Refactor browser-util.js / clearHashFragment() to preserve the original hash fragment while clearing out oidc-related hash fragment parameters.
For example, user requests the page https://example.com/resource#someHashFragment, and initiates a WebID-OIDC login flow.
The client will send redirect_uri=https://example.com/resource#someHashFragment as part of its implicit authorization flow. On the return step, the user's browser will be redirected back to the redirect_uri with additional credentials and auth-related parameters. It will be 302 redirected to:
https://example.com/resource#someHashFragment&id_token=...&state=... etc.
In currentSession(), when parsing the response and clearing the hash fragment of the uri, only the following hash fragment params need to be cleared out (see OIDC ImplicitAuthResponse):
id_tokenaccess_tokenstatetoken_typeexpires_in
So that the resulting cleared uri should be https://example.com/resource#someHashFragment.
(Affects downstream issue nodeSolidServer/node-solid-server#571)
Refactor
browser-util.js/clearHashFragment()to preserve the original hash fragment while clearing out oidc-related hash fragment parameters.For example, user requests the page
https://example.com/resource#someHashFragment, and initiates a WebID-OIDC login flow.The client will send
redirect_uri=https://example.com/resource#someHashFragmentas part of its implicit authorization flow. On the return step, the user's browser will be redirected back to theredirect_uriwith additional credentials and auth-related parameters. It will be 302 redirected to:https://example.com/resource#someHashFragment&id_token=...&state=...etc.In
currentSession(), when parsing the response and clearing the hash fragment of the uri, only the following hash fragment params need to be cleared out (see OIDC ImplicitAuthResponse):id_tokenaccess_tokenstatetoken_typeexpires_inSo that the resulting cleared uri should be
https://example.com/resource#someHashFragment.(Affects downstream issue nodeSolidServer/node-solid-server#571)