Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14324

Unable to cancel tree-based social login flow

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.0, 7.0.0
    • Fix Version/s: None
    • Component/s: authentication
    • Labels:
      None

      Description

      Bug description

      Noticed this while testing a different bug. If you start a social authentication flow with a particular (non-default) auth tree but then change you mind and return to AM to login via a different tree (e.g. with the default username and password flow) then AM immediately starts the social login flow again and redirects you back to the social provider. 

      How to reproduce the issue

      1. Start a login with `&service=Google-AnonymousUser` (one of the example trees)
      2. Auth at Google will fail as an invalid client_id is configure
      3. Manually navigate back to AM without including a service parameter 
      Expected behaviour

      Should be able to login to AM using the organisation default service. (In Firefox and Chrome, in Safari I do get the default login behaviour).

      Current behaviour

      Immediately redirected back to Google.

      Work around

      No idea.

      Code analysis

      I guess we are putting something into sessionState to preserve the current auth tree across the redirect. We should probably instead use the OAuth `state` parameter to encode any state we need to preserve, as that is what it is for.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              neil.madden Neil Madden
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: