Open dunkOnIT opened 1 year ago
gregorbg
commented
1 year ago Relevant information for people who want to take a shot at implementing: https://github.com/heartcombo/devise/wiki/How-To:-%5BRedirect-back-to-current-page-after-sign-in,-sign-out,-sign-up,-update%5D
FinnIckler
commented
1 year ago Isn't this an issue with statistics not with the WCA oauth implementation?
Randomno
commented
1 year ago I believe the example is but in general, clicking the sign in button on the WCA site should include a redirect
FinnIckler
commented
1 year ago yes, but is it up to statistics to set to correct redirect URL. Otherwise redirects wouldn't work at all
Randomno
commented
1 year ago I was thinking outside the stats page though. For example you go to a competition page to register, realise you are not logged in, press Sign in, afterwards you are redirected back to the comp page.
FinnIckler
commented
1 year ago I just tested that and that works. When you login on a register page you will get redirected back to the register page after logging in
gregorbg
commented
1 year ago I just tested that and that works. When you login on a register page you will get redirected back to the register page after logging in
Curious, it should not work like that.
gregorbg
commented
1 year ago Nope, no clue what you encountered but it was sheer luck. Normally, you definitely get thrown to the homepage after login.
Randomno
commented
1 year ago 
This button?
Another bad example I guess. My first example (that I edited) was accepting registrations for a competition. In that instance you would want to be sent right back to the competition page. Is there any instance where it shouldn't redirect? Being sent back to the home page isn't very useful.
FinnIckler
commented
1 year ago Yes, this button will always bring you back to the register page after signing in
gregorbg
commented
1 year ago It is important to point out the difference between OAuth login an on-premise login (i.e. casually browsing our website and clicking the "Login" button on the top right of the page)
OAuth has redirect URLs, and I am very confident that those are actually honored because we use a widely spread OAuth third party integration tool. If something about redirect URLs there was broken, the wider Ruby on Rails community would be affected and there would likely be a fast fix. In the example from the original post. it's really probably Alexandre's statistics website not setting the redirect URL correctly.
On premise logins use Devise user management, which does not set any redirect URL by default. The sign-in button is one of the very few exceptions, most likely it was a spontaneous soluton to a user complaint. But it is not a general feature of the wider website.
FinnIckler
commented
1 year ago Then I think we should have two different issues. One is on the statistics repo about adding a redirect URL and one is to add a redirect to all the logins on the main page
dunkOnIT
Redirect parameters should be present on every login. The absence of this makes the entire process a bit more cumbersome and potentially confusing for people who are not used to the platform.
For example, take this process:
It is a bit counterintuitive. The same happens for any instance of login.
Originally posted by @GuidoDipietro in https://github.com/thewca/worldcubeassociation.org/issues/6777#issuecomment-1311769349
The above issue relates to the statistics page (see this Issue), but the problem also exists on the WCA website, per Gregor's explanation: