-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support redirecting to arbitrary URLs after login is succesful #29
Comments
@glena can you add this? |
@woloski / @rolodato |
ready on dev |
Doesn't work for me. Got redirected to http://auth0wp.wpengine.com/#_=_ when trying to go to another page. Login URL had the correct one on request param: http://auth0wp.wpengine.com/wp-login.php?redirect_to=http%3A%2F%2Fauth0wp.wpengine.com%2Fwp-admin%2Fthemes.php&reauth=1 |
it is an issue with wpengine (http://wpengine.com/support/cookies-and-php-sessions/). As the use some kind of evil page cache, the plugin can read the cookies when it come back from Auth0. It should work well with other hostings. |
@mgonto I have changed to save in both session and cookies. By default it uses the SESSION value but if for some reason it loose the session data (it is common with some redirections, ie. social login, to avoid session hihacking) it looks for the cookie. But I am having the same issue with wpengine(it is already changed on http://auth0wp.wpengine.com). Cant read the SESSION neither (it is explained also in the link of the last comment). |
What I'm suggesting is to use neither a cookie nor a session. Once you get the URL and you call lock you send the current url on the lock.show({
callbackUrl: 'bla',
state: location.href
}) Then, once you get back from the redirect, you`d do something like the following: var hash = lock.parseHash(window.location.hash).
var mainUrl = hash.state;
window.location.href = hash.state; Would that work @glena? Cheers! |
…now it uses state without cookies nor session)
Done! |
This doesn't work for me. Im using Lock v10 ("auth0-lock": "10.3.0") |
@jonathanmv It should be fixed on |
Hey @glena, thanks for the quick reply. I updated to |
@jonathanmv Sorry, that is the version of the wordpress plugin. The state parameter was wrongly mapped after the lock 10 api change and that was fixed today. |
I see @glena. It's me the one reading in the wrong thread, hahaha. I didn't see that this was the wp-auth0 library and not the one for javascript. But, shouldn't it be working the same? That's why I keep on finding answers with different parameters to the |
can you elaborate what is the issue you are having and what is the desired behaviour? I can help you if I know what is the real issue :) (this thread focuses on the hability to redirect a user back to the original url he attempted to access before being redirected to the login screen in the WordPress plugin, not really related to Lock) |
I'm trying to do exactly that: redirect the user to the page from which he was prompted to log in.
None of them have worked. Maybe i'm doing something wrong when setting the parameters for the Thanks for helping out @glena |
First, if you are using lock 10, the parameters are set on the constructor and not on the show method (see https://auth0.com/docs/libraries/lock) Second the state param is under The way the state param works is that anything you put in there, will be propagated to your callback url by auth0 so you can receive the previous state after the authentication. What is usually done there is to send the url in that parameter, so you will later receive it and you can redirect the user there. For example this plugin sets a json in the state parameter that looks like this: |
Thanks again @glena for the answer. I solved the issue using the state param as you said. However there were additional things I needed to do in order to make it work. I'm sharing those things in here so that it can help someone in the future.
The code to instantiate the Lock object is as follows
That was all :) |
Thanks @jonathanmv - nice work. I am using angular2 and I am running into issues when getting the true path but |
Hey @mrowles. I don't really understand what you are trying to say in your comment. Could you explain a little bit further please? |
@jonathanmv appreciate the help, was more of a shout out to anyone using angular2 though! Reread my comment, was half asleep, sorry lol! I meant to say 'window.location.path' = '/' no matter the path you're at until you refresh the page at 'thing/in-1' with angular pretty routing on (non-hash). Edit: looks like the authResult back from Auth0 isn't coming back with the state.params.pathname I sent to it, will continue investigating. |
@jonathanmv this works for me, but step 4 is no longer required. The state param is not removed. Perhaps due to a new version of Auth0 Lock? This is my code to get the state:
The state property is inside that console.log output. |
Currently, the plugin redirects to either the main blog, the original page that was requested before logging in, or the admin panel. This should be configurable with an arbitrary relative or absolute URL.
The text was updated successfully, but these errors were encountered: