How to preserve original fragment identifier in Spring OAuth2 server auth redirects -


i've got client @springbootapplication @enableoauth2sso , security.oauth2.client.access-token-uri & security.oauth2.client.user-authorization-uri setup such redirects users oauth2 server authentication using authorization code (not implicit!).

my oauth2 server uses @enableauthorizationserver , authorizationserverconfigureradapter extending class set server side little customization.

now client app hosts angular website uses fragment identifiers navigation. users can bookmark/share urls containing these fragment identifiers specific pages later. however, these urls work when user authenticated, otherwise fragment identifier lost in oauth2 server redirect/login dance.

i've read following blog post identify problem:
http://codetunnel.io/how-to-persist-url-hash-fragments-across-a-login-redirect/
in short: fragment identifiers never sent server, retained browser in redirects, lost on post requests. blog post recommends workaround using client side javascript insert hash fragment login form redirect_uri field.

i'm having trouble translating above knowledge application however; can see fragment identifiers retained in redirects:

  • client/app#mypage 302
  • client/login#mypage 302
  • server/oauth/authorize#mypage 302
  • server/logon#mypage

the last page custom stylized login page of mine can insert javascript code on. page contains form posts ./logon, after fragment identifier lost.

what can retain fragment identifier in final redirect user?

and in process of working out above question able (quite easily) fix issue in end:

i (already) override both /logon , /oauth/confirm_access pages inject small jquery javascript snippet:

// manually insert hash fragment preserve angular app pages in redirect // per: http://codetunnel.io/how-to-persist-url-hash-fragments-across-a-login-redirect/ $(function () {     var $form = $('#form');     $form.attr('action', $form.attr('action') + window.location.hash); });

this appends fragment identifier form post action, meaning browser retains throughout login process without sending server.

i had attempted work custom redirectresolver, approach came empty far. if else has working version feel free contribute!


Comments

Post a Comment