Auth improvements #2105
Merged
Auth improvements #2105
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This allows us to use CP's oauth login service on multiple allowed boxes instead of one static one
We no longer need to log people out with this because they haven't been able to log _in_ with it for over a month.
If you kick a user into the login or signup flow from where they are, all we need to do is add a redirect_uri query paramater for /login or /signup with the path that we want them sent to when we're done.
deathbearbrown
approved these changes
Jul 7, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR has 3 different auth improvements:
Add ReturnUrl to our login redirect to the CP side. This allows use the authentication service to redirect back to a WHITELISTED url of our choice.
Remove the samlu saml cookie clearer. We don't use this cookie anymore. We don't have this login type anymore. It's been more than 30 days. It should've expired for everybody anyway.
If we're redirecting somebody to a login or signup flow, we can add redirect_uri to that and they'll come back to that path when they are finished instead of just the home page.