Description
Describe the bug
I have successfully set up my application to log in using OAuth. The AuthConfig looks as follows:
{
disableAtHashCheck: true,
property strictDiscoveryDocumentValidation."
strictDiscoveryDocumentValidation: false,
issuer: 'https://myidp.com/oauth/token',
userinfoEndpoint: 'https://myidp.com/userinfo',
redirectUri: 'http://localhost:4200/signin_callback.html',
silentRefreshRedirectUri: 'http://localhost:4200/signin_callback.html',
// will be set from environment during app initialization
clientId: '...,
scope: 'openid roles',
}
The redirectUri has been configured in my IDP and is valid: After successful login the user is redirected to http://localhost:4200/signin_callback.html which is just a dumy file that redirects to http://localhost:4200/. I created it to include some custom redirect logic.
My problem is: There are cases where users directly access another page, e.g. http://localhost:4200/page1, and need to be redirected to that page again after login. I think that OAuth2 requires an exact match of the redirectUris configured in the request/config and on the server, so there's no possiblity to configure it as a pattern on the server. It is also not possible to set the redirectUrl on a per-request basis.
I read here that OAuth supports to use of a so-called state parameter for this case. But How can I set it using the angular-oauth2-oidc library? And how can I use it then to redirect the user to the original URL which triggered the OIDC flow?