Starts in:
2 DAYS
3 HRS
0 MIN
52 SEC
Starts in:
2 D
3 H
0 M
52 S
Open Closed

iFrame Auth not working with responseType: 'code', #6108


User avatar
0
bhasinp created
  • ABP Framework version: v7.2.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi Team,

I am suing responseType: 'code' i.e. My frontend application (Angular) get authenticated from backend and get navigated back after authenticated.

In Normal flow its working fine but in I have a used case I need to use it in iFrame,

In iFrame the user see the login screen and authenticated correctly but after auth it again goes back to login not to frontend.

here are my findings in normal flow it navigated to angular ?code=xxx

but in iFrame it again go back to login

Please suggest how can i fix this.


17 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Please check the request in the browser. I think the browser blocks some cookies. https://docs.abp.io/en/abp/latest/UI/Angular/Authorization?&_ga=2.56835946.1553630902.1698646270-593269556.1671445033#authorization-code-flow

  • User Avatar
    0
    bhasinp created

    How can I check that ? I didn't found much difference

    However everything, token etc all the details are stored in local storage

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can check it in your console of devtools(F12).

  • User Avatar
    0
    bhasinp created

    No There are no error logs

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Do you have a URL of your website that I can check online?

  • User Avatar
    0
    bhasinp created

    https://mot-r.co this is the root website

    Do you need login details as well ?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Yes, Please share a test user info. liming.ma@volosoft.com
    I will check the error online

  • User Avatar
    0
    bhasinp created

    Sent it to you over mail

    Subject: ABP Support Ticket #6108

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks,

    How can I see the iFrame issue? Can you share some steps?

    I can successfully log in without any issues.

  • User Avatar
    0
    bhasinp created

    Ok I will share the details shortly.

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thank you

  • User Avatar
    0
    bhasinp created

    Hi Team,

    Here is how you can produce the same issue

    1. Go to https://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe

    2. Paste the following code and run <iframe src="https://mot-r.co" style="width:1000px;height:700px" title="W3Schools Free Online Web Tutorials"> </iframe>

    3. Login with the test credentials and it will fail

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    iFrame is not a suggested component for any Authentication process because of security reasons and blocked by browsers reasons mainly based on phishing attacks.

  • User Avatar
    0
    bhasinp created

    Yes But in my used case I need to make my web working in iFrame. Please suggest how can I achieve this

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The browser may block iframe and there is nothing we can do.

  • User Avatar
    0
    bhasinp created

    Can you suggest me how can I use both responseType: 'code' and 'token' simultaneously, because if I go with responseType: 'token' things work well in iFrame for registered user, but when I added AD Login I need to use responseType:'code' which is not working in iFrame. I will use registered users for iFrame and block AD login in iFrame

    Please suggest

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    This is related to angular-oauth2-oidc, our angular team will check and reply to you.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06