fix: fixed redirect_uri with handler_uri in session

Previously the redirect_uri was the uri of the handler that needed authentication. Now one fixed redirect_uri for the entire application is used that will redirect the user to the correct handler after successful authentication. This commit should fix: #28, #27, #26, #21
2025-12-08 06:05:16 +01:00 · 2025-04-18 12:30:29 +02:00 · 2025-04-18 12:30:29 +02:00 · 19adcbabd2
commit 19adcbabd2
parent 58369449cf
6 changed files with 246 additions and 239 deletions
--- a/examples/basic/src/lib.rs
+++ b/examples/basic/src/lib.rs
@ -1,9 +1,13 @@
 use axum::{
-    error_handling::HandleErrorLayer, http::Uri, response::IntoResponse, routing::get, Router,
+    error_handling::HandleErrorLayer,
+    http::Uri,
+    response::IntoResponse,
+    routing::{any, get},
+    Router,
 };
 use axum_oidc::{
-    error::MiddlewareError, EmptyAdditionalClaims, OidcAuthLayer, OidcClaims, OidcClient,
-    OidcLoginLayer, OidcRpInitiatedLogout,
+    error::MiddlewareError, handle_oidc_redirect, EmptyAdditionalClaims, OidcAuthLayer, OidcClaims,
+    OidcClient, OidcLoginLayer, OidcRpInitiatedLogout,
 };
 use tokio::net::TcpListener;
 use tower::ServiceBuilder;
@ -33,7 +37,7 @@ pub async fn run(

    let mut oidc_client = OidcClient::<EmptyAdditionalClaims>::builder()
        .with_default_http_client()
-        .with_application_base_url(Uri::from_maybe_shared(app_url).expect("valid APP_URL"))
+        .with_redirect_url(Uri::from_static("http://localhost:8080/oidc"))
        .with_client_id(client_id);
    if let Some(client_secret) = client_secret {
        oidc_client = oidc_client.with_client_secret(client_secret);
@ -56,6 +60,7 @@ pub async fn run(
        .route("/logout", get(logout))
        .layer(oidc_login_service)
        .route("/bar", get(maybe_authenticated))
+        .route("/oidc", any(handle_oidc_redirect::<EmptyAdditionalClaims>))
        .layer(oidc_auth_service)
        .layer(session_layer);