问题背景

某客户使用了第三方的Authentication service来实现Spartacus用户的登录机制：

In our project we have integration with MDCIM team who handles login and authorization.

This part of code redirects the User to MDCIM URL and once authorization is completed by the User in MDCIM, the user will be landed back to our home page completing the login scenario.

Here our API redirect to MDCIM and waits for a token. Once response received we use the token to get the user information with another API call.

使用token，调用另一个API，获取user信息。

We found out that the problem was caused by using this.windowAdapter.getWindow().sessionStorage.* without previously checking if the sessionStorage is actually available. In s-s-r it was undefined.

If you wrap all the calls in an if (this.windowAdapter.getWindow().sessionStorage) {...} the PLP pages are being s-s-red correctly.

As an additional, browser’s storage (sessionStorage, localStorage) API is not available in s-s-r, therefore code defensively.

自开发的用户认证：

 customizeAuthentication(): void {

   this.customLoginAdapter

     .getMDCIMToken(this.authCode)

     .subscribe((data: AuthTokenDetails) => {

       console.log('Output from MDCIM: ', data);

       console.log(

         'Session Storage present: ',

         this.windowAdapter.getWindow().sessionStorage

       );

       if (data && data.token) {

         const userId = data?.userDetails?.email;

         const password = '';

         this.authService.authorize(userId, password);

         if (this.windowAdapter.getWindow().sessionStorage) {

           this.windowAdapter

             .getWindow()

             .sessionStorage.setItem('MDCIM-Token', JSON.stringify(data));

         }

         this.getOuthToken();

       }

     });

 }

sessionStorage和localStorage都无法在s-s-r模式下工作。

While using s-s-r the page html is generated at html. However the window, sessionStorage and localStorage objects are of the browser contextual objects. s-s-r at server side cannot have access to these objects.

This is the reason of s-s-r not working on the pages where these objects are being used.

If window or localStorage objects are required to be used with s-s-r then include the library @ng-toolkit/universal .

An example of using window and localStorage objects with s-s-r can be referred at this article

***实践

***不要在s-s-r模式下进行用户认证(user Authentication)相关的逻辑：

In general we don’t recommend running any authentication / authorization related code in the s-s-r mode, unless you are aware of all the security issues and pitfall that with it. It might be a good idea to skip the whole auth logic in the s-s-r mode.

解决方案

I can suggest you to try to inject the @Inject(PLATFORM_ID) protected platform: any (from @angular/core) to your custom-login.component.ts, and then check if the platform is a browser or a server with isPlatformBrowser() or isPlatformServer() ( both coming from @angular/common).

if (isPlatformServer(this.platform)) {

return;

}