Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

redirectUri not being used #9

Open
lgleim opened this issue May 9, 2017 · 0 comments
Open

redirectUri not being used #9

lgleim opened this issue May 9, 2017 · 0 comments

Comments

@lgleim
Copy link

lgleim commented May 9, 2017

When supplying a custom redirectUrl to Meteor.logInWithOidc(options,callback), i.e.

let options = {
  loginStyle: 'redirect',
  redirectUrl: location.protocol + '//' + location.host //location.origin
}

the redirectUrl is ignored.

The behavior I would expect to see is:

  1. I call Meteor.logInWithOidc(options,callback) with my redirectUrl='http://myapplication' (as is implemented)
  2. My browser is redirected to the Oidc Identity Provider for user authorization with redirectUrl='https://meteorserver/_oauth/oidc' (as is implemented)
  3. Meteor makes an out-of-band request to the Identity Provider to exchange the authorization code for oidc tokens (as is implemented)
  4. After Meteor processes the received tokens my browser is redirected to the Url I initially provided, i.e. http://myapplication. This does not work.

Step 4 is what should be configurable. The redirectUrl can of course not be provided by the client, as this would allow arbitray (malicious) clients to authenticate via Meteor but it should be available as a service configuration parameter.

Could you please help me out here? Looking forward to your feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant