Why is loginState,Returnurl when a succesful OAuthOnly authentication set to null?

[JohnDuerden]

In the IdentityController CallbackHandler this code:

switch (loginState.ProviderType)
{
case ProviderType.OAuthOnly:
result = await _oAuthOnlyService.ProcessOAuthLogin(redirectUri, ip);
if (result.IsSuccessful)
{
loginState.Expiration = result.Token.ValidTo;
loginState.ReturnUrl = null;
}
break;
...........................

means that any returnurl passed will be dropped? We would like to set up a link outside PopForums to a particular Forum and this prevents doing that.

Thanks for any insights and / or an alternative to achieve what we are looking for,

John Duerden

[jeffputz]

Hi John,

This is by design. In the case of anything not OAuth-only, the user is presumably browsing the forum, and we want them to go back to where they were when they logged in. In the OAuth-only scenario, the user can't possibly have been browsing the forum because the whole thing is private.

The AccountController does make this a little convoluted, because it uses the IdentityController's CallbackHandler action and puts it in the ExternalLoginState. I couldn't even tell you why, since the value is never used. A way to change this is to have /Forums/Account/OAuthLogin take a query string for the return URL, and then not set it to null when it's recalled in IdentityController.

If you want to put in a new issue, call it "Accept return URL for OAuth-only login state" or something, I'm happy to take a look at it.
-Jeff

[JohnDuerden]

Thanks Jeff, I have added an issue. Not a big deal but it has been raised to me as an inconsistency depending on whether the user is authenticated or not, John Duerden

…

On Tue, Feb 27, 2024 at 11:28 AM Jeff Putz ***@***.***> wrote: Hi John, This is by design. In the case of anything not OAuth-only, the user is presumably browsing the forum, and we want them to go back to where they were when they logged in. In the OAuth-only scenario, the user can't possibly have been browsing the forum because the whole thing is private. The AccountController does make this a little convoluted, because it uses the IdentityController's CallbackHandler action and puts it in the ExternalLoginState. I couldn't even tell you why, since the value is never used. A way to change this is to have /Forums/Account/OAuthLogin take a query string for the return URL, and then not set it to null when it's recalled in IdentityController. If you want to put in a new issue, call it "Accept return URL for OAuth-only login state" or something, I'm happy to take a look at it. -Jeff — Reply to this email directly, view it on GitHub <#362 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAE7DNCPP3F72SK5LV7QH63YVYXUDAVCNFSM6AAAAABD4T6LNOVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DMMBZG43TG> . You are receiving this because you authored the thread.Message ID: ***@***.***>