Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Do not set oidc_login_next for AJAX 403 redirects #500

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Do not set oidc_login_next for AJAX 403 redirects #500

wants to merge 1 commit into from

Conversation

drwonky
Copy link

@drwonky drwonky commented Jul 11, 2023

Moved the oidc_login_next to below the AJAX return, this means AJAX requests will be redirected to the LOGIN_REDIRECT_URL instead of the API endpoint that generated the session refresh.

@drwonky
Do not set oidc_login_next for AJAX 403 redirects
507eb69 
Moved the oidc_login_next to below the AJAX return, this means AJAX
requests will be redirected to the LOGIN_REDIRECT_URL instead of the
API endpoint that generated the session refresh.
@drwonky
Copy link
Author

drwonky commented Jul 11, 2023
edited
Loading

See PR #364 for additional context. This is me cleaning up that PR, even if it's 3 years later 😉

If I can remember rightly, this fix was needed because the flow should go to the LOGIN_REDIRECT_URL after re-authenticating. The problem is that if you catch the re-auths in your application, you don't want the browser being redirected to the REST endpoint that triggered the re-auth after authenticating. It would break the contract with the application.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@drwonky