9c61c49ec2
* fix: Return 302 redirect from AuthOnly when skip-provider-button is true When SkipProviderButton is enabled and a user needs to login, the AuthOnly endpoint now returns a 302 redirect directly to the OAuth provider instead of returning 401. This fixes an issue with nginx auth_request architecture where 401 triggers error_page handling, which can break redirect flows because nginx overrides the status code (e.g., to 403), and browsers don't follow Location headers for non-3xx responses. Fixes: #334 Signed-off-by: Stefan Markmann <stefan@markmann.net> * update docs and changelog Signed-off-by: Stefan Markmann <stefan@markmann.net> * test: Add specific OAuth redirect assertions per code review feedback Improve TestAuthOnlyEndpointRedirectWithSkipProviderButton to verify that the Location header actually redirects to the OAuth provider's authorize endpoint with required parameters (client_id, redirect_uri, state), not just that a Location header exists. Signed-off-by: Stefan Markmann <stefan@markmann.net> * refactor: Flatten AuthOnly error handling structure Move the SkipProviderButton check outside of the nested err != nil block using an if-else structure. This makes the special case more visible and reduces nesting depth without changing behavior. Signed-off-by: Stefan Markmann <stefan@markmann.net> * doc: backport to v7.14.x Signed-off-by: Jan Larwig <jan@larwig.com> --------- Signed-off-by: Stefan Markmann <stefan@markmann.net> Signed-off-by: Jan Larwig <jan@larwig.com> Co-authored-by: Jan Larwig <jan@larwig.com> |
||
|---|---|---|
| .. | ||
| community | ||
| configuration | ||
| features | ||
| behaviour.md | ||
| installation.md | ||
| welcome.md | ||