examples lose state

Question

examples lose state

henris42 opened this issue 5 years ago · 3 comments

Hi,

I was tinkering with the examples, using rocket frontend. I tried to quickly integrate a 3rd party service - everything work to the point after accept/deny where the system redirects back to the service. The issue is that "state" is missing from the redirecting URL. (3rd part software sets it correctly, it continues ok if I add it manually..)

Any pointers how to make it work?

Answer 1 · 2019-08-10T14:16:15.000Z

The 'consent' page in the example seems to not set the state parameter for the POST on clicking the 'Accept' button since it uses a hardcode url (this one).

This seems to be an architectural deficiency since the state is not passed to check_consent so that it is not possible to assemble the form target url from the provided parameters.

As a workaround, it would be possible to extract the state parameter from window.location.search in js on the page. (I'm no frontend expert so this is just an idea).

Answer 2 · 2019-08-10T14:32:55.000Z

OK thanks for the info!

I think correct way to fix is to improve check_consent. In my real project I need a completely different consent mechanish anyways so I'd appreciate any pointers to get started on that!

Answer 3 · 2020-09-16T20:21:20.000Z

This should no longer be the case since #110 .