[oauth] using a custom provider not working on IE 11

Hello everyone,
We want to integrate a custom provider using OpenId (based on oauth2, with the redirect type).
We created an internal package for this and it works very well on Chrome. We used this package as a base for our flow : https://github.com/Aur0r/accounts-learninglayers

The flow is the following :

  • Click oauth button
  • Get redirected to Identity Provider (IDP) on the authorization endpoint
  • Connect on the IDP interface, then get redirected to callback Url : /_oauth/openid
  • The app processes the request, and gets an authorization code
  • App requests an access token to the IDP (POST request on token endpoint)
  • App gets access token and requests for user identity (GET request on user info endpoint)
  • Then Oauth renders the after redirect view containing the #config div with key and secret, and stores the secret in LocalStorage.
  • The user is then redirected to root of the app (login page) where an autorun checks if the user is connected and redirects him to landing page if yes.

As I said, it works perfectly on Chrome, but not on IE 11. So far, I identified that the OAuth.getDataAfterRedirect function cannot get the data from Reload (here)

Can you help me fix this issue ? I was about to create an issue in the meteor/meteor github, but I think that the other accounts packages using oauth work on IE 11, so it must be in my config (I use Nginx) or in my code.

Thanks a lot !

I am replying to myself to add some details on the debugging state. I confirm that Reload.js is not behaving correctly on IE 11 in this case. I have found a rather dirty workaround : rewriting the OAuth.getDataAfterRedirect method to avoid its use ([original code in the meteor oauth package]
(https://github.com/meteor/meteor/blob/devel/packages/oauth/oauth_client.js#L77) ) :

OAuth.getDataAfterRedirect = function () {
  var credentialSecret, credentialToken;
  for (var k in sessionStorage){
    credentialSecret = sessionStorage[k];
    credentialToken = k.replace(OAuth._storageTokenPrefix, "");
  if (!credentialSecret || !credentialToken)
            return null;

  return {
      loginService: "openid",
      credentialToken: credentialToken,
      credentialSecret: credentialSecret

I am not a big fan of this workaround (which is very specific to this login Service) and would prefer it to be working out of the box, in a generic and nice way. Also, I am not sure it is very secure.
What do you think ? Can my code be an issue at some point (from a security point of view) ?
Thanks a lot for your inputs !