-
Notifications
You must be signed in to change notification settings - Fork 421
Return to the URL of the page the user was in after signing in #52
Comments
Refactored so that the redirection on signin is handled only in once place, in ./pages/auth/signin (previously it was handled sepreately client and server side in multiple files). This reduces complexity and makes changing the page users are re-directed to on sign in easier as it only needs to be changed in once place now. This also makes making process on #52 easier if that’s something we want to pick up on in future.
For now, I've migrated the redirect logic into the existing The next step is to create All sign in pages (oauth, email) which currently point to Once this is done, we can update the logic so the current path is saved either in the callback URL or in a cookie (we don't want to use localStorage as it's not accessible with 'private browsing' enabled) and then |
* All sign in routes - including email sign in - now redirect to /auth/callback, which in turn handles final routing. * After signing in users are now redirected to the homepage, whcih is now is configurable in a single place (callback.js). * After linking and unlinking an account users are now *also* redirected to /. This is not ideal, as it should instead send them to the account page, but that will be addressed in when work on issue #52 is complete. * The error page to handle non configured oAuth providers is now in /auth/error/not-configured along with the other auth error handling pages.
I've now added a |
This is now resolved in release 3.5.1. Users are now sent back to the page they were on once they sign in. This is done by setting cookie so it works for all providers - including oAuth providers that don’t let you pass URL params and over email, without needing to pass the URL the original email (encrypted or otherwise) and also so it works for clients in private browsing mode (where you can't use localStorage). Logic in the account page sets the redirect value to /account so that when linking/unlinking oAuth accounts users are sent back to the account page after linking/unlinking. The behaviour for non-JavaScript clients is somewhat basic. They can still login but are not currently redirected back to the page they came from. It’s probably not worth the additional work to support this specific feature for users without JavaScript enabled (the site otherwise forks fine for them though - they can still sign in and out and view and update their profile). Note also that many oAuth service - including Facebook and Google+ - require JavaScript to be enabled to sign in or to link accounts. This is a limitation of those services and there is no workaround for that. |
Instead of just directing to the profile page, we want to save the URL of the current page in a callback URL so that after a user is bounced to an oAuth service (or clicks a link in email) they are directed back to the page they were on after being signed in.
A good way to do this would be to create a route like
/auth/callback
which loads the session into the client before doing a redirection.We'd want to do something like Base 64 encode the current URL as a param and preserve any query string parameters.
The text was updated successfully, but these errors were encountered: