Feature requests: Custom redirect logins, login state and custom scopes

SrMouraSilva commented 2 years ago

Feature requests

Hello! I want to request the possibility to add:

Obs: I'm using @axa-fr/react-oidc-context v3

Custom redirect logins

Suppose that I access a specific page of an application

https://myapplication.com/users/123/edit

but I'm not signed... Then the application will move me to the login page. After I'm logged, I expect that the redirect page is the page that I was tried to access.

Currently, the redirect page is always the defined redirect url in configuration (If I understood).

Looking the v4, I saw the following example:

# https://github.com/AxaGuilDEv/react-oidc/blob/e18a4428959e611e0317d8bb9cf659acc2f78785/packages/context/API.md
{!isLogged && <button type="button" className="btn btn-primary" onClick={() => login('/profile')}>Login</button>}

That apparently will be support of it. But I also saw this description:

# https://github.com/AxaGuilDEv/react-oidc/blob/feature/v4/packages/context/API.md
* login : Function without parameter that launch the redirect authentication

Login state

I'm using the hook version. When I was tried to login with signinSilent

const { oidcUser, isEnabled, logout, login, signinSilent } = useReactOidc();

return <Button onClick={() => signinSilent()}>Login</Button>

I noticed an error Uncaught (in promise) ErrorResponse: login_required in console, but I couldn't access the error (or nether the login request state). I would like to use login as a fallback of the signinSilent.

Apparently, at the version 4 the login function returns a promise. But isn't clear how it will work (it will be silent or not silent or both?).

Custom scopes

I also want to the login method add custom scopes. Usage example:

Suppose that in my application I'm using the following scopes: openid read. In a specific moment, an user want to access the admin area of the application, this area is only enable if the user contains the admin special scope. By authorization restriction, I an application want to use the admin scope, the OIDC server will request to the user if their permits its use. So, my application will only request this special scope when the user press the button Admin area. This process is done by requesting again the login, but informing the additional admin scope.

const { oidcUser, isEnabled, logout, login, signinSilent } = useReactOidc();

return <Button onClick={() => login('/admin', {scopes: 'openid read admin'})}>Admin area</Button>

Not force login

I want to the my application do this following flow:

If a user acess some page, and isn't logged, it will be redirect for my login page (note OIDC login server page).
If the user press the login button in login page, then it will be redirected to the OIDC login server page.

I tried, but only did when <AuthenticationProvider isEnabled={false}. I noticed that after is logged, the isEnabled continues to be false.

const { isEnabled } = useReactOidc();
console.log(isEnabled) // false

I don't know if it is disabled will occur some problem, like token won't be refreshed.

If is a problem, I expect that exists some option in <OidcSecure> to don't force the login.

Versions

v3 / v4?

Additional Details

Installed packages: @axa-fr/react-oidc-context v3

guillaume-chervet commented 2 years ago

Hi @SrMouraSilva,

Thank you very much for your awesome and rich issue !

I just merge the v4 to master. It is stable now. I will remove beta as soon as I have finished migration guide and added more unittest.

Try the v4 demo, I think it do what you need to do => https://github.com/AxaGuilDEv/react-oidc#run-the-demo

guillaume-chervet commented 2 years ago

Here you can find a demo https://black-rock-0dc6b0d03.1.azurestaticapps.net/

AxaFrance / oidc-client