katana | Katana project is a FastAPI template | REST library

Your code is working fine and the variable itemToGive is the object you think it should be. [object object] is just some problem you're experiencing with string conversion. Run the snippet below

Two options. First is you could add to the SQL “WHERE parent=1”, what will get you all items where the parent = 1.

Section option would be to put an if statement in to say to only display if the parent = 1.

Use a null check - ?

Even file names are all hashed, it couldn't help a lot. The only way is just do Ctrl + Shift + R for hard refreshing or whatever hard refreshing is the only way, in javascript, location.reload() is the function.

Good thing is we have PWA (Service worker) can detect all changes of your site, on your browser.

Just add ng add @angular/pwa then you will be get integrated with service worker.

And just detect changes using it.

This code to app.component.ts

You have both syntax and logic issues.

I'll start with the beginning of the JS file, you wrote this:

A likely reason the user is signed out of the identity provider is that your code is intentionally doing that when you call SignOut.

For example, if you are calling:

Looks like I stumbled upon a solution:

The new helper.pl

It has a modified helper/2: now helper/3 which accepts the module name of the caller as third argument and uses it to qualify the call to toolshed/1:

(is it possible to find out by which module one is currently being called? without creating a stack trace?)

Should work fine - the flow is determined by the response_type field:

• Implicit flow would use 'token' or 'token id_token' - it does not look like you are using that. It is recommended to avoid including token, since that returns tokens in URLs and they could leak

• Use code flow via 'code' - though I believe the MS libraries may require you to use the hybrid flow of 'code id_token'. Both are secure designs.

PKCE is needed for single page apps, since they cannot store a client secret. For your server side app it is less important since the secret is not revealed to the browser. I don't think those MS server side libraries support PKCE.

Maybe what Tratcher posted in Github (https://github.com/aspnet/Security/issues/1645) answers your question?

In case it does, his reply there to the "WsFed confusion between Wreply and CallbackPath #1645" issue was:

When WsFed was ported from Katana it was translation with modest updates, most of the original design and options were preserved. Justin noticed in testing that the modified relationship between CallbackPath and Wreply is confusing and may cause infinite login loops for our customers. Wreply sets the address the identity provider returns to. CallbackPath sets the path the middleware listens on for the reply.

In Katana users could opt to set Wreply and CallbackPath would be derived from that. Neither had a default and if it wasn't set then the middleware would read all form-post requests.

In Core CallbackPath defaults to /signin-wsfed like our other handlers and Wreply has no value. Challenges generate a wreply from the CallbackPath. The confusion comes if someone sets wreply without updating or clearing CallbackPath. The server will reply to a path that the handler isn't listening on, likely resulting in an infinite auth loop or 404.

The motivation for making wreply a public option on WsFed rather than generating the redirect like other providers was that WsFed identity servers were known to be extremely strict on matching the value, to the point of requiring exact casing, etc.. Generating the url from user input may not be sufficient for this check. It's unclear how many customers have run into this mismatch vs those that set wreply because they saw it in a sample.

Not sure what the best path forward here is. We'll see how many users run into it.

I added emphasys to what I think may answer your first question. Regarding your second question, there doesn't seem to be a situation where it makes sense for Wreply and CallbackPath to be incompatible. (Technically, they are always different because CallbackPath - unlike Wreply - is not a full URL.)