Post login redirect config option

src/config/index.js

@@ -1,39 +1,40 @@
 const initialState = {
-  user: null,
-  isLoading: true,
-  checkSession: null,
+	user: null,
+	isLoading: true,
+	checkSession: null,
 };
 
 const SESSION_PREFIX = "pkce-verifier";
 
 const KINDE_SITE_URL = process.env.KINDE_SITE_URL;
+const KINDE_POST_LOGIN_URL_REDIRECT_URL = process.env.KINDE_POST_LOGIN_URL_REDIRECT_URL;
 const KINDE_ISSUER_URL = process.env.KINDE_ISSUER_URL;
-const KINDE_POST_LOGOUT_REDIRECT_URL =
-  process.env.KINDE_POST_LOGOUT_REDIRECT_URL;
+const KINDE_POST_LOGOUT_REDIRECT_URL = process.env.KINDE_POST_LOGOUT_REDIRECT_URL;
 const KINDE_CLIENT_ID = process.env.KINDE_CLIENT_ID;
 const KINDE_CLIENT_SECRET = process.env.KINDE_CLIENT_SECRET;
 const KINDE_AUDIENCE = process.env.KINDE_AUDIENCE;
 
 export const config = {
-  initialState,
-  SESSION_PREFIX,
-  redirectURL: KINDE_SITE_URL,
-  issuerURL: KINDE_ISSUER_URL,
-  clientID: KINDE_CLIENT_ID,
-  clientSecret: KINDE_CLIENT_SECRET,
-  postLogoutRedirectURL: KINDE_POST_LOGOUT_REDIRECT_URL,
-  audience: KINDE_AUDIENCE,
-  responseType: "code",
-  scope: "openid profile email offline",
-  codeChallengeMethod: "S256",
-  redirectRoutes: {
-    callback: "/api/auth/kinde_callback",
-  },
-  issuerRoutes: {
-    logout: "/logout",
-    login: "/oauth2/auth",
-    register: "/oauth2/auth",
-    token: "/oauth2/token",
-    profile: "/oauth2/v2/user_profile",
-  },
+	initialState,
+	SESSION_PREFIX,
+	redirectURL: KINDE_SITE_URL,
+	postLoginURL: KINDE_POST_LOGIN_URL_REDIRECT_URL,
+	issuerURL: KINDE_ISSUER_URL,
+	clientID: KINDE_CLIENT_ID,
+	clientSecret: KINDE_CLIENT_SECRET,
+	postLogoutRedirectURL: KINDE_POST_LOGOUT_REDIRECT_URL,
+	audience: KINDE_AUDIENCE,
+	responseType: "code",
+	scope: "openid profile email offline",
+	codeChallengeMethod: "S256",
+	redirectRoutes: {
+		callback: "/api/auth/kinde_callback",
+	},
+	issuerRoutes: {
+		logout: "/logout",
+		login: "/oauth2/auth",
+		register: "/oauth2/auth",
+		token: "/oauth2/token",
+		profile: "/oauth2/v2/user_profile",
+	},
 };

src/handlers/callback.js

@@ -5,10 +5,9 @@ import { version } from "../utils/version";
 var cookie = require("cookie");
 
 export const callback = async (req, res) => {
-  const { code, state } = req.query;
-  const code_verifier = cookie.parse(req.headers.cookie || "")[
-    `${config.SESSION_PREFIX}-${state}`
-  ];
+	const { code, state } = req.query;
+	const code_verifier = cookie.parse(req.headers.cookie || "")[`${config.SESSION_PREFIX}-${state}`];
+
 
   if (code_verifier) {
     try {
@@ -33,37 +32,36 @@ export const callback = async (req, res) => {
       const data = await response.json();
       const accessTokenHeader = jwt_decode(data.access_token, { header: true });
       const accessTokenPayload = jwt_decode(data.access_token);
+			let isAudienceValid = true;
+			if (config.audience) isAudienceValid = accessTokenPayload.aud == config.audience;
 
-      let isAudienceValid = true;
-      if (config.audience)
-        isAudienceValid = accessTokenPayload.aud == config.audience;
-
-      if (
-        accessTokenPayload.iss == config.issuerURL &&
-        accessTokenHeader.alg == "RS256" &&
-        accessTokenPayload.exp > Math.floor(Date.now() / 1000) &&
-        isAudienceValid
-      ) {
-        res.setHeader(
-          "Set-Cookie",
-          cookie.serialize(`kinde_token`, JSON.stringify(data), {
-            httpOnly: true,
-            expires: new Date(accessTokenPayload.exp * 1000),
-            sameSite: "strict",
-            secure: true,
-            path: "/",
-          })
-        );
-      } else {
-        console.error("One or more of the claims were not verified.");
-      }
-    } catch (err) {
-      console.error(err);
-    }
-    res.redirect(config.redirectURL);
-  } else {
-    const logoutURL = new URL(config.issuerURL + config.issuerRoutes.logout);
-    logoutURL.searchParams.set("redirect", config.postLogoutRedirectURL);
-    res.redirect(logoutURL.href);
-  }
+			if (
+				accessTokenPayload.iss == config.issuerURL &&
+				accessTokenHeader.alg == "RS256" &&
+				accessTokenPayload.exp > Math.floor(Date.now() / 1000) &&
+				isAudienceValid
+			) {
+				res.setHeader(
+					"Set-Cookie",
+					cookie.serialize(`kinde_token`, JSON.stringify(data), {
+						httpOnly: true,
+						expires: new Date(accessTokenPayload.exp * 1000),
+						sameSite: "strict",
+						secure: true,
+						path: "/",
+					})
+				);
+			} else {
+				console.error("One or more of the claims were not verified.");
+			}
+		} catch (err) {
+			console.error(err);
+		}
+		const redirectUrl = config.postLoginURL ? config.postLoginURL : config.redirectURL;
+		res.redirect(redirectUrl);
+	} else {
+		const logoutURL = new URL(config.issuerURL + config.issuerRoutes.logout);
+		logoutURL.searchParams.set("redirect", config.postLogoutRedirectURL);
+		res.redirect(logoutURL.href);
+	}
 };