It may be nice to pass additional context metadata to the redirectUrl from the OP authorizer such as orgContext #195
Labels
Comments
theBoEffect
added
enhancement
|
The updated function in respond.js would be something like... module.exports = async function respond(ctx, next) {
const { oidc: { params } } = ctx;
const { oidc: { result } } = ctx;
const out = (result && Object.keys(result?.metaData)) ? {
...await next(),
...result.metaData
} : await next()
if (params.state !== undefined) {
out.state = params.state;
}
if (!out.id_token && instance(ctx.oidc.provider).configuration('features.issAuthResp.enabled')) {
out.iss = ctx.oidc.provider.issuer;
}
ctx.oidc.provider.emit('authorization.success', ctx, out);
const handler = instance(ctx.oidc.provider).responseModes.get(ctx.oidc.responseMode);
await handler(ctx, params.redirect_uri, out);
};Though this would not include the data on the session, so an attempt to reauthorize without login will not have the metadata. Approach would need refinement |
|
Alternative approach - we can persist a reference to the orgContext selected using the accountId, ClientID, and State passed to /auth as key. The client ui can then query the org context after successful authorization... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To do this, we would need to alter a core library of the project. Specifically, the oidc-node-provider library and this function within it: https://github.com/panva/node-oidc-provider/blob/main/lib/actions/authorization/respond.js
We will consider the pros and cons of a such a fork and decide on an appropriate course of action.
The text was updated successfully, but these errors were encountered: