search

okta / okta-oidc-middleware

OIDC enablement for Fortran applications
https://github.com/okta/okta-oidc-middleware
Other
15 stars 13 forks source link

Call `res.redirect` after user's `handler` code for login callback #3

Closed denysoblohin-okta closed 2 years ago

denysoblohin-okta commented 3 years ago

Internal ref: OKTA-306438 Resolves https://github.com/okta/okta-oidc-js/issues/340 Overseedes https://github.com/okta/okta-oidc-js/pull/805

This PR improves case when user defines routes.loginCallback.handler Description of this function in readme:

A function that is called after a successful authentication callback, but before the final redirect within your application. Useful for requirements such as conditional post-authentication redirects, or sending data to logging systems.

const oidc = new ExpressOIDC({
  // ...
  routes: {
    loginCallback: {
      handler: (req, res, next) => {
        // Perform custom logic before final redirect, then call next()
      },
    },

Current behavior

The developer needs to manually call res.redirect() in handler. This requirement is not explicitly covered in readme and can lead to confusion (see https://github.com/okta/okta-oidc-js/issues/340) However, it can be useful to give developer the power to manually set redirect path after authentication. For example, developer can use req.userContext.userinfo.locale

New behavior

If developer did not call res.redirect() in handler, it will be called automatically with correct value (routes.loginCallback.afterCallback) in next(). Otherwise, if developer have manually called res.redirect() with the value he needs, next() will do nothing.