handleIncomingRedirect() strips querystring from redirect_uri when restorePreviousSession : true

[gibsonf1]

Search terms you've used

search: handleIncomingRedirect

Impacted package

Which packages do you think might be impacted by the bug ?

• [x ] solid-client-authn-browser

Bug description

When using await session.handleIncomingRedirect({ restorePreviousSession : true }) after a refresh, the redirect_uri sent to the server to use in the redirect back is stripped of the query string, so the app will always end up logging in back at the start page for the app rather than the state represented by the query string.

To Reproduce

1. Click refresh on browser
2. Observer redirect_uri coming back stripped of query string
3. Logs in back in start page for app

Expected result

The redirect_uri should be maintained with querystring through the silent log in process such that the app can continue where it was at the time of refresh using initial query state.

Actual result

query stripped from redirect_uri

Environment

App using above function communicating with Pod Server

[NSeydoux]

On incoming redirect, @inrupt/solid-client-authn-browser strips the OIDC-related query strings from the redirect URL, namely state, code, id_token, access_token, error and error_description. Some values are stored internally by the library in the OIDC state, which is why it is overriden. One thing we could do is to add as a feature that login supports data being passed in to be stored in the state, and restored upon redirect. Do you think that would suit your use case ?