chore(ui): use static OIDC redirect URI

ncarlier · Oct 17, 2023 · 7effc55 · 7effc55
1 parent 502b91c
commit 7effc55
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 20 deletions.
diff --git a/ui/src/auth/AuthProvider.tsx b/ui/src/auth/AuthProvider.tsx
@@ -17,6 +17,8 @@ interface AuthContextType {
   logout: (args?: SignoutRedirectArgs) => Promise<void>
 }
 
+const redirectKey = 'readflow.redirect'
+
 const AuthContext = createContext<AuthContextType>({} as AuthContextType)
 
 export const AuthProvider: FC<PropsWithChildren> = ({ children }) => {
@@ -27,7 +29,15 @@ export const AuthProvider: FC<PropsWithChildren> = ({ children }) => {
   const { search } = useLocation()
   const history = useHistory()
 
-  const login = useCallback(userManager.signinRedirect.bind(userManager), [userManager])
+  const login = useCallback(async () => {
+    try {
+      localStorage.setItem(redirectKey, JSON.stringify(history.location))
+      console.debug('saving location', JSON.stringify(history.location))
+      await userManager.signinRedirect()
+    } catch (err) {
+      setError(err)
+    }
+  }, [userManager])
   const logout = useCallback(userManager.signoutRedirect.bind(userManager), [userManager])
   const handleLoginFlow = useCallback(async () => {
     setIsLoading(true)
@@ -45,30 +55,34 @@ export const AuthProvider: FC<PropsWithChildren> = ({ children }) => {
         console.info('callback from Authority server: sign in...')
         const user = await userManager.signinCallback()
         if (user) {
-          console.debug('logged user:', user.profile?.preferred_username)
-          clearAuthParams(params)
+          console.debug('logged user:', user.profile?.sub)
           setUser(user)
-          history.replace({
-            search: params.toString(),
+          const redirect = localStorage.getItem(redirectKey)
+          if (redirect) {
+            localStorage.removeItem(redirectKey)
+            console.debug('restoring location', redirect)
+            return history.replace(JSON.parse(redirect))
+          }
+          return history.replace({
+            search: clearAuthParams(params),
           })
-          return
         }
       }
       // otherwise handle user state:
       const user = await userManager.getUser()
       if (user) {
-        console.debug('authenticated user:', user?.profile.preferred_username)
+        console.debug('authenticated user:', user?.profile.sub)
         setUser(user)
       } else {
         console.info('user not authenticated, redirecting to sign-in page...')
-        await userManager.signinRedirect()
+        login()
       }
     } catch (err) {
       setError(err)
     } finally {
       setIsLoading(false)
     }
-  }, [userManager, search])
+  }, [userManager, search, login])
 
   // main login flow
   const didInitialize = useRef<boolean>(false)

diff --git a/ui/src/auth/helper.ts b/ui/src/auth/helper.ts
@@ -1,9 +1,9 @@
 
 const authParams = ['code', 'state', 'session_state', 'error'] as const
 
-export const clearAuthParams = (params: URLSearchParams): URLSearchParams => {
+export const clearAuthParams = (params: URLSearchParams): string => {
   authParams.forEach(param => params.delete(param))
-  return params
+  return params.toString()
 }
 
 export const hasAuthParams = (params: URLSearchParams): boolean => {
@@ -14,10 +14,3 @@ export const hasAuthParams = (params: URLSearchParams): boolean => {
   }
   return false
 }
-
-export const getCleanedRedirectURI = (href: string): string => {
-  const url = new URL(href)
-  clearAuthParams(url.searchParams)
-  console.debug('computed redirect URI:', url.href)
-  return url.href
-}
diff --git a/ui/src/auth/oidc-configuration.ts b/ui/src/auth/oidc-configuration.ts
@@ -1,11 +1,10 @@
 import { UserManagerSettings } from 'oidc-client-ts'
 import { AUTHORITY, CLIENT_ID } from '../config'
-import { getCleanedRedirectURI } from './helper'
 
 export const config: UserManagerSettings = {
   authority: AUTHORITY,
   client_id: CLIENT_ID,
-  redirect_uri: getCleanedRedirectURI(document.location.href),
+  redirect_uri: `${document.location.origin}/login`,
   monitorSession: document.location.hostname !== 'localhost',
   response_type: 'code',
   scope: 'openid',