Add OIDC landing page for NGINX to redirect after successful OIDC login

remove login endpoint
nginxinc · Jan 9, 2023 · 521caf9 · 521caf9
1 parent 6ad8ec6
commit 521caf9
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/openid_connect.js b/openid_connect.js
@@ -188,7 +188,7 @@ function codeExchange(r) {
                         r.log("OIDC success, creating session " + r.variables.request_id);
                         r.variables.new_session = tokenset.id_token; // Create key-value store entry
                         r.headersOut["Set-Cookie"] = "auth_token=" + r.variables.request_id + "; " + r.variables.oidc_cookie_flags;
-                        r.return(302, r.variables.redirect_base + r.variables.cookie_auth_redir);
+                        redirectPostLogin(r);
                    }
                 );
             } catch (e) {
@@ -253,6 +253,15 @@ function validateIdToken(r) {
     }
 }
 
+// Redirect URI after successful login from the OP.
+function redirectPostLogin(r) {
+    if (r.variables.oidc_landing_page) {
+        r.return(302, r.variables.oidc_landing_page);
+    } else {
+        r.return(302, r.variables.redirect_base + r.variables.cookie_auth_redir);
+    }
+}
+
 function logout(r) {
     r.log("OIDC logout for " + r.variables.cookie_auth_token);
     r.variables.session_jwt = "-";

diff --git a/openid_connect_configuration.conf b/openid_connect_configuration.conf
@@ -44,6 +44,13 @@ map $host $oidc_scopes {
     default "openid+profile+email+offline_access";
 }
 
+map $host $oidc_landing_page {
+    # Where to send browser after successful login. If empty, redirects User 
+    # Agent to $request_uri.
+    default "";
+    #www.example.com $redirect_base;
+}
+
 map $host $oidc_logout_redirect {
     # Where to send browser after requesting /logout location. This can be
     # replaced with a custom logout page, or complete URL.