nuxt-oidc-auth icon indicating copy to clipboard operation
nuxt-oidc-auth copied to clipboard
verified publisher icon itpropro

Redirecting to originally blocked URL after login

Open kryopix opened this issue 1 year ago • 2 comments

Hello,

I am using the nuxt-oidc-auth module in my Nuxt application and I’m wondering if it’s possible to redirect users back to the originally blocked URL after logging in via a provider (e.g., Keycloak), instead of redirecting them to a predefined page (e.g., redirectUri).

In sidebase/nuxt-auth, there is an option addDefaultCallbackUrl, which I tested, and it worked out of the box as expected. It is described in the documentation as follows:

addDefaultCallbackUrl
Type: boolean | string
Default: true
Whether to add a callbackUrl to sign in requests. Setting this to a string-value will result in that being used as the callbackUrl path. Setting this to true will result in the blocked original target path being chosen (if it can be determined).

Is this behavior possible with nuxt-oidc-auth, or is there a way to achieve this through middleware?

Here are my current Nuxt settings:

oidc: {
  defaultProvider: 'keycloak',
  providers: {
    keycloak: {
      audience: 'account',
      baseUrl: '',
      clientId: '',
      clientSecret: '',
      redirectUri: 'http://localhost:3200/auth/keycloak/callback',
      logoutRedirectUri: 'http://localhost:3200',
      userNameClaim: 'name'
    }
  },
  middleware: {
    globalMiddlewareEnabled: true,
    customLoginPage: false
  },
  session: {
    expirationCheck: true,
    automaticRefresh: true,
    maxAge: 0,
    cookie: {
      sameSite: 'strict',
      secure: true
    }
  }
}

I would prefer to use nuxt-oidc-auth as it works better for my use case and has more features, but I miss this functionality. Is there a way to replicate the behavior of sidebase/nuxt-auth, or can it be implemented via middleware?

Thanks in advance! I really appreciate all the hard work that has gone into this module - it’s been fantastic to work with.

kryopix avatar Oct 18 '24 09:10 kryopix

An additionally useful feature is to add an override parameter for the redirect URI to the login() function to allow setting the page where the user is redirected differently for different pages, for example like this:

  • if "Sign in" button located at https://example.com/page1 is clicked: 
    login(provider, { redirectUriOverride: "/page2" })
  • if "Sign in" button located at https://example.com/page3 is clicked: 
    login(provider, { redirectUriOverride: "/page4" })

A similar option should also be available for logout.

This would give the developer more freedom to redirect users to the most suitable page depending on context. For example, in the user account management a "Delete account" button could first request a token with higher privileges (that requires re-authentication) from the identity provider, and then redirect to a page that actually deletes the account using an API request that need this token with higher privileges.

patrsc avatar Oct 23 '24 05:10 patrsc

Great idea! I will add this to the backlog, I think redirecting to the original URL would be a good addition in user experience.

itpropro avatar Oct 24 '24 15:10 itpropro