What we have now
After authorization we get to /employees instead of the page we were at or where we wanted to get.
What we want to get
After authorization we get to the desired page.
E.g., after scanning a book's QR code, we want to get to this book's page after being redirected to authorization page and entering valid login and password.
Solution
We want to save URL (returnUrl) of the desired page in:
- session storage or
- local storage or
- React state or
- query parameter.
We need it in order to save the url of the page we were at when we got redirected to auth page. So that after login we get redirected to the same page.
Need to research where this should be configured - probably in layout-ui or/and auth-ui.
Vulnerabilities
- The option with query parameter has risks of compromising the url because it will be in the open access.
- We need to make sure that in prod the redirectUrl begins with our domain and includes "/", e.g. "https://our-domain.com/"
Additional
Check redirect to book copy page with QR after login via mobile scan
What we have now
After authorization we get to /employees instead of the page we were at or where we wanted to get.
What we want to get
After authorization we get to the desired page.
E.g., after scanning a book's QR code, we want to get to this book's page after being redirected to authorization page and entering valid login and password.
Solution
We want to save URL (returnUrl) of the desired page in:
We need it in order to save the url of the page we were at when we got redirected to auth page. So that after login we get redirected to the same page.
Need to research where this should be configured - probably in layout-ui or/and auth-ui.
Vulnerabilities
Additional
Check redirect to book copy page with QR after login via mobile scan