Use X-Auth-Request-Redirect if rd not given

[iain-buclaw-sociomantic]

For consistency with sign_in, and to be able to pass arguments escaped to the redirect url.

i.e:

auth_request    /oauth2/auth;
error_page      401 = /oauth2/start?rd=$request_uri;

When calling:

curl http://myserver/?foo=123&bar=456&uid=789

The result of req.Form.Get("rd") is foo=123. The rest of the uri string is discarded by oauth proxy.

[ploxiln]

The actual problem here is that nginx was not told to url-encode $request_uri to be a query param value. Searching around, it looks like there really isn't a good way to do that ... possibly just this out-of-tree module https://github.com/openresty/set-misc-nginx-module#set_escape_uri

[iain-buclaw-sociomantic]

Yeah, I've already had a look around before concluding this. I'm not building a custom version of nginx. :-)

[iain-buclaw-sociomantic]

Just FYI, the sign_in page is not affected by this, hence re-using X-Auth-Request-Redirect header.

[asergeyev]

This difference between /start and /sign_in is actually quite annoying and forces to use extra step for users when I don't need it (everyone authenticate with one provider) +1 for this patch