Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Problem: Incorrect redirect URL after successful login #176

Open
newbro opened this issue Mar 27, 2024 · 3 comments
Open

Problem: Incorrect redirect URL after successful login #176

newbro opened this issue Mar 27, 2024 · 3 comments

Comments

@newbro
Copy link

newbro commented Mar 27, 2024

We have encountered an issue after upgrading from 3.11.0 to 3.14.3.

Our application is hosted on a subpath (e.g. https://x.x.x.x/abc). After moving onto 3.14.3, we found that after user successfully login via ADFS, the application does not get redirected back to the original destination (i.e. https://x.x.x.x/abc), instead it redirects back to https://x.x.x.x with the subpath missing.

I found a change in 3.12.1 was done to fixed redirect URI corruption, not sure if this is related.

@infohash
Copy link
Contributor

The destination endpoint is temporarily stored in session cookies. The callback endpoint after successful authentication redirects the user to the stored destination. What is the value of your OIDC_REDIRECT_URI? Is your identity provider correctly redirecting back to OIDC_REDIRECT_URI after successful authentication?

@newbro
Copy link
Author

newbro commented Mar 27, 2024

I found the issue is caused by the pull-request #169

        # 3.14.1
        flask.session['destination'] = flask.request.url
        # 3.14.3
        flask.session['destination'] = flask.request.full_path

For my use case the flask.request.full_path was returning /? which broken the redirection after successful authentication. I have downgrade to 3.14.1 for now as temp workaround.

@infohash
Copy link
Contributor

infohash commented Aug 9, 2024

I am not able to reproduce your issue. It redirects back to the destination where you were at before you are redirected to the identity provider. So all paths, subpaths, path params and query params remain preserved. Flask properly handles empty query param so a redirect to /abc? will be routed to https://x.x.x.x/abc.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants