Skip to content

Use built-in APIs to parse URLs#143

Merged
jonkoops merged 1 commit intokeycloak:mainfrom
jonkoops:no-manual-url-parsing
Jul 16, 2025
Merged

Use built-in APIs to parse URLs#143
jonkoops merged 1 commit intokeycloak:mainfrom
jonkoops:no-manual-url-parsing

Conversation

@jonkoops
Copy link
Copy Markdown
Contributor

@jonkoops jonkoops commented Jul 11, 2025
edited
Loading

Re-writes the callback URL parsing to use standard APIs such as URLSearchParams. This also fixes a bug where some data would be double encoded, as well as improving spec compliance by omitting the hash from the redirect URI.

Closes #56

@jonkoops jonkoops requested a review from Copilot July 11, 2025 14:32

This comment was marked as outdated.

Sign in to view

@jonkoops jonkoops mentioned this pull request Jul 11, 2025
Open
@jonkoops jonkoops force-pushed the no-manual-url-parsing branch from e72ba04 to 072ac27 Compare July 15, 2025 08:43
@jonkoops jonkoops force-pushed the no-manual-url-parsing branch from 072ac27 to fc42a40 Compare July 15, 2025 11:00
@jonkoops jonkoops requested review from a team, Copilot and mposolda July 15, 2025 11:09
Copilot AI reviewed Jul 15, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Refactors callback URL handling to use the browser’s built-in URL and URLSearchParams APIs, fixes a double-encoding bug, and omits the hash fragment from redirect URIs.

  • Updates tests to expect decoded error descriptions
  • Rewrites #parseCallbackUrl and #parseCallbackParams to use URL/URLSearchParams
  • Introduces stripHash helper and removes manual encodeURIComponent calls

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
test/tests/implicit-flow.spec.ts Adjusted expected error_description strings to use spaces instead of +
lib/keycloak.js Refactored callback parsing, replaced manual string slicing with URL APIs, added stripHash, and updated redirect URI handling
Comments suppressed due to low confidence (2)

lib/keycloak.js:2166

  • Add unit tests for the new stripHash function to verify it correctly removes the hash fragment from various URL inputs.
function stripHash(url) {

lib/keycloak.js:1059

  • Consider adding tests for parseCallbackUrl to ensure query parameters are properly preserved or stripped according to supportedParams and that redirectUri is computed as expected.
        if (this.responseMode === 'query' && url.searchParams.size > 0) {

@jonkoops
Copy link
Copy Markdown
Contributor Author

jonkoops commented Jul 15, 2025

@twobiers since you are also working on this area in another PR, could I ask you to put in a review for this one?

twobiers
twobiers reviewed Jul 15, 2025
View reviewed changes
Copy link
Copy Markdown

@twobiers twobiers left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure thing, glad to add some comments. Overall LGTM.

Comment thread lib/keycloak.js
Comment thread lib/keycloak.js
Comment thread lib/keycloak.js
mposolda
mposolda reviewed Jul 16, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@mposolda mposolda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jonkoops Thanks for the PR. Added some questions to the PR. Could you check this?

Comment thread lib/keycloak.js
Comment thread test/tests/implicit-flow.spec.ts
@jonkoops
Copy link
Copy Markdown
Contributor Author

jonkoops commented Jul 16, 2025

I am merging this change in, thanks for the reviews!

@jonkoops jonkoops merged commit 82924d0 into keycloak:main Jul 16, 2025
4 checks passed
@jonkoops jonkoops deleted the no-manual-url-parsing branch July 16, 2025 13:12
@martial-brisou
Copy link
Copy Markdown

martial-brisou commented Sep 4, 2025

Hello @jonkoops ,
When will Keycloak-JS be released next to include this pull request ?
Thx,
Martial

@jonkoops
Copy link
Copy Markdown
Contributor Author

jonkoops commented Sep 4, 2025

Probably in the next couple of weeks or so

@martial-brisou
Copy link
Copy Markdown

martial-brisou commented Sep 4, 2025

Thank you. We look forward to this release.

@martial-brisou
Copy link
Copy Markdown

martial-brisou commented Oct 9, 2025

Hello @jonkoops,

I'd like to follow up with you regarding the availability of a new release of Keycloak JS. The last release was in February. Currently, we're stuck deploying our applications, and this PR seems to be able to correct our usage.

Thank you for your feedback.

Sincerely,
Martial

@jonkoops
Copy link
Copy Markdown
Contributor Author

jonkoops commented Oct 9, 2025

Working on landing the final bits now, after which I will ask @pskopek to do a release.

@jonkoops jonkoops mentioned this pull request Nov 5, 2025
Closed
@djoho djoho mentioned this pull request Jan 8, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mposolda mposolda mposolda approved these changes

+1 more reviewer

@twobiers twobiers twobiers left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Refactor URL logic to use standardized APIs

5 participants

@jonkoops @martial-brisou @mposolda @twobiers