All geek questions in one place

Redirect back to page after authentication via OpenID, Oauth or Facebook Connect

I allow users to log in to my site with OpenID, Twitter OAuth or FBConnect. If a user tries to go to a page that requires them to log in after this user logs in, I want to send them BACK to this page. Is there an easy way to do this with all of these, or just I just write a redirect page to a cookie and after successful login send them to this page? I use Django, so if there are any good tips or tricks related to this, that would be great.

Thanks for entering in advance!

+3
source share
2 answers

Sadly, OAuth and OpenID are unaware of your application states (while OAuth WRAP may be). Therefore, you should accept the following assumption:

  • The user will complete the login WITHOUT switching tabs / windows or other requests on your site.

Then you can do the following:

  • After you discover access to a secure site, save the full request in the session. This will not work at all, if it is a POST request, you need to prepare for this problem (show them a warning site so that they must first log in).
  • Save the time stamp when this request occurred.
  • OpenID , . ( , 5 ). .

, , , .

+1

(, ) return_to. :

. URL- return_to , . , RP , ; RP.

:

def sendOpenIDCheck(...):
    # after getting an AuthRequest from Consumer.begin
    return_to = oidutil.appendArgs(return_to,
        {'destination_url': that_place_they_tried_to_go})
    return redirect(auth_request.redirectURL, realm, return_to))


def handleReturnTo(request):
   # after doing Consumer.complete and receiving a SuccessResponse:

   return redirect(request.GET['destination_url'])

- , (, POST), URL-, , , destination_url , , URL- , .

, , , , , .

+2

Source: https://habr.com/ru/post/1732093/

More articles:


All Articles