I am getting this error using oidc-client.js
oidc-client.min.js:1 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://auth.xxx.yyy.co.uk') does not match the recipient window's origin ('https://xxx.yyy.co.uk').
Where auth.xxx.yyy.co.uk is Identity Server, and xxx.yyy.co.uk is the SPA.
This error is only impacting one user, I would have thought it would be everyone if it was a CSP issue?
The one user it is impacting ends up in a redirect loop between the SPA and ID server. I shared a screen with this user and could not see any setup differences, they were using the same version of Chrome. Tried an incognito window. Checked the response from the autodiscover in ID server and this was all correct. The only thing I did note, was that their internet was particularly slow. However I have tried replicating using the slow 3G option in Chrome (unless there was a timing issue where the silent renew was occurring before the signin redirect had completed), but couldn't repo the issue.
All other users login just fine.
I'm using silent-renew, so I'm guessing this is the iframe calling back to ID server.
Anyone else come across this issue before?
Here's the config I'm using for oidc-client
const config = {
authority:xxxx,
client_id:xxx,
redirect_uri:xxx,
response_type: 'code',
scope: 'openid profile api',
post_logout_redirect_uri:xxx,
automaticSilentRenew: true,
silent_redirect_uri:xxx,
clockSkew: 3600, //60 minutes,
userStore: new WebStorageStateStore({ store: window.localStorage }),
};
Log.logger = console;
Log.level = Log.DEBUG;
const userManager = new UserManager(config);
And then on the component:
getUser().then((user) => {
if (!user || user.expired) {
signinRedirect(`${location.pathname}${location.search}`).catch(
(e) => {
history.push('/Access-Denied');
}
);
} else {
storeUser(user);
}