fix(auth): continue OIDC PKCE flow after register and return users to SPA callback

Author: Diogo-Ferraz

src/app/core/auth/services/auth.service.ts

@@ -39,19 +39,7 @@ export class AuthService {
   }
 
   async startLoginRedirect(): Promise<void> {
-    const state = this.createRandomUrlSafeString(32);
-    const verifier = this.createRandomUrlSafeString(64);
-    const challenge = await this.createPkceChallenge(verifier);
-
-    const requestState: PkceAuthorizationRequestState = {
-      state,
-      verifier,
-      createdAtUtcMs: Date.now()
-    };
-
-    sessionStorage.setItem(PKCE_REQUEST_STORAGE_KEY, JSON.stringify(requestState));
-
-    const authorizeUrl = this.createAuthorizeUrl(state, challenge);
+    const authorizeUrl = await this.createAuthorizeRedirectUrl();
     window.location.assign(authorizeUrl);
   }
 
@@ -111,8 +99,9 @@ export class AuthService {
     window.location.assign(logoutUrl);
   }
 
-  openRegisterPage(): void {
-    const registerUrl = `${this.appEnvironment.auth.authority.replace(/\/$/, '')}/Identity/Account/Register`;
+  async openRegisterPage(): Promise<void> {
+    const authorizePath = await this.createAuthorizeRedirectPath();
+    const registerUrl = `${this.appEnvironment.auth.authority.replace(/\/$/, '')}/Identity/Account/Register?returnUrl=${encodeURIComponent(authorizePath)}`;
     window.location.assign(registerUrl);
   }
 
@@ -158,18 +147,47 @@ export class AuthService {
 
   private createAuthorizeUrl(state: string, challenge: string): string {
     const authorizeEndpoint = `${this.appEnvironment.auth.authority.replace(/\/$/, '')}/connect/authorize`;
-    const scopes = this.appEnvironment.auth.scopes.join(' ');
-    const params = new URLSearchParams({
+    const params = this.createAuthorizeParams(state, challenge);
+
+    return `${authorizeEndpoint}?${params.toString()}`;
+  }
+
+  private async createAuthorizeRedirectUrl(): Promise<string> {
+    const { state, challenge } = await this.createPkceAuthorizationRequestState();
+    return this.createAuthorizeUrl(state, challenge);
+  }
+
+  private async createAuthorizeRedirectPath(): Promise<string> {
+    const { state, challenge } = await this.createPkceAuthorizationRequestState();
+    const params = this.createAuthorizeParams(state, challenge);
+    return `/connect/authorize?${params.toString()}`;
+  }
+
+  private createAuthorizeParams(state: string, challenge: string): URLSearchParams {
+    return new URLSearchParams({
       response_type: this.appEnvironment.auth.responseType,
       client_id: this.appEnvironment.auth.clientId,
       redirect_uri: this.appEnvironment.auth.redirectUri,
-      scope: scopes,
+      scope: this.appEnvironment.auth.scopes.join(' '),
       state,
       code_challenge: challenge,
       code_challenge_method: 'S256'
     });
+  }
 
-    return `${authorizeEndpoint}?${params.toString()}`;
+  private async createPkceAuthorizationRequestState(): Promise<{ state: string; challenge: string }> {
+    const state = this.createRandomUrlSafeString(32);
+    const verifier = this.createRandomUrlSafeString(64);
+    const challenge = await this.createPkceChallenge(verifier);
+
+    const requestState: PkceAuthorizationRequestState = {
+      state,
+      verifier,
+      createdAtUtcMs: Date.now()
+    };
+
+    sessionStorage.setItem(PKCE_REQUEST_STORAGE_KEY, JSON.stringify(requestState));
+    return { state, challenge };
   }
 
   private createLogoutUrl(idTokenHint?: string): string {

src/app/features/landing/components/landing-page/landing-page.component.ts

@@ -21,7 +21,7 @@ export class LandingPageComponent {
   }
 
   register(): void {
-    this.authService.openRegisterPage();
+    void this.authService.openRegisterPage();
   }
 
   startDebugMode(): void {

src/app/features/profile/components/user-profile-security/user-profile-security.component.ts

@@ -121,7 +121,7 @@ export class UserProfileSecurityComponent {
   }
 
   register(): void {
-    this.authService.openRegisterPage();
+    void this.authService.openRegisterPage();
   }
 
   private serializeClaimValue(value: unknown): string {