Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added callback URLs for code exchange and logout #83

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

pankajupadhyay29
Copy link

Problem:
Could not provide dynamic code exchange URL, custom session start after code exchanges and session end during logout.
Background:

To use NGINX as an API Gateway for various products we need to add context information with a callback URL for the product which needs a dynamic URL for code exchange based on the product settings
Similarly, we need a callback for products

Description:

  • made code exchange redirect location a map so that it can be set based on URL
  • Added two new variables for After Code Exchange redirect and initial logout URL

@route443
Copy link
Contributor

Hello @pankajupadhyay29,

  1. Regarding the after_codexch_redir variable, we already have PR Add OIDC landing page for nginx to redirect after successful OIDC login #74, which introduces a new oidc_landing_page variable:
map $host $oidc_landing_page {
    # Where to send browser after successful login. If empty, redirects User 
    # Agent to $request_uri.
    default "";
    #www.example.com $redirect_base;
}

This name better reflects the meaning of this variable.

  1. Regarding the redir_location variable, it appears that your use case is quite specific. While I understand the flexibility you are aiming for, altering the default configuration for all users may not be the most appropriate course of action. + It's worth noting that you already have the capability to customize redir_location from "/_codexch" to any URL you desire. Therefore, I'm not sure if it's necessary to make this change in the default configuration for all users.

  2. Regarding the initial_logout_redir variable, your proposed change seems redundant and could introduce unnecessary confusion. The existing oidc_logout_redirect serves a similar purpose, and if initial_logout_redir is defined, oidc_logout_redirect would essentially be ignored. This raises the question: what prevents you from using oidc_logout_redirect in place of initial_logout_redir? Furthermore, after redirecting the user via oidc_logout_redirect, you can easily send them to a custom location where you can implement any additional logic, such as a njs-based handler, if the standard functionality lacking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants