Skip to content

Commit

Permalink
remove auth params from url after login attempt (#25664)
Browse files Browse the repository at this point in the history
  • Loading branch information
Kerry authored Jun 27, 2023
1 parent 51baaf6 commit 6bbc2b8
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions src/vector/app.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -75,13 +75,17 @@ function makeRegistrationUrl(params: QueryDict): string {

function onTokenLoginCompleted(): void {
// if we did a token login, we're now left with the token, hs and is
// url as query params in the url; a little nasty but let's redirect to
// clear them.
// url as query params in the url;
// if we did an oidc authorization code flow login, we're left with the auth code and state
// as query params in the url;
// a little nasty but let's redirect to clear them.
const url = new URL(window.location.href);

url.searchParams.delete("loginToken");
url.searchParams.delete("state");
url.searchParams.delete("code");

logger.log(`Redirecting to ${url.href} to drop loginToken from queryparams`);
logger.log(`Redirecting to ${url.href} to drop delegated authentication params from queryparams`);
window.history.replaceState(null, "", url.href);
}

Expand Down

0 comments on commit 6bbc2b8

Please sign in to comment.