Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TT-4287] Ability for TykMakeHttpRequest to not follow redirects #1938

Open
andytson-inviqa opened this issue Oct 15, 2018 · 4 comments
Open

[TT-4287] Ability for TykMakeHttpRequest to not follow redirects #1938

andytson-inviqa opened this issue Oct 15, 2018 · 4 comments
Labels
enhancement

Comments

@andytson-inviqa
Copy link

andytson-inviqa commented Oct 15, 2018
edited
Loading

Do you want to request a feature or report a bug?
feature

What is the current behavior?
When calling TykMakeHttpRequest with a request where the backend responds with a 302 (etc) status code and a Location header, the Location header is visited, as another sub-request, with no documented way to stop that.

What is the expected behavior?
The TykMakeHttpRequest have an option to turn off Location forwarding

Which versions of Tyk affected by this issue? Did this work in previous versions of Tyk?
2.7.2

Reason for asking is that I want to implement OpenID connect authorization and token endpoints for a single-page app. TIB is unsuitable for our purpose as it uses server-side sessions, whereas we want httponly cookie-based refresh/access tokens, additionally Implicit flow we've ruled out for our purposes as it exposes the access token to the FE Javascript.

OpenID connect's authorization endpoint returns a 302 response with a redirect, which needs to be performed by the browser rather than Tyk sub-request.
@stale
Copy link

stale bot commented Mar 25, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs, please add comments to this ticket if you would like it to stay open. Thank you for your contributions.

@stale stale bot added the wontfix label Mar 25, 2020
@stale stale bot closed this as completed Apr 24, 2020
@educroquet
Copy link

Too bad, I have similar need : making a virtual endpoint that handles some Oauth2 cinematic and so needed to properly handle the 302 response ...

Within API frameworks, not automatically following the 302 redirect should be the default as it is more a browser/UI behavior than a server side one, server side code usually requires deep control of the http requests.

@andytson-inviqa
Copy link
Author

@educroquet I'd suggest raising another ticket, as closed tickets on github don't usually get re-reviewed.

What I did in the end was make a backend api service that did the authentication, which was routed through Tyk. We didn't end up using Tyk though, as it was just a proof-of-concept

@oluwaseyeayinla oluwaseyeayinla changed the title Ability for TykMakeHttpRequest to not follow redirects [TT-4287] Ability for TykMakeHttpRequest to not follow redirects May 24, 2024
@oluwaseyeayinla
Copy link

Discovered internal enhancement request TT-4287 in the backlog and re-opened request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andytson-inviqa @oluwaseyeayinla @educroquet