Option to append access token to success redirect URL #157
Conversation
…he auth0 passport strategy
…an/loopback-component-passport into feature-redirect-with-accesstoken
|
Can one of the admins verify this patch? To accept patch and trigger a build add comment ".ok\W+to\W+test." |
|
@slnode test please |
|
please, make it |
|
Can one of the admins verify this patch? |
1 similar comment
|
Can one of the admins verify this patch? |
There was a problem hiding this comment.
The two options added in pr looks reasonable to me.
@jeff3yan Can you add some test cases for each option? With test case pass on CI we can check in the pr then.
And please also fix the commit message, here is the linting error:
**************************************************
**
** Linting commit logs
**
** 4 problems found:
** 5c9ced3 - Merge branch 'feature-redirect-with-accesstoken' of: First line should be 50 characters or less (saw 138)
** 38074de - Add option to append access token to success redire: First line should be 50 characters or less (saw 57)
** 26fa7e9 - Allow cookieDomain to be explicitly set to some fal: First line should be 50 characters or less (saw 60)
** b84d9bb - Add cookieDomain configuration since domain is a re: First line should be 50 characters or less (saw 95)
**
**************************************************
| }); | ||
| } | ||
| } | ||
| return res.redirect(successRedirect(req)); | ||
| return res.redirect(successRedirect(req) + (options.redirectWithToken ? '?access_token=' + info.accessToken.id : '')); |
There was a problem hiding this comment.
I am not sure is it safe to expose accessToken in url, @loay idea?
|
This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the |
|
how can i use this feature ? any doc ? |
Added an option for appending the access token as a query parameter on the success redirect URL. Similar to this fork, but with a config option
redirectWithToken.This was desired due to loopback-component-passport 3rd party login only supporting access token setting via cookies, which isn't feasible when the front-end and API are on different domains.
Similar in intent to #102, but it allows continued usage of the
returnToquery parameter and is useful for apps that may have dynamic redirects on separate domains.return res.redirect(successRedirect(req) + (options.redirectWithToken ? '?access_token=' + info.accessToken.id : ''));