K
Kinde7mo ago
Martin

Use of history.pushState in createKindeClient.ts

https://github.dev/kinde-oss/kinde-auth-pkce-js/blob/main/src/createKindeClient.ts handleRedirectToApp(...) calls window.history.pushState({}, '', url); on line 258. Is there any chance that this could be changed to https://developer.mozilla.org/en-US/docs/Web/API/History/replaceState? The use of pushState(...) means that a history entry gets generated which means that if a user click the Back button in their browser after login, they end up on back on the URL which has the ?code=... query args, which get stripped back out by Kinde and redirects them forward again to the page they just tried to press Back on.
MDN Web Docs
History: replaceState() method - Web APIs | MDN
The History.replaceState() method modifies the current history entry, replacing it with the state object and URL passed in the method parameters. This method is particularly useful when you want to update the state object or URL of the current history entry in response to some user action.
4 Replies
Martin
Martin7mo ago
I raised this as an Issue in github: https://github.com/kinde-oss/kinde-auth-pkce-js/issues/56
GitHub
Bug: createKindeClient.ts creates an extra history entry · Issue #5...
Prerequisites I have searched the repository’s issues and Kinde community to ensure my issue isn’t a duplicate I have checked the latest version of the library to replicate my issue I have read the...
onderay
onderay7mo ago
Hey @Martin great question and thanks for raising the issue on the repo. I will check in with the team member who take cares of the JS SDK and review it for you and also confirm your suggestion above would work well.
dave_kinde
dave_kinde7mo ago
Hey @Martin , thanks for flagging this. I've responded on the issue as well, but putting here as well for discoverability. We can definitely update it to replaceState but it would come with it's own caveats. If we make it replaceState and the user clicks the back button they would return to the Kinde auth flow - however each login flow can only be run once for security, so they would end up seeing an error screen as that instance of the auth flow has already completed. Just trying to understand the use case where do you anticipate the user is trying to access when they click the Back button?
Martin
Martin7mo ago
Thanks! I've replied on Github.
Want results from more Discord servers?
Add your server
More Posts
Link directly to sign up page.Hi. Is there a way to link directly to my signup page for an app? Trying to link a "sign up now" CTSession Storage Cleared before Callback*Kinde SDK: TS, Version: ^2.3.0, Framework: Astro w/ React (shadcn ui)* Hello, first of all, love tLogin background image not loadingI have two applications in the same environment: * clientId="14d120a38cb54d508d9ec8b0a289fc74" * cliCustom domain functionalityI'm using a custom domain, but the Google login box still says "to continue to kinde.com". Is there user.email not workinggiving me this error: Property 'email' does not exist on type 'Promise<KindeUser | null>'.Business PlanHi. Per a recent email regarding signing up for a business plan, I can not find this setting that isKinde not syncing details from GoogleI'm using the Kinde API to create a user with an email address. I'm expecting that when the user sigEmail Marked As Spam by GoogleIs there anything I or Kinde can do to avoid warnings like this in Gmail?Restricting Google DomainsI'm working on replacing <GoogleOAuthProvider ...> in my React frontend with <KindeProvider ...>. <Restricting access to Kinde APIhttps://kinde.com/docs/user-management/user-permissions/ describes how I can create custom permissio