AngularJS with Satellizer fails when Google requests password

Question

AngularJS with Satellizer fails when Google requests password

aplongh opened this issue 6 years ago · 12 comments

Been using Satellizer for AngularJS for some time. Everything had gone well, except that for a random cause, a user had to clear the cache history in Chrome. All of a sudden, when authenticating with Satellizer, Chrome started to ask for the user password, which it did not do before the clearing of the cache history. Now Satellizer fails, as it does not close the authentication popup window and the site gets opened in the popup.

Has anyone experienced this before? Any ideas on how to solve it?

All the best, Ariel

Answer 1 · 2018-01-17T18:53:34.000Z

I am also having this issue. I believe it's due to a Chrome 63 update. I'm still investigating

Answer 2 · 2018-01-22T08:20:41.000Z

@aplongh @trobbins1981 Have you solved this problem?

Answer 3 · 2018-01-22T14:22:33.000Z

We did confirm that the issue does not happen with Chrome 61. I debugged the satellizer code, and it appears to be an inconsistent security issue when trying to access document.domain to parse the url. The issue does not happen when we login with MS live, but does with Google. About 5% of the time for me, the issue did not happen, so I think it also points to a timing issue. I opened a bug on the Chromium bug tracker but their is no progress there yet. I was able to implement a work around by modifying satellizer to use postMessage instead of url parsing. I'm going to fork satellizer today to officially implement it

Answer 4 · 2018-02-08T23:36:56.000Z

Did this fix happen or not? Is it fixed by updating chrome?

Answer 5 · 2018-02-18T16:41:05.000Z

@trobbins1981 could you post where you modified the file. I'm running into the same issue sometimes and I would like to implement the fix action.

Answer 6 · 2018-02-20T13:38:22.000Z

The fork we made exists in our private repo, so I can't simply provide a link to it. Here is the satellizer.js after our changes though. We forked off of 0.9.4, so you can see what we changed by comparing their file to ours
satellizer.zip

Answer 7 · 2018-02-20T13:38:42.000Z

Also, here is the link to the Chromium issue:

https://bugs.chromium.org/p/chromium/issues/detail?id=803206&can=2&start=0&num=100&q=oauth&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified&groupby=&sort=-id

Answer 8 · 2018-02-21T01:59:40.000Z

Unfortunately the issue still stands. I was forced to place a message, alerting users what to do in case Chrome asks for credentials (which is basically to close the popoup and then click on the "authenticate with Chrome" again). Good to know though there is a workaround, but it will require extensive QA to ensure that everything still works as expected.

Answer 9 · 2018-02-21T13:54:44.000Z

That file I sent shows you the changes I made. There is still work you have to do to fully implement it. For one, you'll have to build the .min file that is actually used. Also, you'l need to implement a postMessage handler in your code to read the 'code' value from the 'message' event.

Answer 10 · 2018-02-21T14:10:43.000Z

Thank you Tim, will give it a try ASAP. Just one question (and please excuse my ignorance). Does this change affect all providers (Office365, Twitter, Facebook, Azure AD, etc.), or just Google?

Answer 11 · 2018-02-21T14:12:02.000Z

We have only tried google and ms live, and only google had the issue

Answer 12 · 2018-03-22T20:55:40.000Z

@aplongh care to share your config for office365 in a new issue or comment reply :)