From 0eb3ba57812d9d1c4478f4782e9956ebf92d5273 Mon Sep 17 00:00:00 2001 From: Shawn Kim Date: Wed, 21 Dec 2022 19:19:25 -0800 Subject: [PATCH] Add OIDC landing page for NGINX to redirect after successful OIDC login remove login endpoint --- openid_connect.js | 11 ++++++++++- openid_connect_configuration.conf | 7 +++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/openid_connect.js b/openid_connect.js index 49909c9..c383fae 100644 --- a/openid_connect.js +++ b/openid_connect.js @@ -198,7 +198,7 @@ function codeExchange(r) { r.variables.new_access_token = ""; } r.headersOut["Set-Cookie"] = "auth_token=" + r.variables.request_id + "; " + r.variables.oidc_cookie_flags; - r.return(302, r.variables.redirect_base + r.variables.cookie_auth_redir); + redirectPostLogin(r); } ); } catch (e) { @@ -263,6 +263,15 @@ function validateIdToken(r) { } } +// Redirect URI after successful login from the OP. +function redirectPostLogin(r) { + if (r.variables.oidc_landing_page) { + r.return(302, r.variables.oidc_landing_page); + } else { + r.return(302, r.variables.redirect_base + r.variables.cookie_auth_redir); + } +} + function logout(r) { r.log("OIDC logout for " + r.variables.cookie_auth_token); r.variables.session_jwt = "-"; diff --git a/openid_connect_configuration.conf b/openid_connect_configuration.conf index 0aa69a4..dd39cef 100644 --- a/openid_connect_configuration.conf +++ b/openid_connect_configuration.conf @@ -44,6 +44,13 @@ map $host $oidc_scopes { default "openid+profile+email+offline_access"; } +map $host $oidc_landing_page { + # Where to send browser after successful login. If empty, redirects User + # Agent to $request_uri. + default ""; + #www.example.com $redirect_base; +} + map $host $oidc_logout_redirect { # Where to send browser after requesting /logout location. This can be # replaced with a custom logout page, or complete URL.