Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: login_hint #1369

Closed
bard opened this issue Sep 18, 2021 · 5 comments
Closed

Feature Request: login_hint #1369

bard opened this issue Sep 18, 2021 · 5 comments
Labels
Stale

Comments

@bard
Copy link

bard commented Sep 18, 2021

Expected Behavior

The optional login_hint URL parameter (spec) gets relayed to the identity provider:

$ curl -I https://example.com/oauth2/start?login_hint=bob@example.com
HTTP/2 302 
location: https://id.example.com/auth/realms/example/protocol/openid-connect/auth?
approval_prompt=force&client_id=oauth2proxy&login_hint=bob%40example.com&redirect_uri=...

Current Behavior

The login_hint parameter is lost:

$ curl -I https://example.com/oauth2/start?login_hint=bob@example.com
HTTP/2 302 
location: https://id.example.com/auth/realms/example/protocol/openid-connect/auth?
approval_prompt=force&client_id=oauth2proxy&redirect_uri=...

Possible Solution

The naïve implementation I'm currently using: bard/oauth2-proxy@master...login_hint

Context

This would decrease friction and mistakes during business flows such as invitation, or admin-created accounts with temporary password:

Example without login_hint:

  1. receive email that says "log in here [https://example.com/oauth2/start] with your email address bob@example.com and invitation code ABC123"
  2. user clicks on link and is redirected to id.example.com
  3. user enters email (hopefully the same as mentioned by the invitation email; and hopefully without mistakes)
  4. user enters invitation code

Example with login_hint:

  1. receive email that says "log in here [https://example.com/oauth2/start?login_hint=bob@example.com] with invitation code ABC123"
  2. user clicks on link and is redirected to id.example.com
  3. user enters invitation code

Your Environment

  • Version used: 7.1.3
@ianroberts
Copy link
Contributor

I'm discussing a more general solution in #1314 to support forwarding any query parameters from /oauth2/start on to the IdP login URL.

@ianroberts ianroberts mentioned this issue Oct 24, 2021
Merged
3 tasks
@ianroberts
Copy link
Contributor

I've started a PR #1418 but unsure what's the best format for the configuration, if you have any suggestions please add them on there.

@github-actions
Copy link
Contributor

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label Dec 25, 2021
@ianroberts
Copy link
Contributor

There's been no movement so far on #1314 but I am still interested in getting that or something similar integrated if possible.

@github-actions github-actions bot closed this as completed Jan 3, 2022
@bard bard mentioned this issue Feb 13, 2022
Open
@ianroberts
Copy link
Contributor

#1418 has been merged, so this will be possible in the next release if you're prepared to switch to the "alpha" config style.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bard @ianroberts