signinRedirectCallback should accept a relative path

[ydarma]

Hi,

first THANK YOU for this port. I would like to report a small inconvenience.

    signinRedirectCallback(url?: string): Promise<User>;

only accepts full URL, including scheme and host.

Vue router guards (i.e. middleware) parameters only gives the relative path (cf. https://router.vuejs.org/api/#fullpath). Scheme and host are never provided by Vue router in order to enforce portability across environments.

I had to change from :

function endLogin(to, from, next, userManager) {
  return userManager
    .signinRedirectCallback(to.fullPath)
    .then(user => ...)
}

To something like

function endLogin(to, from, next, userManager) {
  const origin = new URL(process.env.VUE_APP_CALLBACK_ROOT_URL).origin;
  const fullUrl = origin + to.fullPath;
  return userManager
    .signinRedirectCallback(fullUrl)
    .then(user => ...)
}

where VUE_APP_CALLBACK_ROOT_URL is an environment variable also used for UserManager({ redirect_uri }) setting. I found the former more readable.

Thanks again

[ydarma]

for information, this comes from https://github.com/authts/oidc-client-ts/blob/main/src/utils/UrlUtils.ts, line 9 :

        const parsedUrl = new URL(url);

[pamapa]

I am using hard-coded (per environment) full paths.

According to documentation new URL(url) should handle relative paths (https://developer.mozilla.org/en-US/docs/Web/API/URL/URL), when we would provide a base.

Probably: const baseUrl = window.location.origin; ... new URL(url, baseUrl); does the trick? Can you provide a working/tested MR?

[ydarma]

In AbstractChildWindow.ts it may happen that an undefined url is passed to readParams which is catched and rethrown as "Invalid response from windows". When a base is passed to URL constructor an undefined url becomes valid as first parameter. Thus I suggest :

        if (!url) throw "Invalid URL";
        const parsedUrl = new URL(url, window.location.origin);

All tests pass. I'll push a MR.