Normally I have to register the authorize callback url/redirect_url at my IdP.
But what if that redirect_url is always the one the user tried to activate in an unauthorized state, that would mean I would have to register all 1000 possible routes at my IdP.
That can not a be solution!
So what can I do else?
UPDATE
I use the implicit flow which is for javascript based apps.
The most common ways to implement redirection logic after login are: using HTTP Referer header. saving the original request in the session. appending original URL to the redirected login URL.
Add a new URL redirectClick the URL Redirects tab. In the upper right, click Add URL redirect. In the right panel, select the Standard or Flexible redirect type. A standard redirect is used to redirect one URL to another.
A redirect URI, or reply URL, is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.
HTTP redirect enables SAML protocol messages to be transmitted within URL parameters. It enables SAML requestors and responders to communicate by using an HTTP user agent as an intermediary. The intermediary might be necessary if the communicating entities do not have a direct path of communication.
I don't know which flow you are using. I will assume the implicit flow but this solution can be adapted.
Most clients solve this by having a special http://mypage/login-callback
route. So you only register this route as redirect_uri
. Before redirecting to the OIDC authentication endpoint you "save" the route the user requested. Either by setting a cookie or storing it on sessionstorage
. Once redirected to the login-callback
you extract the token(s) and check for the cookie/localstorage key, then do another redirect.
Here's a random angular example using oidc-client:
async completeAuthenticationAsync() {
// complete login, get tokens etc...
this.user = await this.manager.signinRedirectCallback();
this.emitState();
// check for previously saved URI
var redirect = sessionStorage.getItem("auth:redirect");
if(redirect){
// redirect to route - this is using the angular router
sessionStorage.removeItem("auth:redirect")
this.router.navigate([redirect]);
}
else {
// redirect to start page
this.router.navigate([""]);
}
}
Edit: Since you are looking for offical sources and you tagged Identity Server 4, they do the double redirect in their Javascript client example: http://docs.identityserver.io/en/release/quickstarts/7_javascript_client.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With