[Bug]: Duplicate token request causes login to fail
Opened this issue · 2 comments
Plugin Version
7.0.0
PHP Version
8.2.21
Shopware Version
6.6.4.0
Installation method
Composer
Identity provider
Keycloak
What happened?
If clicking on the SSO button in the admin, I see the following in the requests:
Unfortunately it looks like the first (canceled) token requests leads to Heptacom\AdminOpenAuth\Service\Login->pop() and therefore the second token request doesn't have a LoginState.
The result is
throw OAuthServerException::invalidRequest('one_time_token', 'Expired');
Not sure what is causing this.
Probable useful hint: We're building our projects with shopware-cli project ci .
Relevant log output
No response
Could you check in the network inspector if a redirect or something similar might be causing the cancelation of the first token request? This would be one of the more common reasons why XHR requests get cancelled by the browser.
The SSO plugin simply makes a token request, as soon as it discovers that the login page is open and a IdP redirect state is given
There is a redirect from /admin?state=SOME_STATE# to /admin?state=SOME_STATE#/login/ which is causing the issue.
Most likely came with new VUE version in SW 6.6, in 6.5 the url was changing but wasn't considered as redirect in the browser.
In our case we have fixed it with a patch file for ClientRedirectRoute by adding
$targetUrl = $this->enrichRedirectUrl($targetUrl, $requestState);
$targetUrl .= '/login/'; // addition
Ugly fix as we are short on time with the upgrade, would be great to have a new plugin version with a proper fix!