One issue that we have yet to resolve is where to redirect the user after a successful login. Before today, this defaulted to /app/dashboard. However, given that a user may be given a direct link to a poll for example, and the user has yet to log in, this would provide a very bad user experience as the user would then have to go back to the source and get the direct link again once he has logged in.
I had this issue in mind a few days ago, and started some partial implementation. However, I was stuck on how to redirect users back to the authenticated route they were visiting previously. After a few hours of reading and trying, I finally got it working.
The following paragraphs summarises the steps taken in implementation.
In app.js, if the next route requires authentication and the user is not authenticated, we redirect the user to the login page instead. However, we also append a query string of where to redirect the user to after login.
/a/abc123 --> /login?redirectTo=/a/abc123
The login page takes whatever is in the redirectTo parameter and includes it with the GET request when the user clicks the login button.
A new controller was made to handle OpenID authentication, and before passing control to passportJS, we check if there is a redirectTo parameter and store it into the session if it exists. Here, we also do some simple validation to make sure what is given is a relative path, not a full address. This prevents the application from having an open redirect.
Upon completion of the OpenID authentication, the app is brought back to /login/nus/return. Here, the authentication controller checks if a redirectTo is being stored in session, and if so passes this to the successRedirect parameter for PassportJS. User would then be directed to the page they requested for before authentication.
/login/nus/return --> /a/abc123