Skip to content

V16: Unwarranted redirect after auth #19935

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Aug 26, 2025
Merged

V16: Unwarranted redirect after auth #19935

merged 12 commits into from
Aug 26, 2025
+50 −21

Conversation

iOvergaard
Copy link
Contributor

Description

Fixes #17642
Fixes #18334
Fixes #19750

This pull request refines the OAuth authorization flow in the backoffice app, improving both the handling and redirection logic after authentication. The main focus is to ensure users are redirected to their intended location after completing OAuth, and to improve error handling and code clarity. Key changes include updating the authorization completion logic to return more informative results, centralizing redirect logic, and improving error feedback.

OAuth flow and redirect improvements

  • Updated the OAuth completion route setup in UmbAppElement to use an async function, handle errors more gracefully, and redirect users to their previous path or root after authorization using the new redirectToStoredPath utility. [1] [2]
  • Replaced the use of retrieveStoredPath with the new redirectToStoredPath function for more consistent and centralized redirect behavior. [1] [2]

Authorization request handler enhancements

  • Changed the return type of completeAuthorizationRequestIfPossible in AuthorizationRequestHandler to return an AuthorizationRequestResponse | null instead of void, allowing for more informative handling of the authorization result.

Utility function addition

  • Added the redirectToStoredPath function to centralize and standardize the logic for redirecting users after authentication, replacing previous ad-hoc implementations.

How to test

Unwarranted redirects

  1. Log in and go to somewhere in the backoffice (does not matter where)
  2. Open a new tab with middle-click (so that the window.opener is activated)
  3. Check that the first tab does not redirect

Stuck on oauth_complete

  1. Log in
  2. Go back in the browser so you hit the login screen
  3. Log in again
  4. You should now see a redirect to /oauth_complete, then to the backoffice (it may happen twice because the first try invalidates the existing session, which is expected)
  5. Verify that you at no point get stuck on /oauth_complete without any response or indication

@iOvergaard
fix: uses isAuthorized to check if user is logged in before terminati…
b6b08c9 
…ng the observer
@iOvergaard
feat: adds new function to redirect to stored path
b18702a
@iOvergaard
fix: always redirect to stored path even on failure
0c0cc02 
the user may have landed up on the page by mistake
@iOvergaard
Revert "fix: always redirect to stored path even on failure"
93a17b7 
This reverts commit 0c0cc02.
@iOvergaard
fix: sends back the result
d24e486
@iOvergaard
fix: waits for the initial authorization request to come back before …
dad8923 
…listening to the authorization signal (and then only listen once for it)

also check if the request was null, which means we can safely redirect the user
@iOvergaard
docs: clarify what happens
5296477
@iOvergaard
chore: converts the promise code to async/await pattern
343ee10
@iOvergaard
fix: tokenResponse should validate its internal object state
aaf610b
@iOvergaard
feat: allows function to force a window redirect
03404ef
@iOvergaard
fix: checks if the user happens to already be authorized, because the…
203bbf1 
…n we do not need a new code check
@Copilot Copilot AI review requested due to automatic review settings August 19, 2025 09:40
Copilot
Copilot AI reviewed Aug 19, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request refines the OAuth authorization flow in the backoffice app to fix unwarranted redirects and improve handling after authentication. The changes focus on better redirect logic, error handling, and preventing users from getting stuck on the oauth_complete page.

  • Centralized redirect logic with a new redirectToStoredPath utility function
  • Enhanced OAuth completion flow with better error handling and authorization checks
  • Updated authorization request handler to return more informative results

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
stored-path.function.ts Added redirectToStoredPath utility function to centralize redirect logic
auth-flow.ts Fixed authorization check to use getValue() method
authorization_request_handler.ts Changed return type to provide authorization result information
app.element.ts Improved OAuth completion setup with async handling and better redirect logic

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@ctolkien
Copy link
Contributor

This is a major annoyance for our client, would be amazing to get it in. Thanks for your work on this @iOvergaard

@iOvergaard iOvergaard requested a review from leekelleher August 26, 2025 09:22
@leekelleher leekelleher merged commit b23906a into main Aug 26, 2025
27 checks passed
@leekelleher leekelleher deleted the v16/bugfix/unwarranted-redirect-after-auth branch August 26, 2025 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@leekelleher leekelleher leekelleher approved these changes

Assignees
No one assigned
Labels
area/frontend type/bug
Projects
None yet
Milestone
No milestone
3 participants
@iOvergaard @ctolkien @leekelleher