1

I have implemented flask-dance and authlib Flask client for Google sign-in, one answer was unclear in all implementations were how to redirect a user to original user once they login. For example, a flow I wanted => clicks on /results checks if not logged in redirect to login makes them login and then again redirects back to results with logged in session.

I saw some answers using state and kwargs addition but didn't see any clear answer or a pseudo code implementation.

If you have implemented such a scenario please answer the question it will help a lot or you can also reference to your Github projects if implemented

David Buck
  • 3,752
  • 35
  • 31
  • 35
akshansh
  • 21
  • 3
  • It would be helpful if you'd add a [mre] of the code that isn't working as you would like, and if you want to avoid your question being closed as a duplicate of the one currently referenced as an answer, if would also be helpful if you could be clearer about what you've already tried. – David Buck Oct 31 '21 at 12:49
  • Please provide enough code so others can better understand or reproduce the problem. – Community Nov 01 '21 at 11:43

1 Answers1

1

The simple solution i discovered to my own problem was in any implementation for any such library use a session variable to record orignal url and then redirect user after login using that variable so in here i have used next param variable which stores it temp then once authorized sends user to orignal url what they asked for

see the code below

@app.route('/login')
def login():
    google = oauth.create_client('google')  
    redirect_uri = url_for('authorize', _external=True)
    return google.authorize_redirect(redirect_uri)


@app.route("/dashboard")
def protect():
    if not session.get('profile'):
        session['next']='/dashboard'
        return redirect('/login')

    if session['profile']:
        #load dashboard

    else:
        return "forbidden"        


@app.route('/authorize')
def authorize():
    google = oauth.create_client('google')  
    token = google.authorize_access_token() 
    resp = google.get('userinfo')  
    user_info = resp.json()
    user = oauth.google.userinfo()
    session['profile'] = user_info
    session.permanent = True
    redirecti=session.get("next",None)
    return redirect(redirecti)
akshansh
  • 21
  • 3
  • This is helpful but what is the '/dashboard' that you're assigning to session['next']? I need to record the url that the user is coming from, which could be a variety of urls, and then redirect them to that url once they've signed in. I'm not using google login, but I don't think that matters. I think this is similar to the problem you faced. – sreed Apr 15 '22 at 16:05
  • The '/dashboard' is the url he wants the user to go back to after login. use "request.url" instead of /dashboard in your unauthorized_handler to go back to the url that triggered the unauthorized handler. I do wonder if this solution is security wise ok. – ThaNoob Jun 23 '22 at 21:42
  • @ThaNoob yes i agree on your points the above is only for authentication for authorization need more logic to be added for making it more secure – akshansh Jul 06 '22 at 15:22