using the best practices for Ember. I've added some comments, please let me know if anything is unclear.

One other request: please add a changelog (instructions can be found here).

Thank you for your contribution! Apologies again for the delay

@@ -21,8 +21,9 @@
@redirect={{this.model.consent.redirect}}
@onSuccess={{this._handleSuccess}}
/>
{{else if this.model.redirectUrl}}
<div data-test-oidc-redirect>{{this.model.redirectUrl}}</div>
{{else if this.redirect_uri}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
{{else if this.redirect_uri}}
{{else if this.model.redirectUrl}}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the tests we can replace lines 166-169 and lines 192-194 each with the following snippet:

assert
  .dom('[data-test-oidc-redirect]')
  .hasTextContaining(`click here to go back to app`, 'Shows link back to app');
const link = document.querySelector('[data-test-oidc-redirect]').getAttribute('href');
assert.ok(link.includes('/callback?code='), 'Redirects to correct url');

@@ -94,6 +94,7 @@ export default class VaultClusterOidcProviderRoute extends Route {
_handleSuccess(response, baseUrl, state) {
const { code } = response;
const redirectUrl = this._buildUrl(baseUrl, { code, state });
this.redirect_uri = redirectUrl;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of setting this, we can try to replace the location and return the redirectUrl at the end if it is blocked by the browser. So we would change both this and the _handleError block below to:

if (!Ember.testing) {
  this.win.location.replace(redirectUrl);
}
return { redirectUrl };

<div data-test-oidc-redirect>{{this.model.redirectUrl}}</div>
{{else if this.redirect_uri}}
<VaultLogoSpinner />
<a href={{this.redirect_uri}} data-test-oidc-redirect>Click here to redirect back to app</a>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoops, forgot one change request:

Suggested change
<a href={{this.redirect_uri}} data-test-oidc-redirect>Click here to redirect back to app</a>
<p>If you are not automatically redirected,
<a href={{this.model.redirectUrl}} data-test-oidc-redirect>click here to go back to app.</a></p>

Copy link
Contributor

@hashishaw hashishaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Thank you for the changes and patience 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants