[
https://issues.apache.org/jira/browse/GUACAMOLE-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16858925#comment-16858925
]
Parth Mishra commented on GUACAMOLE-808:
----------------------------------------
Right, because you verify with nonce anyways, tying state to it is an easy way
to ensure no manipulation occured.
Auth0 has a good explanation of how this works:
[https://auth0.com/docs/protocols/oauth2/redirect-users]
> Support redirecting to originally requested URL after successful OpenID login
> -----------------------------------------------------------------------------
>
> Key: GUACAMOLE-808
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-808
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole, guacamole-auth-openid
> Affects Versions: 1.0.0
> Reporter: Parth Mishra
> Priority: Minor
>
> Upon successful authentication via OIDC, the user is returned to the redirect
> URI (e.g. {{https://myserver.com/guacamole/}}) even if they were requesting
> another Guacamole resource such as a Connection link. It would be nice if the
> user could be routed to the requested resource after successful
> authentication.
> This way, if they were to click a direct link to a guacamole Connection they
> have access too, the successful authentication via the IDP can reroute them
> directly to the requested connection URL rather than the guacamole UI.
> Typically this is done with encoding the request URL with the "state"
> parameter of OIDC and verifying with the nonce.
> This feature could be really useful for relying on custom frontends without
> having to modify or reimplement the web app.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
