Refactor OIDC login redirection handling

sreya · sreya · commit 4f8b28bfd3f9 · 2024-09-09T23:29:19.000Z
- Prevent redirecting the last step in the OIDC flow involving the state
  parameter, ensuring it remains part of the core OIDC process.
- This ensures secure and consistent handling of redirects in the OIDC
  login flow.
diff --git a/coderd/coderdtest/oidctest/idp.go b/coderd/coderdtest/oidctest/idp.go
@@ -496,6 +496,9 @@ func (f *FakeIDP) LoginWithClient(t testing.TB, client *codersdk.Client, idToken
 			f.stateToIDTokenClaims.Store(state, idTokenClaims)
 			return nil
 		}
+		// This is mainly intended to prevent the _last_ redirect
+		// The one involving the state param is a core part of the
+		// OIDC flow and shouldn't be redirected.
 		if redirectFn != nil {
 			return redirectFn(req, via)
 		}

Original file line number	Diff line number	Diff line change
`@@ -496,6 +496,9 @@ func (f FakeIDP) LoginWithClient(t testing.TB, client codersdk.Client, idToken`
`496`	`496`	`f.stateToIDTokenClaims.Store(state, idTokenClaims)`
`497`	`497`	`return nil`
`498`	`498`	`}`
	`499`	`+ // This is mainly intended to prevent the _last_ redirect`
	`500`	`+ // The one involving the state param is a core part of the`
	`501`	`+ // OIDC flow and shouldn't be redirected.`
`499`	`502`	`if redirectFn != nil {`
`500`	`503`	`return redirectFn(req, via)`
`501`	`504`	`}`