Proposal: Add implicit flow through popup

[leonardochaia]

This PR adds a new method initImplicitFlowInPopup which opens a new Window to the silentRefreshRedirectUri with the display=popup query param.
It performs the implicit flow inside the popup, inspired on how silent renewal is being done.

[leonardochaia]

The corresponding html for the iframe needs to be changed to consider window.opener.
We may want to use a different config property for this iframe url to allow consumers to use a different one.

<html>

<body>
  <script>
    (window.opener || window.parent).postMessage(location.hash, location.origin);
  </script>
</body>

</html>

[jeroenheijmans]

👍 LGTM, nice feature! (Disclaimer: haven't tested it though, just skimmed through the changes.)

[Jrubzjeknf]

Tested it by copying it to my project, as we require this functionality at short notice.

The implementation works well. It does require modifying the silent-refresh.html as per @leonardochaia's comment. Also, you may want to modify the calculatePopupFeatures() to allow users to login using a new window/tab instead of a popup.

All in all, nice job! Saved me a lot of time. 👍

[cgatian]

@manfredsteyer is there any reason this shouldnt be merged?

[manfredsteyer]

Great. THX!

[pieterdb4477]

Is this feature documented somewhere?

[leonardochaia]

Hi @pieterdb4477, unfortunately it's not.
Hopefully this can help you get started:

1. Change the iframe HTML like my so: (notice the window.opener)

<html>

<body>
  <script>
    (window.opener || window.parent).postMessage(location.hash, location.origin);
  </script>
</body>

</html>

2. Call authService.initImplicitFlowInPopup()
3. A new window should open to the authorize endpoint of your IDP.
4. After you login, it should be closed new tokens should be obtained

Regards,
Leo.

[lamnv5490]

The problem I am facing is I don't know what to do after system finished popup flow. I have tried this out but nothing return.

this._authService.initImplicitFlowInPopup().then(value => { console.log(value); });

What if I clear local storage then refresh browser. The flow still shows popup but there is something wrong in local storage. Here it is:

Regard,

[leonardochaia]

hey @lamnv5490 , if I remember correctly after you've called initImplicitFlowInPopup and the popup closes, you should be able to get the token with authService.accessToken

I'm did not understand the last part of your comment tho.

[lamnv5490]

The last part happened when I delete all local storage and press F5 button. The popup still shows up but I didn't get any access token.

I know that when the popup closes, I would able to get the token. But it would be great that we could observe our initImplicitFlowInPopup whenever we receive the token :)