Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add redirect to continue_with for SPA flows #3889

Draft
wants to merge 9 commits into
base: master
Choose a base branch
from
Draft

feat: add redirect to continue_with for SPA flows #3889

wants to merge 9 commits into from
+1,811 −463

Conversation

aeneasr
Copy link
Member

@aeneasr aeneasr commented Apr 22, 2024

This patch adds the new continue_with action redirect_browser_to, which contains the redirect URL the app should redirect to. It is only supported for SPA (not server-side browser apps, not native apps) flows at this point in time.

Related issue(s)

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

@aeneasr
feat: add redirect to continue_with for SPA flows
d6ce6d3 
This patch adds the new `continue_with` action `redirect_browser_to`, which contains the redirect URL the app should redirect to. It is only supported for SPA (not server-side browser apps, not native apps) flows at this point in time.
@aeneasr aeneasr marked this pull request as draft April 22, 2024 12:05
@aeneasr
Copy link
Member Author

aeneasr commented Apr 22, 2024

This is missing verification and recovery:

  • link
  • code

Also, I did not add tests for social sign in, because for social sign in we always use redirect-based flows, even for SPAs who react with 422 browser location change required, which in the end does a regular browser redirect with /callback?code=....

Since these are redirects I'm not sure if I covered all the cases everywhere.

@codecov Codecov
Copy link

codecov bot commented Apr 22, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.06%. Comparing base (696cc1b) to head (1e8190f).
Report is 12 commits behind head on master.

❗ Current head 1e8190f differs from pull request most recent head e5d014a. Consider uploading reports for the commit e5d014a to get more accurate results

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #3889   +/-   ##
=======================================
  Coverage   78.05%   78.06%           
=======================================
  Files         360      360           
  Lines       25241    25252   +11     
=======================================
+ Hits        19703    19712    +9     
- Misses       4032     4033    +1     
- Partials     1506     1507    +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@aeneasr
Copy link
Member Author

aeneasr commented Apr 23, 2024

#3889 (comment)

I believe that these flows do not need continue_with transitions because they solve it differently (they show a success page where you click continue and end up on the redirect url).

@aeneasr aeneasr force-pushed the add-return-to branch 4 times, most recently from 9d4f6d6 to fde4678 Compare April 23, 2024 14:06
@aeneasr
feat(sdk): avoid eval with javascript triggers
67c6d74 
Using `OnLoadTrigger` and `OnClickTrigger` one can now map the trigger to the corresponding JavaScript function.

For example, trigger `{"on_click_trigger":"oryWebAuthnRegistration"}` should be translated to `window.oryWebAuthnRegistration()`:

```
if (attrs.onClickTrigger) {
  window[attrs.onClickTrigger]()
}
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zepatrik zepatrik Awaiting requested review from zepatrik zepatrik is a code owner

@hperl hperl Awaiting requested review from hperl hperl is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@aeneasr