關于自定義的登入機制在SAP Spartacus伺服器端渲染(SSR)實施過程中遇到的問題

問題背景

某客戶使用了第三方的Authentication service來實作Spartacus使用者的登入機制：

In our project we have integration with MDCIM team who handles login and authorization.

This part of code redirects the User to MDCIM URL and once authorization is completed by the User in MDCIM, the user will be landed back to our home page completing the login scenario.

Here our API redirect to MDCIM and waits for a token. Once response received we use the token to get the user information with another API call.

使用token，調用另一個API，擷取user資訊。

We found out that the problem was caused by using this.windowAdapter.getWindow().sessionStorage.* without previously checking if the sessionStorage is actually available. In SSR it was undefined.

If you wrap all the calls in an if (this.windowAdapter.getWindow().sessionStorage) {...} the PLP pages are being SSRed correctly.

As an additional, browser’s storage (sessionStorage, localStorage) API is not available in SSR, therefore code defensively.

自開發的使用者認證：

 customizeAuthentication(): void {

   this.customLoginAdapter

     .getMDCIMToken(this.authCode)

     .subscribe((data: AuthTokenDetails) => {

       console.log('Output from MDCIM: ', data);

       console.log(

         'Session Storage present: ',

         this.windowAdapter.getWindow().sessionStorage

       );

       if (data && data.token) {

         const userId = data?.userDetails?.email;

         const password = '';

         this.authService.authorize(userId, password);

         if (this.windowAdapter.getWindow().sessionStorage) {

           this.windowAdapter

             .getWindow()

             .sessionStorage.setItem('MDCIM-Token', JSON.stringify(data));

         }

         this.getOuthToken();

       }

     });

 }

sessionStorage和localStorage都無法在SSR模式下工作。

While using SSR the page html is generated at html. However the window, sessionStorage and localStorage objects are of the browser contextual objects. SSR at server side cannot have access to these objects.

This is the reason of SSR not working on the pages where these objects are being used.

If window or localStorage objects are required to be used with SSR then include the library @ng-toolkit/universal .

An example of using window and localStorage objects with SSR can be referred at this article

最佳實踐

最好不要在SSR模式下進行使用者認證(user Authentication)相關的邏輯：

In general we don’t recommend running any authentication / authorization related code in the SSR mode, unless you are aware of all the security issues and pitfall that with it. It might be a good idea to skip the whole auth logic in the SSR mode.

解決方案

I can suggest you to try to inject the @Inject(PLATFORM_ID) protected platform: any (from @angular/core) to your custom-login.component.ts, and then check if the platform is a browser or a server with isPlatformBrowser() or isPlatformServer() ( both coming from @angular/common).

if (isPlatformServer(this.platform)) {

return;

}