2

I have an app that runs on example.com and you can log into it via SSO. You can also embed example.com into any website you want. When a user needs to log into example.com via SSO we open a new window and then, normally, that window uses window.opener.postMessage() to let the iframe know when it's done and send back a login token. This has the following issues:

  1. Sometimes with Google OAuth, the popup window has the window.opener set to null. Not sure why but when this happens we obviously can no longer post a message back.

  2. So then people say to use BroadcastChannel to communicate back to the API, however, Chrome now has partitioned BroadcastChannel so - if you are an the iframe in this case your sandbox is for randompage.com > example.com and so you cannot communicate from the popup back to the iframe through BroadcastChannel.

So how is this supposed to be done now?

Using the window.opener method, posting back works in most cases, but Google OAuth can set opener to null. BroadcastChannel with iframes seems to be partitioned and this wont' be a reliable source forward.

Related questions
11982
How can I remove a specific item from an array in JavaScript?
7516
How do I remove a property from a JavaScript object?
6709
How do I return the response from an asynchronous call?
Load 7 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.