Eric Grimsborn
08/19/2020, 11:15 AMserver
authentication
oauth
routing
I am trying to implement an OAuth code flow. When the flow fails e.g. user does not have access to the app i get a callback with an error
query parameter. When this is the case I do not wish to apply auth. I have this routing:
route("/login-callback") {
param("error"){
handle(errorHandler)
}
authenticate("my-oauth") {
handle(successHandler)
}
}
when running without authentication block it will match the errorHandler but when adding the authentication around successHandler it will run it for errorHandler as well and since the request is not authed it will redirect causing another callback etc. until I get too many redirects error.
Is there a way to not run the auth when matching param("error")
above?Eric Grimsborn
08/19/2020, 11:16 AMinstall(Authentication) {
oauth("my-oauth") {
// other conf
urlProvider = {
if(parameters.contains("error")){
throw MyAuthenticationFailedException()
}
redirectUrl("/login-callback")
}
}
}
and matching MyAuthenticationFailedException
in the statuspages where i run the errorHandler.
But that feels very much like a hack.