zamzterz
Problem: Incorrect redirect URL after successful login
We have encountered an issue after upgrading from 3.11.0 to 3.14.3.
Our application is hosted on a subpath (e.g. https://x.x.x.x/abc). After moving onto 3.14.3, we found that after user successfully login via ADFS, the application does not get redirected back to the original destination (i.e. https://x.x.x.x/abc), instead it redirects back to https://x.x.x.x with the subpath missing.
I found a change in 3.12.1 was done to fixed redirect URI corruption, not sure if this is related.
The destination endpoint is temporarily stored in session cookies. The callback endpoint after successful authentication redirects the user to the stored destination. What is the value of your OIDC_REDIRECT_URI? Is your identity provider correctly redirecting back to OIDC_REDIRECT_URI after successful authentication?
I found the issue is caused by the pull-request #169
# 3.14.1
flask.session['destination'] = flask.request.url
# 3.14.3
flask.session['destination'] = flask.request.full_path
For my use case the flask.request.full_path was returning /? which broken the redirection after successful authentication. I have downgrade to 3.14.1 for now as temp workaround.
Thanks for figuring it out. The change was made by this PR:
- gh-169
I will add a fix to address your issue.
I am not able to reproduce your issue. It redirects back to the destination where you were at before you are redirected to the identity provider. So all paths, subpaths, path params and query params remain preserved. Flask properly handles empty query param so a redirect to /abc? will be routed to https://x.x.x.x/abc.