redirectUri not being used #9
Description
When supplying a custom redirectUrl to Meteor.logInWithOidc(options,callback), i.e.
let options = {
loginStyle: 'redirect',
redirectUrl: location.protocol + '//' + location.host //location.origin
}
the redirectUrl is ignored.
The behavior I would expect to see is:
- I call Meteor.logInWithOidc(options,callback) with my redirectUrl='http://myapplication' (as is implemented)
- My browser is redirected to the Oidc Identity Provider for user authorization with redirectUrl='https://meteorserver/_oauth/oidc' (as is implemented)
- Meteor makes an out-of-band request to the Identity Provider to exchange the authorization code for oidc tokens (as is implemented)
- After Meteor processes the received tokens my browser is redirected to the Url I initially provided, i.e. http://myapplication. This does not work.
Step 4 is what should be configurable. The redirectUrl can of course not be provided by the client, as this would allow arbitray (malicious) clients to authenticate via Meteor but it should be available as a service configuration parameter.
Could you please help me out here? Looking forward to your feedback.