DWalder
DWalder3y ago

Silent sign in in new tabs

Currently, when opening our website in another tab (or cmd+click on a link), the user is presented with the "Select Account" page. I would like for the user to be able to go straight to the page (as is the case with websites such as GitHub), is this possible? I'm using react-oidc-context, which can call signinSilent from oidc-client-ts (https://github.com/authts/oidc-client-ts/blob/7734ee087187f682a7a575b0b982249cedcf702c/src/UserManager.ts#L220), but it requires iFrames (which are denied in ZITADEL). For some reason, if I manually call window.open(link, "_blank") I can directly access the page.
GitHub
oidc-client-ts/UserManager.ts at 7734ee087187f682a7a575b0b982249ced...
OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications - oidc-client-ts/UserManager.ts at 7734ee087187f682a7a575b0b982249cedcf702c · authts/oidc-client-ts
6 Replies
mffap
mffap3y ago
Hey Davide, we're currently looking into options for setting the x-frame-options on application level to allow silent sign-in Would the SAMEORIGIN directive work in your case?
DWalder
DWalderOP3y ago
If I'm not wrong, this is the one we used with Auth0, so it should work
mffap
mffap3y ago
Ok that's very good to know Thanks We had a similar request. I'll try to confirm that and if that's the solution, then I'm sure we can deliver that sometime soon. I'll keep you posted.
DWalder
DWalderOP3y ago
One issue we were struggling with (with the Auth0 integration) was how to handle the following case: - user has an active linked external IDP account, which is used to log in - the user logs out from the app (not from its IDP) - the IDP login is still active, the silent signin picks it up and the user is back in the app With Auth0 it was possible to configure whether a user was also signed out from its IDP or not. We managed to get set it so that the logout only affects the app (not the IDP), and consent is not required in case of a new tab.
DWalder
DWalderOP3y ago
Here is the magic option: https://github.com/auth0/auth0-spa-js/blob/cf038ad62dfc6d3b3d57f9f13dcfb7191f81d0fd/src/global.ts#L21
GitHub
auth0-spa-js/global.ts at cf038ad62dfc6d3b3d57f9f13dcfb7191f81d0fd ...
Auth0 authentication for Single Page Applications (SPA) with PKCE - auth0-spa-js/global.ts at cf038ad62dfc6d3b3d57f9f13dcfb7191f81d0fd · auth0/auth0-spa-js
mffap
mffap3y ago
Thanks, thats very helpful.

Did you find this page helpful?