dcc7970a5f
* docs(nginx): Clarify auth_request redirect pattern with named location Update the nginx integration documentation to recommend using a named location (@oauth2_signin) for the error_page directive instead of the previous 'error_page 401 =403' approach. The named location pattern ensures the browser receives a proper 302 redirect, which is required for --skip-provider-button=true to work correctly. The previous pattern (error_page 401 =403 /oauth2/sign_in) returned a 403 status with a Location header. Browsers do not auto-follow redirects on 403 responses, causing users to see a 'Found.' link instead of being automatically redirected to the IdP. Changes: - Updated main nginx example to use @oauth2_signin named location - Added 'Understanding the error_page redirect pattern' section - Added warning about the limitations of 'error_page 401 =403' - Updated local test environment (contrib/local-environment/nginx.conf) Refs: #334 Signed-off-by: Stefan Markmann <stefan@markmann.net> * docs: clarify browser vs API routes for nginx auth_request redirects Add new "Browser vs API Routes" section explaining: - Use 302 redirect to /oauth2/sign_in only for browser-facing routes - Use 401/403 without redirect for API/machine clients This ensures: - Browsers get a redirect and smooth login flow - API clients fail fast with appropriate HTTP status codes - /oauth2/auth remains a pure boolean oracle (2xx/401) Signed-off-by: Stefan Markmann <stefan@markmann.net> Signed-off-by: Jan Larwig <jan@larwig.com> --------- Signed-off-by: Stefan Markmann <stefan@markmann.net> Signed-off-by: Jan Larwig <jan@larwig.com> |
||
|---|---|---|
| .. | ||
| integrations | ||
| providers | ||
| alpha_config.md | ||
| alpha_config.md.tmpl | ||
| overview.md | ||
| sessions.md | ||
| systemd_socket.md | ||
| tls.md | ||