Summary
src/components/controller/ops/accept_access.js line ~52 does:
```js
const clientData = ctx.accessState['clientData'];
if (clientData && clientData['app-web-auth:ensureBaseStreams']) {
// ...
}
// ... later ...
if (Object.keys(clientData).length > 0) {
requestData.clientData = clientData;
}
```
The first read is guarded (if (clientData && …)), but the second
Object.keys(clientData) is not. When a client calls
pryv.Browser.setupAuth() without an authRequest.clientData field,
ctx.accessState.clientData is `undefined` and the accept-click
throws:
```
TypeError: Cannot convert undefined or null to object
at Object.keys ()
at accept_access.js:52:14
```
The popup then renders "Unexpected error" and the access is never
marked accepted — the main window's poll never sees ACCEPTED.
Reproduction
- From any client, call `pryv.Browser.setupAuth({ authRequest: { requestingAppId, requestedPermissions } })` without including `clientData`.
- Sign in, click ACCEPT on the permissions page.
- Popup shows "Unexpected error"; main window still stuck in NEED_SIGNIN.
Suggested fix
Guard the second use the same way as the first:
```js
if (clientData && Object.keys(clientData).length > 0) {
requestData.clientData = clientData;
}
```
Workaround
Clients can pass `clientData: {}` explicitly in the authRequest to
avoid the crash, but the library should not require this.
Environment
Observed on the production build deployed at
`https://healthdatasafe.github.io/app-web-auth3-hds/\` via pryv-lib-js
3.0.1 and the demo platform at `demo.datasafe.dev`.
Summary
src/components/controller/ops/accept_access.jsline ~52 does:```js
const clientData = ctx.accessState['clientData'];
if (clientData && clientData['app-web-auth:ensureBaseStreams']) {
// ...
}
// ... later ...
if (Object.keys(clientData).length > 0) {
requestData.clientData = clientData;
}
```
The first read is guarded (
if (clientData && …)), but the secondObject.keys(clientData)is not. When a client callspryv.Browser.setupAuth()without anauthRequest.clientDatafield,ctx.accessState.clientDatais `undefined` and the accept-clickthrows:
```
TypeError: Cannot convert undefined or null to object
at Object.keys ()
at accept_access.js:52:14
```
The popup then renders "Unexpected error" and the access is never
marked accepted — the main window's poll never sees ACCEPTED.
Reproduction
Suggested fix
Guard the second use the same way as the first:
```js
if (clientData && Object.keys(clientData).length > 0) {
requestData.clientData = clientData;
}
```
Workaround
Clients can pass `clientData: {}` explicitly in the authRequest to
avoid the crash, but the library should not require this.
Environment
Observed on the production build deployed at
`https://healthdatasafe.github.io/app-web-auth3-hds/\` via pryv-lib-js
3.0.1 and the demo platform at `demo.datasafe.dev`.