[Question]: using a generic redirectUrl for different client-id and different routes #2013
Labels
Comments
|
I had this same question and may have found a solution. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version17
...
Question
I see in all the examples that redirectUrl is set to the current location (well, even window.location.origin which is surely not what you want). Coming from a portal, a user may land on different routes. Also, I may have an SPA accessible in different sections of the website.
Let say:
In the auth server I've configured the OAUTH client-id "myNgAppId". Following the OAUTH spec the auth server allow strict URLs only (no wildcards)
For this OAUTH client-id I cannot reasonably add all possible redirect_uri which may grow in time. I need to setup a general redirect_uri page (say https://server/oauth/redirect_uri.html) that should be able to understand where it should redirect the user. Given it's a GET request this page must read the query parameters, typically the "state" parameter. An OAuth server will replay the "state" parameter unmodified back to the client when the user is redirected to the redirect URL. How can I achieve this?
If I can achieve the previous and it's done at initial configuration time of the app then come another issue. The user may navigate from public routes to certain protected routes. Coming back from the login page the user should land where he was (i.e. the protected route). Should I change the redirectUrl config with each route change then?
I have yet another similar use case. Multiple SPA are embedding shared microfrontends (implemented as Ng Element and Ng library) which are calling protected APIs using their own client-id (not the one of the SPA). The lib supports the use of multiple OAuth client-id as it supports multiple configs but what should I do and when to set the correct redirectUrl?
The text was updated successfully, but these errors were encountered: