Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: respect return_to in OIDC API flow error case #3893

Merged
merged 4 commits into from
Apr 25, 2024
Merged

fix: respect return_to in OIDC API flow error case #3893

merged 4 commits into from
Apr 25, 2024

Conversation

hperl
Copy link
Contributor

@hperl hperl commented Apr 23, 2024
edited
Loading

This fix ensures that we redirect the user to the return_to URL when an error occurs during the OIDC login for native flows.

Native flows are initialized through the API, and the browser URL is retrieved from a 422 response after a POST to submit the login flow. Successful OIDC flows already returned the code to the return_to URL. Now, unsuccessful flows return the flow with the current flow ID (which might have changed), so that the caller can retrieve the full flow and act accordingly.

Related issue(s)

ory/network#344

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    [email protected]) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

@hperl
fix: respect return_to in OIDC API flow error case
f613bef 
This fix ensures that we redirect the user to the return_to URL
when an error occurs during the OIDC login for native flows.

Native flows are initialized through the API, and the browser
URL is retrieved from a 422 response after a POST to submit the
login flow. Successful OIDC flows already returned the `code` to
the `return_to` URL. Now, unsuccessful flows return the `flow` with
the current flow ID (which might have changed), so that the caller
can retrieve the full flow and act accordingly.
@hperl hperl requested a review from jonas-jonas April 23, 2024 11:15
@hperl hperl self-assigned this Apr 23, 2024
@hperl hperl requested review from aeneasr and zepatrik as code owners April 23, 2024 11:15
@codecov Codecov
Copy link

codecov bot commented Apr 23, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 92.30769% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 78.07%. Comparing base (17f9a4f) to head (7d261f5).

Files Patch % Lines
selfservice/strategy/oidc/strategy.go 92.30% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3893      +/-   ##
==========================================
+ Coverage   78.05%   78.07%   +0.02%     
==========================================
  Files         360      360              
  Lines       25246    25257      +11     
==========================================
+ Hits        19705    19719      +14     
+ Misses       4032     4031       -1     
+ Partials     1509     1507       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jonas-jonas
jonas-jonas previously approved these changes Apr 24, 2024
View reviewed changes
@hperl hperl enabled auto-merge (squash) April 24, 2024 11:03
@hperl hperl requested a review from jonas-jonas April 25, 2024 06:16
@hperl hperl merged commit e8f1bcb into master Apr 25, 2024
29 checks passed
@hperl hperl deleted the hperl/fix-return_to-for-oidc-api-flows branch April 25, 2024 07:45
mpauly-exnaton pushed a commit to mpauly-exnaton/kratos that referenced this pull request Feb 12, 2025
@hperl @mpauly-exnaton
fix: respect return_to in OIDC API flow error case (ory#3893)
84d1283 
* fix: respect return_to in OIDC API flow error case

This fix ensures that we redirect the user to the return_to URL
when an error occurs during the OIDC login for native flows.

Native flows are initialized through the API, and the browser
URL is retrieved from a 422 response after a POST to submit the
login flow. Successful OIDC flows already returned the `code` to
the `return_to` URL. Now, unsuccessful flows return the `flow` with
the current flow ID (which might have changed), so that the caller
can retrieve the full flow and act accordingly.

* fix: ignore trivvy CVE report

Bump in distroless is still open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonas-jonas jonas-jonas jonas-jonas approved these changes

@aeneasr aeneasr Awaiting requested review from aeneasr aeneasr is a code owner

@zepatrik zepatrik Awaiting requested review from zepatrik

Assignees

@hperl hperl

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hperl @jonas-jonas