Solving Identity Management in Modern Applications by Yvonne Wilson & Abhishek Hingnikar

Author:Yvonne Wilson & Abhishek Hingnikar
Language: eng
Format: epub
ISBN: 9781484282618
Publisher: Apress

login( ) and handleCallback( )

Login in OIDC usually involves implementing the redirection flow using the “authorization code” flow. Implementing this two-step process as one “logical” unit has advantages. For instance, consider a scenario where a user who has never logged in navigates to a document at /articles/foo/1 via a hyperlink shared to them. At this point, we’d like to redirect the user to the identity provider and then redirect them to /articles/foo/1 after they have logged in successfully.

To solve this, we can include state data such as the user’s desired document URL and any additional metadata on client-side storage and then “refer” to it via a string key, which we pass to the identity provider as a state parameter. Upon successful authentication of the user, our application will receive the state parameter back and would be able to use this data to redirect the user to the desired document URL.

To send such a key of state data, we usually use the state parameter in OIDC. One thing to stress here is that when using state it must be an opaque string. One simple storage solution could be to use localStorage and JSON in the browser as shown in the following code snippet:javascript

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.