dashboard/authcallback.html

<script>

const tmp = window.location.hash.slice(1).split('&');

// FIXME: implicit flow (response_type=code token) results in access_token query param. this is not secure
tmp.forEach(function (pair) {
    if (pair.indexOf('access_token=') === 0) localStorage.token = pair.split('=')[1];
});

const redirectTo = '/';
if (localStorage.getItem('redirectToHash')) {
    redirectTo += localStorage.getItem('redirectToHash');
    localStorage.removeItem('redirectToHash');
}

window.location.replace(redirectTo); // this removes us from history

</script>
oidc dashboard login 2023-06-02 20:47:36 +02:00			`<script>`

oidc: remove authcallback.html from history this way atleast token goes away from history. part of #844 2025-07-10 14:01:45 +02:00			`const tmp = window.location.hash.slice(1).split('&');`
oidc dashboard login 2023-06-02 20:47:36 +02:00
oidcserver: fix login events not being raised for webadmin we should remove implicit flow at some point . also #844 2025-07-10 13:06:13 +02:00			`// FIXME: implicit flow (response_type=code token) results in access_token query param. this is not secure`
oidc dashboard login 2023-06-02 20:47:36 +02:00			`tmp.forEach(function (pair) {`
			`if (pair.indexOf('access_token=') === 0) localStorage.token = pair.split('=')[1];`
			`});`

oidc: remove authcallback.html from history this way atleast token goes away from history. part of #844 2025-07-10 14:01:45 +02:00			`const redirectTo = '/';`
dashboard: preserve path when relogin is required 2024-04-29 15:22:01 +02:00			`if (localStorage.getItem('redirectToHash')) {`
			`redirectTo += localStorage.getItem('redirectToHash');`
			`localStorage.removeItem('redirectToHash');`
			`}`
oidc: remove authcallback.html from history this way atleast token goes away from history. part of #844 2025-07-10 14:01:45 +02:00
			`window.location.replace(redirectTo); // this removes us from history`
oidc dashboard login 2023-06-02 20:47:36 +02:00
			`</script>`