facebook changes window.name

[eugeneglova]

I checked how it works and found that the script uses window.name as requestKey to communicate via local storage to set url in it. There is an issue with login with facebook in case you are not logged in. Facebook changes window.name on load the page so once you logged in it redirects you to redirect url but it has already different window.name and we set wrong item. I suggest to use window.opener to communicate between windows. As a workaround I update url in window.opener, close the window and then update session key in localStorage with url and just get access token without async

[mattmazzola]

I can understand the reason for using window.opener, but I'm not following how you can do it without async. The act of user filling out the login form seems inherently asynchronous.

I suppose alternatives to polling the window could be polling localStorage or being notified through postMessage but both of those seem more complex.

[junjchen]

Follow up on this, how about utilizing state field to pass the value of requestKey param into the child window?

As such provider would need to implement IProvider.buildAuthorizeUrl(requestKey: string) to populate state field in the url. This can be validated after the url was built by checking the value of state param.