@@ -189,16 +189,16 @@ export class Authenticator {
189189 log . info ( `User is already authenticated. Continue.` , { "login-flow" : true } ) ;
190190 return next ( ) ;
191191 }
192- let returnTo : string | undefined = req . query . returnTo ?. toString ( ) ;
193- if ( returnTo ) {
194- log . info ( `Stored returnTo URL: ${ returnTo } , { "login-flow" : true } ) ;
192+ let returnToParam : string | undefined = req . query . returnTo ?. toString ( ) ;
193+ if ( returnToParam ) {
194+ log . info ( `Stored returnTo URL: ${ returnToParam } , { "login-flow" : true } ) ;
195195 }
196196 // returnTo defaults to workspaces url
197197 const workspaceUrl = this . config . hostUrl . asDashboard ( ) . toString ( ) ;
198- returnTo = returnTo || workspaceUrl ;
199-
198+ returnToParam = returnToParam || workspaceUrl ;
200199 // Ensure returnTo URL has a fragment to prevent OAuth token inheritance attacks
201- returnTo = ensureUrlHasFragment ( returnTo ) ;
200+ const returnTo = ensureUrlHasFragment ( returnToParam ) ;
201+
202202 const host : string = req . query . host ?. toString ( ) || "" ;
203203 const authProvider = host && ( await this . getAuthProviderForHost ( host ) ) ;
204204 if ( ! host || ! authProvider ) {
@@ -233,8 +233,6 @@ export class Authenticator {
233233
234234 // Generate nonce for CSRF protection
235235 const nonce = this . nonceService . generateNonce ( ) ;
236-
237- // Set nonce cookie
238236 this . nonceService . setNonceCookie ( res , nonce ) ;
239237
240238 const state = await this . signInJWT . sign ( {
@@ -372,8 +370,6 @@ export class Authenticator {
372370
373371 // Generate nonce for CSRF protection
374372 const nonce = this . nonceService . generateNonce ( ) ;
375-
376- // Set nonce cookie
377373 this . nonceService . setNonceCookie ( res , nonce ) ;
378374
379375 const state = await this . signInJWT . sign ( { host, returnTo, overrideScopes : override , nonce } ) ;
0 commit comments