Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
actions.setSubmitting(false);
// Quick note: we assume that the authorization endpoint is /authorize
// This endpoint name is not mandatory. However, it is used as a common
// practice throughout the OIDC specification.
// We might have to let customers set a custom endpoint in the future.
const params = querystring.stringify({
scope: 'openid email profile',
response_type: 'id_token',
client_id: authProvider.clientId,
redirect_uri: trimLeadingAndTrailingSlashes(
// Avoid providing query parameters as some IdP (e.g. Azure) apparently
// will consider the full URL to match as part of the callback whitelist.
// Instead, we store additional information within the `nonce` value
// which is stored in sessionStorage. See `generateAndCacheNonceWithState`.
joinPaths(originUrl, this.props.match.url, `callback`)
),
nonce: generateAndCacheNonceWithState({
organizationId: authProvider.organizationId,
}),
});
redirect(`${authProvider.authorizeUrl}?${params}`);
},
error => {
authProvider => {
actions.setSubmitting(false);
// Quick note: we assume that the authorization endpoint is /authorize
// This endpoint name is not mandatory. However, it is used as a common
// practice throughout the OIDC specification.
// We might have to let customers set a custom endpoint in the future.
const params = querystring.stringify({
scope: 'openid email profile',
response_type: 'id_token',
client_id: authProvider.clientId,
redirect_uri: trimLeadingAndTrailingSlashes(
// Avoid providing query parameters as some IdP (e.g. Azure) apparently
// will consider the full URL to match as part of the callback whitelist.
// Instead, we store additional information within the `nonce` value
// which is stored in sessionStorage. See `generateAndCacheNonceWithState`.
joinPaths(originUrl, this.props.match.url, `callback`)
),
nonce: generateAndCacheNonceWithState({
organizationId: authProvider.organizationId,
}),
});
redirect(`${authProvider.authorizeUrl}?${params}`);
},
error => {
render={({ location }) => (
)}
/>
render={({ location }) => (
)}
/>