diff --git a/CHANGELOG.md b/CHANGELOG.md index f182201e..a8bea95f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ ## Release Hightlights ## Important Notes -- [#335] The session expiry for the OIDC provider is now taken from the Token Response (expires_in) rather than from the id_token (exp) +- [#335] The session expiry for the OIDC provider is now taken from the Token Response (expires_in) rather than from the id_token (exp) ## Breaking Changes @@ -16,6 +16,7 @@ - [#363](https://github.com/pusher/oauth2_proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf) - [#353](https://github.com/pusher/oauth2_proxy/pull/353) Fix login page fragment handling after soft reload on Firefox (@ffdybuster) - [#355](https://github.com/pusher/oauth2_proxy/pull/355) Add Client Secret File support for providers that rotate client secret via file system (@pasha-r) +- [#405](https://github.com/pusher/oauth2_proxy/pull/405) The `/sign_in` page now honors the `rd` query parameter, fixing the redirect after a successful authentication (@ti-mo) # v5.0.0 diff --git a/oauthproxy.go b/oauthproxy.go index 37019b48..76db15ad 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -446,12 +446,15 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code p.ClearSessionCookie(rw, req) rw.WriteHeader(code) - redirecURL := req.URL.RequestURI() - if req.Header.Get("X-Auth-Request-Redirect") != "" { - redirecURL = req.Header.Get("X-Auth-Request-Redirect") + redirectURL, err := p.GetRedirect(req) + if err != nil { + logger.Printf("Error obtaining redirect: %s", err.Error()) + p.ErrorPage(rw, 500, "Internal Error", err.Error()) + return } - if redirecURL == p.SignInPath { - redirecURL = "/" + + if redirectURL == p.SignInPath { + redirectURL = "/" } t := struct { @@ -466,7 +469,7 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code ProviderName: p.provider.Data().ProviderName, SignInMessage: p.SignInMessage, CustomLogin: p.displayCustomLoginForm(), - Redirect: redirecURL, + Redirect: redirectURL, Version: VERSION, ProxyPrefix: p.ProxyPrefix, Footer: template.HTML(p.Footer),