cloudfront-auth icon indicating copy to clipboard operation
cloudfront-auth copied to clipboard

Published 20 hours ago verified publisher icon Widen

User trapped at callback URL on verification error

Open 3sGgpQ8H opened this issue 5 years ago • 1 comments
trafficstars

After successful or unsuccessful OAuth 2.0 authentication, the user is redirected back to the original application at so called callback URL, where cloudfront-auth verifies response code, nonce etc. In case callback verification fails, an error message is shown to the user at callback URL. If user reloads the page, cloudfront-auth does not perform new OAuth request, but instead just verifies again the same callback parameters whose verification already failed.

The callback URL, when showing error, should output Content-Location header referring to the original URL user started with, so pressing reload will reload that original URL and restart authentication process.

3sGgpQ8H avatar Nov 28 '19 08:11 3sGgpQ8H

It seems that Content-Location does not work this way. Probably window.history.pushState in body onload could be used instead.

3sGgpQ8H avatar Nov 29 '19 06:11 3sGgpQ8H