oidc-react icon indicating copy to clipboard operation
oidc-react copied to clipboard

Published 20 hours ago • verified publisher icon bjerkio

When Auth Server is unavailable, browser can access protected routes

Open markwt-waymark opened this issue 3 years ago • 1 comments
trafficstars

If I run the following code when the identity server is running it functions as expected; I am asked to login when attempting to access the protected dashboard route.

However, if the identity server is not running, there is no error in the console and the browser simply allows the client to access the protected route.

Am I doing something wrong here or is this a bug?

Thanks

const oidcConfig = {
    onSignIn: async (user: User | null) => {
        alert('You just signed in, congratz! Check out the console!');
        console.log(user);
        window.location.hash = '';
    },
    authority: process.env.REACT_APP_IDENTITY_AUTH_URL,
    clientId: process.env.REACT_APP_IDENTITY_CLIENT_ID,
    responseType: 'code',
    redirectUri: process.env.REACT_APP_IDENTITY_REDIRECT_URL,
    silentRedirectUri: process.env.REACT_APP_IDENTITY_SILENT_REDIRECT_URL,
    postLogoutRedirectUri: process.env.REACT_APP_IDENTITY_LOGOFF_REDIRECT_URL,
    scope: process.env.REACT_APP_IDENTITY_SCOPE
};

const router = createBrowserRouter([
    {
        path: "/",
        element: <Home />,
    },
    {
        path: "/dashboard",
        element:
            <AuthProvider {...oidcConfig}>
                <Dashboard />
            </AuthProvider>
    }
]);

function App() {
  return (
    <React.StrictMode>
        <RouterProvider router={router} />
    </React.StrictMode>
);
}

markwt-waymark avatar Nov 21 '22 12:11 markwt-waymark

Not sure, does your browser run any requests that fail?

simenandre avatar Mar 01 '23 19:03 simenandre