components-contrib icon indicating copy to clipboard operation
components-contrib copied to clipboard

Published 20 hours ago verified publisher icon dapr

Oauth2 Middleware control over redirect at end of auth code grant flow

Open drewby opened this issue 2 years ago • 5 comments

Describe the feature

During auth code grant flow, Oauth2 middleware saves the incoming URL at the beginning of the flow. It then redirects to that URL at the end of the flow. However, this incoming URL may be a rewrite at ingress or some other internal cluster URL.

This is where incoming URL is saved: https://github.com/dapr/components-contrib/blob/f2a9e30cddca28d4888475fcf40da1a8ab12ef1b/middleware/http/oauth2/oauth2_middleware.go#LL105C5-L105C37

This feature would allow for control over the redirect at the end of the flow either by providing a fixed redirect in the middleware metadata or by looking for a redirect URL in the the queryString of the incoming request.

Release Note

RELEASE NOTE: ADD Ability to specify redirect after authorization in Oauth2 Middleware.

drewby avatar Mar 06 '23 02:03 drewby

/assign

SpikeWong avatar Mar 19 '23 01:03 SpikeWong

To confirm, what I need to do is allow the user to define a fixed redirect url in the meta, and if the user also provides a redirect url in the query param, I'll use the redirect url in the query param

SpikeWong avatar Mar 19 '23 01:03 SpikeWong

@ItalyPaleAle

SpikeWong avatar Mar 26 '23 14:03 SpikeWong

@SpikeWong I'm ok with that if you want to work on it! Thanks :)

Note that we also have a bunch of work schedule for this middleware for 1.11: #2635

ItalyPaleAle avatar Mar 26 '23 15:03 ItalyPaleAle

any solution idea or fixing in progress?

ParrySMS avatar Oct 27 '23 08:10 ParrySMS