[WIP - Help wanted!] Ensure preservation of return_to through OAuth login flow #3762
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
assigned 
|
@jywarren Wow, this seems to be quite interesting issue. I was thinking about approach to it. What about this:
I'm not sure how well would it address the issue. I might have missed something. |
|
That sounds like a great approach, although it did seem to me that we might
be able to set the session in the oath login route itself? But maybe I'm
mixed up. If you'd like to try this out, we'd love some help!!!
…On Tue, Oct 30, 2018, 5:49 PM Radhika Dua ***@***.*** wrote:
@jywarren <https://github.com/jywarren> Wow, this seems to be quite
interesting issue. I was thinking about approach to it.
What about this:
1. All the third party login icons will point to
/redirect?from=#{url}&to=/auth/#{provider}.
2. In that GET view:
2.1 if user is already logged in, redirect user to from url. (handling
edge case)
2.2 if user is not logged in, just get the existing session or create
new one. In that session, save the return_to url and redirect user to
to url from get parameters.
3. When callback from third party login is called, on success, we
check if return_to is set in session or not. If it is set, then just
redirect user to that url.
I'm not sure how well would it address the issue. I might have missed
something.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3762 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABfJ4A44ANws-1gLhAV4eMQNoJRI1_Aks5uqMlVgaJpZM4X5JAx>
.
|
|
Sure, I'll try it out tomorrow. Thanks! |
This was referenced Nov 1, 2018
|
Deferring to #3879 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #3384
I think this is only the beginning -- i'm not setting the
session[:return_to]in the right places, nor am I setting up the redirects thoroughly... and it could probably use some refinement to not have redundant code.