Include support for run-time params to be included in the generated URLs #136
Conversation
|
This is an interesting idea. A more general approach might be appropriate here that would enable override or merge of all available options during a call to |
|
Generally speaking, that is what is being done here, except, internally, the options object isn't being mutated, but the mutation is happening after all the internal work is already done. This preserves the current structure of the code. If I understand you correctly, you're saying to pass an @pdspicer are you in a position to do such a refactor? |
|
I wouldn't suggest mutating anything either, I am in favor of possibly changing |
|
Is this branch still the direction we might go with this, or is there another branch that is favored? I'd like to support my scenario in master if possible as I see there are some other nice upgrades to dependencies I'd like to take on; maybe even get something like this in before the next release. |
|
@markstos Do you have any feedback on the direction you'd like to see this PR taken? |
|
@cjbarth I'm in favor if the flexibility you are suggesting. What does the SAML spec have to say about it? Is functionality mentioned in the spec? Is this useful with a standards-compliant IdP? Specific links or section number references to the SAML spec are helpful if they apply. You mentioned a "query string parameter to pre-populate the username field on the IdP" Is there a particular IdP that you have in mind that that supports that? |
|
@markstos I'm federated against ADFS and it supports a query string to pre-populate the user name field. Here is some documentation: |
cjbarth
force-pushed
the
session-url-params
branch
from
09cc7b9 to
aa29f86
Compare
|
I'm getting back into this PR to clean it up and get it landed. It seems that there are two ways to approach this:
This PR takes the approach that only query string parameters will be mutable on a per-request basis (1). Some of the comments by @pdspicer favor a more general approach to allow modification of all options on a per request basis (2). I can see justification for (2), but I can also see why we might want, as a library, to dictate that once the federation is initialized, the options related to the federation won't change i.e. have the federation-related options be an invariant and only allow mutation of the URL. Which level of override is preferred? |
|
Level 1. We can add more flexibility later. Could you rebase this branch onto master as a single and get rid of the merge commit on this branch? Also, I think the updated docs could be clearer:
Could you update the docs with an example that shows the additional query params being passed in? Thanks. |
cjbarth
force-pushed
the
session-url-params
branch
from
65d6ec8 to
facb063
Compare
|
@markstos I've pushed changed in line with your suggestions. Does that look good? |
|
@cjbarth Looks good. I'm going to merge. Thanks. |
In order to include information specific to a request in the URL, for example, a query string parameter to pre-populate the username field on the IdP, the URL needs to be built with parameters available only when the
authenticatemethod is called. Currently only parameters available at application start are available to be added as query string parameters when the URL is built.