Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14324

Unable to cancel tree-based social login flow



    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 6.5.0, 7.0.0
    • None
    • authentication
    • None


      Bug description

      Noticed this while testing a different bug. If you start a social authentication flow with a particular (non-default) auth tree but then change you mind and return to AM to login via a different tree (e.g. with the default username and password flow) then AM immediately starts the social login flow again and redirects you back to the social provider. 

      How to reproduce the issue

      1. Start a login with `&service=Google-AnonymousUser` (one of the example trees)
      2. Auth at Google will fail as an invalid client_id is configure
      3. Manually navigate back to AM without including a service parameter 
      Expected behaviour

      Should be able to login to AM using the organisation default service. (In Firefox and Chrome, in Safari I do get the default login behaviour).

      Current behaviour

      Immediately redirected back to Google.

      Work around

      No idea.

      Code analysis

      I guess we are putting something into sessionState to preserve the current auth tree across the redirect. We should probably instead use the OAuth `state` parameter to encode any state we need to preserve, as that is what it is for.





            Unassigned Unassigned
            neil.madden Neil Madden
            0 Vote for this issue
            1 Start watching this issue