Community
Select to view content in your preferred language

A second sign is still required after completing an OAuth flow initiated by SessionManager.signIn

88
2
Thursday
Labels (1)
Labels
RyanTaylor
by
Occasional Contributor
Thursday

We have developed an Experience Builder Dev Edition 1.17 experience that we deploy to our own web server, e.g., https://example.com/exb. Our portal would be at https://example.com/portal

We require that the user sign in to the application immediately and cannot rely on "sign in when accessing a secured resource". 

To that end we've implemented an app extension using APP_CONFIG_PROCESSOR that is called very early in the app startup. The extension calls SessionManager.signIn to initiate an OAuth flow against Enterprise Portal. 

When running everything locally via Experience Builder dev edition (i.e., npm run start) everything works as expected. The session is established and all widgets have access to a fully initalized session. 

When running the deployed application, after the user logs in and the application reloads, the user is prompted with a second out of the box sign in dialog. If they choose to sign in, they do so via a popup, and most things work. If they choose to cancel the sign in, the map and other widgets fail due to an invalid session/token/other thing.

My code is shown below, but the questions remain...

  1. How do I properly start a sign in workflow such that no additional sign in prompts are necessary?
  2. Why does this work locally by not when deployed?
// extensions/login.ts

export default class Login implements extensionSpec.AppConfigProcessorExtension
{
  id = "my-awesome-login";
  widgetId: string;

  async process(appConfig: AppConfig): Promise<AppConfig> {
    try {
      await signIn("<myportal>", "myclientid");
      return Promise.resolve(appConfig);
    } catch (err) {
      console.error(err);
      return Promise.resolve(appConfig);
    }
  }
}

export async function signIn(portalUrl: string, clientId) {
  const sm = SessionManager.getInstance();
  const mainSession = sm?.getMainSession();
  const user = await mainSession?.getUser();

  const loggedIn = !!mainSession && !!user;

  if (!loggedIn) {
    const userSession = await sm.signIn({
      popup: false,
      desUrl: portalUrl,
      clientId: clientId,
      fromUrl: window.location.href,
      forceLogin: true,
    });

    // when popup is false the following code is unreachable
    // as the window refreshes to sign the user but is left
    // in place in case we want to turn popup: true

    // Set private _token variable in Usage Tracking Module
    setUsageToken(userSession.token);
  } else {
    // Set private _token variable in Usage Tracking Module
    setUsageToken((userSession.token);
  }
}

cc @JunshanLiu ?

 

2 Replies
JeffreyThompson2
by MVP Frequent Contributor
MVP Frequent Contributor
Thursday

@Jianxia @Wei_Ying Using the Security options count as canceling the login popup and trigger the affects documented by @RyanTaylor.

JeffreyThompson2_0-1760033844100.png

GIS Developer
City of Arlington, Texas
0 Kudos
RyanTaylor
by
Occasional Contributor
Friday

Thanks for the post. I am using Experience Builder 1.17 and this does not seem to be available to me. I updated my post to reflect the version number. 

0 Kudos