[
https://issues.apache.org/jira/browse/SLING-12993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nicola Scendoni updated SLING-12993:
------------------------------------
Description:
Currently, the *OIDC Authentication Handler* redirects the user to the
originally requested resource after successful authentication. This is
typically the URL that triggered the authentication challenge (e.g., a
protected page).
However, there are use cases where the login process is triggered *from a
public page* (e.g., a “Login” button on a homepage or marketing site) and the
user is *expected to return to that same page* after authentication — not
necessarily the protected resource that initiated the OIDC login flow.
h4. *Use Case*
Example scenario:
* A user browses a *public page* (e.g., /content/public/home.html).
* They click a “Sign In” button that triggers
/system/sling/login?resource=/content/secure/dashboard.html to start the OIDC
login.
* After successful login, they are redirected to
/content/secure/dashboard.html.
* However, for this case, we might prefer to redirect the user *back to the
public page* they started from, e.g., /content/public/home.html.
h4. *Proposed Enhancement*
Introduce an *optional request parameter* named redirect.
* *Parameter name:* redirect
* *Type:* String (URL or path)
* *Usage:* When present in the initial OIDC login request, this value
overrides the default post-login redirect path.
Remark: the redirect url must be validated to be a relative url.
was:
Currently, the *OIDC Authentication Handler* redirects the user to the
originally requested resource after successful authentication. This is
typically the URL that triggered the authentication challenge (e.g., a
protected page).
However, there are use cases where the login process is triggered *from a
public page* (e.g., a “Login” button on a homepage or marketing site) and the
user is *expected to return to that same page* after authentication — not
necessarily the protected resource that initiated the OIDC login flow.
h4. *Use Case*
Example scenario:
* A user browses a *public page* (e.g., /content/public/home.html).
* They click a “Sign In” button that triggers
/system/sling/login?resource=/content/secure/dashboard.html to start the OIDC
login.
* After successful login, they are redirected to
/content/secure/dashboard.html.
* However, for this case, we might prefer to redirect the user *back to the
public page* they started from, e.g., /content/public/home.html.
h4. *Proposed Enhancement*
Introduce an *optional request parameter* named oidc_request_path.
* *Parameter name:* oidc_request_path
* *Type:* String (URL or path)
* *Usage:* When present in the initial OIDC login request, this value
overrides the default post-login redirect path.
Remark: the redirect url must be validated to be a relative url.
> Support redirect Parameter in OIDC Authentication Handler
> ---------------------------------------------------------
>
> Key: SLING-12993
> URL: https://issues.apache.org/jira/browse/SLING-12993
> Project: Sling
> Issue Type: Improvement
> Components: Extensions
> Reporter: Nicola Scendoni
> Assignee: Nicola Scendoni
> Priority: Major
> Fix For: OAuth Client 0.1.8
>
>
> Currently, the *OIDC Authentication Handler* redirects the user to the
> originally requested resource after successful authentication. This is
> typically the URL that triggered the authentication challenge (e.g., a
> protected page).
> However, there are use cases where the login process is triggered *from a
> public page* (e.g., a “Login” button on a homepage or marketing site) and the
> user is *expected to return to that same page* after authentication — not
> necessarily the protected resource that initiated the OIDC login flow.
> h4. *Use Case*
> Example scenario:
> * A user browses a *public page* (e.g., /content/public/home.html).
> * They click a “Sign In” button that triggers
> /system/sling/login?resource=/content/secure/dashboard.html to start the OIDC
> login.
> * After successful login, they are redirected to
> /content/secure/dashboard.html.
> * However, for this case, we might prefer to redirect the user *back to the
> public page* they started from, e.g., /content/public/home.html.
> h4. *Proposed Enhancement*
> Introduce an *optional request parameter* named redirect.
> * *Parameter name:* redirect
> * *Type:* String (URL or path)
> * *Usage:* When present in the initial OIDC login request, this value
> overrides the default post-login redirect path.
> Remark: the redirect url must be validated to be a relative url.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
