How can I redirect after login to the url before without registering all client side routes at my IdP

Question

Normally I have to register the authorize callback url/redirect_url at my IdP.

But what if that redirect_url is always the one the user tried to activate in an unauthorized state, that would mean I would have to register all 1000 possible routes at my IdP.

That can not a be solution!

So what can I do else?

UPDATE

I use the implicit flow which is for javascript based apps.

Answer 1

I don't know which flow you are using. I will assume the implicit flow but this solution can be adapted.

Most clients solve this by having a special http://mypage/login-callback route. So you only register this route as redirect_uri. Before redirecting to the OIDC authentication endpoint you "save" the route the user requested. Either by setting a cookie or storing it on sessionstorage. Once redirected to the login-callback you extract the token(s) and check for the cookie/localstorage key, then do another redirect.

Here's a random angular example using oidc-client:

async completeAuthenticationAsync() {
    // complete login, get tokens etc...
    this.user = await this.manager.signinRedirectCallback();
    this.emitState();
    // check for previously saved URI
    var redirect = sessionStorage.getItem("auth:redirect");
    if(redirect){
        // redirect to route - this is using the angular router
        sessionStorage.removeItem("auth:redirect")
        this.router.navigate([redirect]);
    }
    else {
        // redirect to start page
        this.router.navigate([""]);
    }
}

Edit: Since you are looking for offical sources and you tagged Identity Server 4, they do the double redirect in their Javascript client example: http://docs.identityserver.io/en/release/quickstarts/7_javascript_client.html