Comments (2)
jordanst3wart
commented on June 26, 2024
1
Yeah, the number 2. sample works as expected.
Thanks for your time! Closing
from express-openid-connect.
adamjmcgrath
commented on June 26, 2024
Hi @jordanst3wart - thanks for raising this
This behaviour is as designed, we don't use the referrer header in the returnTo by default because the referrer header can be a third party (eg if google linked to your login page, you would return to google after login) - if you want this behaviour you can override the default login route behaviour, see https://github.com/auth0/express-openid-connect/blob/master/EXAMPLES.md#3-route-customization
The baseUrl is used as the returnTo value as a default, when it should be the "originalUrl" the request came from.
The error is here. It should use returnTo if defined or originalUrl:
originalUrl in this instance is the /login route - so if you returned to that page after login you would be stuck in an infinite loop
This is a regression of this fix: #95
There is no regression, this behaviour works as designed. When you protect a route with requiresAuth - you will be returned to that route after login (this is the behaviour that was fixed in #95) see https://github.com/auth0/express-openid-connect/blob/master/EXAMPLES.md#2-require-authentication-for-specific-routes
from express-openid-connect.
Related Issues (20)
- Auth flow doesn't complete when using AWS Lambda HOT 2
- Use of sync api HOT 1
- Incorrect forwarding with reverse proxy after callback HOT 5
- AggregateError: Issuer.discover() failed HOT 2
- ES6 Modules are not yet supported completely. HOT 1
- Timeout issues when calling `/oauth/token` and/or `.well-known/openid-configuration` HOT 4
- node crypto hkdfSync vs hkdf HOT 2
- Continue Signed In Functionality HOT 3
- code samples, an interface, or middleware for fastify (express is becoming legacy) HOT 1
- checks.state argument is missing HOT 2
- Allow logout_hint instead of id_token_hint HOT 3
- BadRequestError: checks.state argument is missing HOT 2
- Have a way to configure different domain for refreshing token and accessing login page HOT 1
- Deprecation warning (promisify) when upgrading to Node v21.6.0
- Documentation gaps (readme.md), is this framework ONLY for auth0, or can work with any OIDC provider? HOT 3
- Request for support of rotating ID Token algorithm HOT 2
- Unable to perform error handling for custom session store.
- Remove hard-coded logout endpoint for broader provider compatibility HOT 2
- AuthorizationParameters.nonce is discarded.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express-openid-connect.