Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support passing login query string to oauth authorize redirect #2222

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: support passing login query string to oauth authorize redirect #2222

wants to merge 1 commit into from

Conversation

scarbeau
Copy link

Description

This commit modifies the AuthOAuthView login function, introducing the option to preserve inbound request parameters and include them on the authorize redirect url created by the OAuth provider. This functionally is controlled by a new configuration bool AUTH_OAUTH_PRESERVE_LOGIN_QUERY. This value defaults to false to ensure this change is opt-in only and should have no impact on current usage.

This feature is needed to better support login via a federated IdPs (e.g., Cognito with multiple federated providers). For example, consider the following flask endpoints:

/login/cognito?identity_provider=customer1-okta
/login/cognito?identity_provider=customer2-auth0
/login/cognito?identity_provider=customer3-onelogin

With this commit, the resulting redirects will be (some parameters excluded for readability):

https://DOMAIN.amazoncognito.com/oauth2/authorize?client_id=X&redirect_uri=https://app/oauth-authorized/cognito&identity_provider=customer1-okta
https://DOMAIN.amazoncognito.com/oauth2/authorize?client_id=X&redirect_uri=https://app/oauth-authorized/cognito&identity_provider=customer2-auth0
https://DOMAIN.amazoncognito.com/oauth2/authorize?client_id=X&redirect_uri=https://app/oauth-authorized/cognito&identity_provider=customer3-onelogin

Note the identity_provider parameter on each authorize url. This will allow Cognito (or other OAuth2 providers) to immediately redirect the client to the applicable IdP, improving overall user experience.

ADDITIONAL INFORMATION

  • Has associated issue:
  • Is CRUD MVC related.
  • Is Auth, RBAC security related.
  • Changes the security db schema.
  • Introduces new feature
  • Removes existing feature

@codecov Codecov
Copy link

codecov bot commented Mar 21, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 3 lines in your changes are missing coverage. Please review.

Project coverage is 79.61%. Comparing base (c65e067) to head (ebd0aa0).

Files Patch % Lines
flask_appbuilder/security/views.py 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2222      +/-   ##
==========================================
+ Coverage   73.81%   79.61%   +5.79%     
==========================================
  Files          72       72              
  Lines        8754     9032     +278     
==========================================
+ Hits         6462     7191     +729     
+ Misses       2292     1841     -451
Flag Coverage Δ
python 79.61% <0.00%> (+5.79%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@scarbeau