3sGgpQ8H
commented
4 years ago It seems that Content-Location does not work this way. Probably window.history.pushState in body onload could be used instead.
Open 3sGgpQ8H opened 4 years ago
3sGgpQ8H
commented
4 years ago It seems that Content-Location does not work this way. Probably window.history.pushState in body onload could be used instead.
After successful or unsuccessful OAuth 2.0 authentication, the user is redirected back to the original application at so called callback URL, where cloudfront-auth verifies response code, nonce etc. In case callback verification fails, an error message is shown to the user at callback URL. If user reloads the page, cloudfront-auth does not perform new OAuth request, but instead just verifies again the same callback parameters whose verification already failed.
The callback URL, when showing error, should output Content-Location header referring to the original URL user started with, so pressing reload will reload that original URL and restart authentication process.