stripHash adds trailing slash (breaks redirectUri) #151
Description
Describe the bug
keycloak-js cleans redirectUri using the stripHash() function.
// Keycloak.js line 2166 https://github.com/keycloak/keycloak-js/blob/main/lib/keycloak.js#L2166
function stripHash(url) {
const parsedUrl = new URL(url);
parsedUrl.hash = '';
return parsedUrl.toString();
}But this can add a trailing slash. For example:
const url = "http://localhost:3000"
const clean_url = stripHash(url)
// This produces:
// "http://localhost:3000/"
// Notice the trailing slash :(In our case, the trailling slash breaks login, as our OIDC server is extremely restrictive.
Version
26.2.0
Expected behavior
stripHash() should not add a trailing slash.
const url = "http://localhost:3000"
const clean_url = stripHash(url)
// This should produce:
// "http://localhost:3000"Actual behavior
stripHash() currently adds a trailing slash :(
const url = "http://localhost:3000"
const clean_url = stripHash(url)
// This produces:
// "http://localhost:3000/"
// Notice the trailing slash :(How to Reproduce?
You can run the code manually in the browser console:
// Keycloak.js line 2166 https://github.com/keycloak/keycloak-js/blob/main/lib/keycloak.js#L2166
function stripHash(url) {
const parsedUrl = new URL(url);
parsedUrl.hash = '';
return parsedUrl.toString();
}
// Example code:
const url = "http://localhost:3000"
const clean_url = stripHash(url)
// This produces:
// "http://localhost:3000/"
// Notice the trailing slash :(Additionally, the stripHash() call happens in two places:
- In
createLoginUrl()https://github.com/keycloak/keycloak-js/blob/main/lib/keycloak.js#L1194 - In
fetchAccessToken()https://github.com/keycloak/keycloak-js/blob/main/lib/keycloak.js#L2069
Anything else?
No response