-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Harden middleware for unenforced login #1091
Conversation
@@ -49,6 +49,7 @@ export async function getKeycloakClient() { | |||
} | |||
|
|||
export const getAuthUrl = async (redirectUrl: string) => { | |||
redirectUrl = removeTokenCodeFromSearchParams(new URL(redirectUrl)).toString(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That redirect URL should also be https
, no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hadn't seen yours until after - if you're happy with how yours is working I'm happy to go with that instead. I haven't tested this much. |
Nono, go ahead, we're getting there slowly I think - I'm taking another shot after some sleep in #1097 |
Closing in favour of #1098 |
resolves #1087 maybe
preview URL: https://harden-nice-login.loculus.org/
Summary
Clears session cookie when there is an error getting user info, even if not on an enforced login page, and ensures we don't redirect to a page with session parameters in the redirect Uri