K
Kinde14mo ago
Martin

Use of history.pushState in createKindeClient.ts

https://github.dev/kinde-oss/kinde-auth-pkce-js/blob/main/src/createKindeClient.ts handleRedirectToApp(...) calls window.history.pushState({}, '', url); on line 258. Is there any chance that this could be changed to https://developer.mozilla.org/en-US/docs/Web/API/History/replaceState? The use of pushState(...) means that a history entry gets generated which means that if a user click the Back button in their browser after login, they end up on back on the URL which has the ?code=... query args, which get stripped back out by Kinde and redirects them forward again to the page they just tried to press Back on.
MDN Web Docs
History: replaceState() method - Web APIs | MDN
The History.replaceState() method modifies the current history entry, replacing it with the state object and URL passed in the method parameters. This method is particularly useful when you want to update the state object or URL of the current history entry in response to some user action.
4 Replies
Martin
MartinOP14mo ago
GitHub
Bug: createKindeClient.ts creates an extra history entry · Issue #5...
Prerequisites I have searched the repository’s issues and Kinde community to ensure my issue isn’t a duplicate I have checked the latest version of the library to replicate my issue I have read the...
onderay
onderay14mo ago
Hey @Martin great question and thanks for raising the issue on the repo. I will check in with the team member who take cares of the JS SDK and review it for you and also confirm your suggestion above would work well.
dave_kinde
dave_kinde14mo ago
Hey @Martin , thanks for flagging this. I've responded on the issue as well, but putting here as well for discoverability. We can definitely update it to replaceState but it would come with it's own caveats. If we make it replaceState and the user clicks the back button they would return to the Kinde auth flow - however each login flow can only be run once for security, so they would end up seeing an error screen as that instance of the auth flow has already completed. Just trying to understand the use case where do you anticipate the user is trying to access when they click the Back button?
Martin
MartinOP14mo ago
Thanks! I've replied on Github.
Want results from more Discord servers?
Add your server