Skip to content

Improve oauth2 idp-initiated login (backport #13476) #13502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 12, 2025
Merged

Improve oauth2 idp-initiated login (backport #13476) #13502

merged 1 commit into from
Mar 12, 2025

Conversation

mergify[bot]
Copy link

@mergify mergify bot commented Mar 12, 2025

Proposed Changes

This is an improvement to the /login endpoint (rabbit_mgmt_login) used for idp-initiated logons in the management ui.

The previous implementation produced a warning message in the browser the first time the form was submitted. The warning message warned the user that the form was about to be submitted again. This was because the response page to the POST request contained a javascript code that refreshed the page.

With this new change, the rabbit_mgmt_login module instead replies with a redirect 302 including a cookie with the token. This cookie is very short-lived, when the user is redirected to the Overview page of the management, the cookie is already gone.

Types of Changes

What types of changes does your code introduce to this project?
Put an x in the boxes that apply

  • Bug fix (non-breaking change which fixes issue #NNNN)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause an observable behavior change in existing systems)
  • Documentation improvements (corrections, new content, etc)
  • Cosmetic change (whitespace, formatting, etc)
  • Build system and/or CI
This is an automatic backport of pull request #13476 done by [Mergify](https://mergify.com).

@MarcialRosales @mergify
Use POST+Redirect_with_cookie
5e5521a 
(cherry picked from commit 69b5486)
@michaelklishin michaelklishin merged commit c320d0a into v4.1.x Mar 12, 2025
271 of 273 checks passed
@michaelklishin michaelklishin deleted the mergify/bp/v4.1.x/pr-13476 branch March 12, 2025 19:47
@mergify mergify bot mentioned this pull request Mar 12, 2025
Merged
6 tasks
michaelklishin added a commit that referenced this pull request Mar 12, 2025
@michaelklishin
Resolve conflicts #13507 #13476 #13502
02e5b07
michaelklishin added a commit that referenced this pull request Mar 13, 2025
@michaelklishin
Merge pull request #13507 from rabbitmq/mergify/bp/v4.0.x/pr-13502
573bdad 
Improve oauth2 idp-initiated login (backport #13476) (backport #13502)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@MarcialRosales MarcialRosales

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@michaelklishin @MarcialRosales