Closed jojenki closed 11 years ago
Another method is for the clientside login app to return to the document.referrer
after successful auth.
We thought about that, but we think it will work better with existing systems to just handle it at the browser level. Can you think of a major disadvantage to doing it this way?
If you are using ajax to call auth_token, then the redirect will not be very helpful because it redirects the ajax request instead of the browser.
Per cens/ohmageServer#478 and cens/ohmageFrontEnd#262, we are adding a redirect URI parameter to allow another site on the same domain to tell the login page where the user should be redirected after successful authentication.
The front end will send this URI to /app/user/auth_token as an optional parameter. Upon successful authentication, a 302 will be returned redirecting the user back to that URI.