search

dapr / components-contrib

Community driven, reusable components for distributed apps
Apache License 2.0
545 stars 473 forks source link

Oauth2 Middleware control over redirect at end of auth code grant flow #2634

Open drewby opened 1 year ago

drewby commented 1 year ago

Describe the feature

During auth code grant flow, Oauth2 middleware saves the incoming URL at the beginning of the flow. It then redirects to that URL at the end of the flow. However, this incoming URL may be a rewrite at ingress or some other internal cluster URL.

This is where incoming URL is saved: https://github.com/dapr/components-contrib/blob/f2a9e30cddca28d4888475fcf40da1a8ab12ef1b/middleware/http/oauth2/oauth2_middleware.go#LL105C5-L105C37

This feature would allow for control over the redirect at the end of the flow either by providing a fixed redirect in the middleware metadata or by looking for a redirect URL in the the queryString of the incoming request.

Release Note

RELEASE NOTE: ADD Ability to specify redirect after authorization in Oauth2 Middleware.

SpikeWong commented 1 year ago

/assign

SpikeWong commented 1 year ago

To confirm, what I need to do is allow the user to define a fixed redirect url in the meta, and if the user also provides a redirect url in the query param, I'll use the redirect url in the query param

SpikeWong commented 1 year ago

@ItalyPaleAle

ItalyPaleAle commented 1 year ago

@SpikeWong I'm ok with that if you want to work on it! Thanks :)

Note that we also have a bunch of work schedule for this middleware for 1.11: #2635

ParrySMS commented 11 months ago

any solution idea or fixing in progress?