I am trying to configure lua-resty-openidc on an NGINX server. How can I redirect back to the Home page once the user is authenticated? When the user is authenticated the callback url is getting the code, session_state and other parameters from the server. This is causing an issue with loading once the user is authenticated.
The url that the user comes back to is something like http://xyz.abc.com:8080/secured?code=32edkew2kjjjdf
https://github.com/pingidentity/lua-resty-openidc
My Configuration looks like below. I wanted to take the user back to http://xyz.abc.com:8080. What should be the redirect_uri?
local opts = {
-- the full redirect URI must be protected by this script and becomes:
-- ngx.var.scheme.."://"..ngx.var.http_host..opts.redirect_uri_path
redirect_uri_path = "/secured",
discovery = "https://accounts.google.com/.well-known/openid-configuration",
client_id = "<client_id",
client_secret = "<client_secret"
--authorization_params = { hd="pingidentity.com" },
--scope = "openid email profile",
--iat_slack = 600,
}
lua-resty-openidc itself handles the redirect back to the original page that you were trying to access. You don't need to do anything specific for that, it will figure out the that URL when the authentication is triggered, see: https://github.com/pingidentity/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L539 and store it in the session.
It will intercept the redirect back to the Redirect URI, see: https://github.com/pingidentity/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L557 and eventually redirect back to the original URL, see https://github.com/pingidentity/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L350
The Redirect URI itself can be any path as long as it doesn't need to serve content as lua-resty-openidc will intercept it and do its own thing. It does need to be registered with the Provider.