@spidy092/auth-client 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core.js +13 -2
- package/package.json +1 -1
package/core.js
CHANGED
|
@@ -14,6 +14,12 @@ export function login(clientKeyArg, redirectUriArg, stateArg) {
|
|
|
14
14
|
const redirectUri = redirectUriArg || defaultRedirectUri;
|
|
15
15
|
const state = stateArg || crypto.randomUUID();
|
|
16
16
|
|
|
17
|
+
console.log('Initiating login with parameters:', {
|
|
18
|
+
clientKey,
|
|
19
|
+
redirectUri,
|
|
20
|
+
state,});
|
|
21
|
+
|
|
22
|
+
|
|
17
23
|
if (!clientKey || !redirectUri) {
|
|
18
24
|
throw new Error('Missing clientKey or redirectUri');
|
|
19
25
|
}
|
|
@@ -84,8 +90,13 @@ export function handleCallback() {
|
|
|
84
90
|
|
|
85
91
|
|
|
86
92
|
// Validate state
|
|
87
|
-
if (state && storedState && state !== storedState) {
|
|
88
|
-
|
|
93
|
+
// if (state && storedState && state !== storedState) {
|
|
94
|
+
// throw new Error('Invalid state. Possible CSRF attack.');
|
|
95
|
+
// }
|
|
96
|
+
|
|
97
|
+
|
|
98
|
+
if (!state && !storedState ) {
|
|
99
|
+
throw new Error('no state. Possible CSRF attack.');
|
|
89
100
|
}
|
|
90
101
|
|
|
91
102
|
sessionStorage.removeItem('authState');
|