[jira] [Updated] (SLING-12993) Support redirect Parameter in OIDC Authentication Handler

Wed, 03 Dec 2025 04:25:07 -0800 


     [ 
https://issues.apache.org/jira/browse/SLING-12993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nicola Scendoni updated SLING-12993:
------------------------------------
    Summary: Support redirect Parameter in OIDC Authentication Handler  (was: 
Support oidc_request_path Parameter in OIDC Authentication Handler)

> Support redirect Parameter in OIDC Authentication Handler
> ---------------------------------------------------------
>
>                 Key: SLING-12993
>                 URL: https://issues.apache.org/jira/browse/SLING-12993
>             Project: Sling
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: Nicola Scendoni
>            Assignee: Nicola Scendoni
>            Priority: Major
>             Fix For: OAuth Client 0.1.8
>
>
> Currently, the *OIDC Authentication Handler* redirects the user to the 
> originally requested resource after successful authentication. This is 
> typically the URL that triggered the authentication challenge (e.g., a 
> protected page).
> However, there are use cases where the login process is triggered *from a 
> public page* (e.g., a “Login” button on a homepage or marketing site) and the 
> user is *expected to return to that same page* after authentication — not 
> necessarily the protected resource that initiated the OIDC login flow.
> h4. *Use Case*
> Example scenario:
>  * A user browses a *public page* (e.g., /content/public/home.html).
>  * They click a “Sign In” button that triggers 
> /system/sling/login?resource=/content/secure/dashboard.html to start the OIDC 
> login.
>  * After successful login, they are redirected to 
> /content/secure/dashboard.html.
>  * However, for this case, we might prefer to redirect the user *back to the 
> public page* they started from, e.g., /content/public/home.html.
> h4. *Proposed Enhancement*
> Introduce an *optional request parameter* named oidc_request_path.
>  * *Parameter name:* oidc_request_path
>  * *Type:* String (URL or path)
>  * *Usage:* When present in the initial OIDC login request, this value 
> overrides the default post-login redirect path.
> Remark: the redirect url must be validated to be a relative url.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to