Questions about redirect URL
tylerlittlefield opened this issue · 8 comments
I have everything working thanks to your shiny app vignette. However, I've noticed that when I am redirected to the app, the URL gets quite messy and stays that way. I've also noticed that refreshing the page after redirect causes a crash. So I have a couple questions questions:
- Is the URL with the token expected?
- Is it possible to return the clean/original URL when redirected?
- Is the crash I describe expected?
Regarding the crash, I've looked at the logs and I see:
Warning: Error in process_aad_response: Bad Request (HTTP 400). Failed to obtain Azure Active Directory token. Message:
AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.
Trace ID: REDACTED
Correlation ID: REDACTED
Timestamp: 2021-04-16 15:31:52Z.
56: <Anonymous>
Error in process_aad_response(res) :
Bad Request (HTTP 400). Failed to obtain Azure Active Directory token. Message:
AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.
Trace ID: REDACTED
Correlation ID: REDACTED
Timestamp: 2021-04-16 15:31:52Z.
Do you mean the URL starting with localhost:1410/?code=...? Yes, that's expected. The URL is how the OAuth mechanism communicates the authorization code back to your machine; the code is then exchanged for the actual token. It's a one-time code, which is why you get the error message you see.
If you are running your app on a server and not your local machine, you would need to set the redirect to the URL of the server. In that case, your users shouldn't see any messy redirects.
If you are running your app on a server and not your local machine, you would need to set the redirect to the URL of the server. In that case, your users shouldn't see any messy redirects.
The URL I am using is something like https://shiny.example.com/my-app. This is what I need right? If so, I will dig into that link you've provided as I am still getting the messy redirects.
Oh right, in that case let me know what you find. I'll admit I haven't actually tested this with Shiny much -- as far as I know it works but there may be hidden issues.
If I have a shiny app redirect to the base URL, https://shiny.example.com, it no longer complains and the URL remains 'messy'. So there is something about refreshing the page when its redirecting to the app itself, e.g. https://shiny.example.com/my-app. I'll let you know if I even resolve this.
So it seems that I can add the following javascript to get the clean URL:
const nextURL = 'https://shiny.example.com/my-app';
const nextTitle = 'My new page title';
const nextState = { additionalInformation: 'Updated the URL with JS' };
// This will create a new entry in the browser's history, without reloading
window.history.pushState(nextState, nextTitle, nextURL);When this is ran in the console, the URL is cleaned and a refresh no longer complains about the token.
Okay, I'm going to be using shinyjs for this. Basically, add the following to the main UI:
shinyjs::useShinyjs()Then add the following to your server:
clean_url_js <-
"
$(document).ready(function(event) {
const nextURL = 'https://shiny.example.com/my-app/';
const nextTitle = 'My new page title';
const nextState = { additionalInformation: 'Updated the URL with JS' };
// This will create a new entry in the browser's history, without reloading
window.history.pushState(nextState, nextTitle, nextURL);
});
"
server <- function(input, output, session) {
shinyjs::runjs(clean_url_js)
# whatever other server code you have
}With this, its basically going from clean -> messy -> clean URL. When I refresh, no more crash! I am open to cleaner solutions if you have any suggestions.
That's great! Would you consider making a PR to update the shiny vignette? I'm not a web dev so I'll accept any help I can get.
I would be happy to contribute! But fair warning that I am also not a web dev, so I am unsure if this is the cleanest solution available. I'll draft something up tonight and submit a PR.