phphttpshttp-headersmollie

How to determine what the GET parameters are/were from the previous URL when redirected to a new domain


I am trying to retrieve the request header (I do not want to modify it) and see what the GET parameters were by retrieving the :path property. I have read on StackOverflow and other websites about it, but no concrete answer was ever given as to whether this is possible or not. So hereby the question: Is it possible and if so, how? I have access to both domains in the sense of: I can modify code if required.

So as an example, let's say I go from domainA.com?p=q to domainB.com. In domainB.com I'd like to know what URL with GET parameters sent the user to domainB.com. In domainB.com I'd like to retrieve all the GET from domainA.com or flat out the :path property. I wish to do something like window.history.back(), but either by sending the user back to domainA.com or by retrieving the URL with GET parameters.

Edit

    $this->provider = new \Mollie\OAuth2\Client\Provider\Mollie([
        'clientId'     => 'XXXXXXX',
        'clientSecret' => 'XXXXX',
        'redirectUri'  => 'https://example.com/oauth',
    ]);

        if (!isset($_GET['code']))
        {
            // Fetch the authorization URL from the provider; this returns the
            // urlAuthorize option and generates and applies any necessary parameters
            // (e.g. state).
            $authorizationUrl = $provider->getAuthorizationUrl([
                // Optional, only use this if you want to ask for scopes the user previously denied.
                'approval_prompt' => 'auto', 
                
                // Optional, a list of scopes. Defaults to only 'organizations.read'.
                'scope' => [
                    \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_PAYMENTS_READ,
                    \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_PAYMENTS_WRITE,
                    \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_REFUNDS_READ,
                    \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_REFUNDS_WRITE,
                    \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_PROFILES_READ,
                    \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_PROFILES_WRITE,
                    \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_ONBOARDING_READ,
                    \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_ORGANIZATIONS_READ,
                    \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_ORGANIZATIONS_WRITE
                ], 
            ]);
        
            // Get the state generated for you and store it to the session.
            $_SESSION['oauth2state'] = $provider->getState();
        
            // Redirect the user to the authorization URL.
            header('Location: ' . "{$authorizationUrl}&return={$_SERVER['HTTP_HOST']}"); 
            exit;
        }

authorizationUrl, when the user clicks approve it sends them to the redirectUri defined in the provider it sends you to the redurectUri like this: https://example.com/oauth?code=xxx


Solution

  • There are two solutions when dealing with Oauth and an end-point which is a different website (which you have access to and in which you can modify code).

    The first one is to set the state parameter and provide your website URL. In my case it can be achieved through $_SERVER["HTTP_HOST"]. This is passed back to your redirect-uri. You could also choose to use the so called referer header, which tells you what domain/server requested the page.