Open some-user123 opened 10 months ago
Hi, can you save the state in LocalStorage or SessionStorage?
Btw, can you provide some additional details? It would help better understand your user scenario.
There are two aspects to it:
OIDC has the state
parameter and it should be used with an opaque string that is validated on callback to prevent certain types of attacks (https://medium.com/keycloak/the-importance-of-the-state-parameter-in-oauth-5419c94bef4c, https://stackoverflow.com/questions/35165793/what-attack-does-the-state-parameter-in-openid-connect-server-flow-prevent, https://auth0.com/docs/secure/attack-protection/state-parameters, ...). That should be supported by Logto and ideally implemented in the SDK as well.
It would be nice a nice feature if the extended SDK would handle the storage and retrieval of additional state information based on this opaque token. Such functionality is e.g. implemented by the client library oidc-client-ts
(https://authts.github.io/oidc-client-ts/). It allows you to pass additional state to the login request that is returned after successful/failed login attempt: https://authts.github.io/oidc-client-ts/#md:custom-state-in-user-object
Does that clarify?
Thanks, the team will take a discussion next week after the vacation.
What problem did you meet?
User is navigating directly to a protected route, e.g.
example.com/some/deep/link
and automatically forwarded to login. When handling the callback I'd like to be able to redirect the user to the original URL.Describe what you'd like Logto to have
To my knowledge OIDC, usually allows to pass a state through the login step that is given back to the callback.
Using the vue SDK, I'd like to have the option to pass an additional
state
object tosignIn
method that is available touseHandleSignInCallback
.