Skip to content

fix: redirect lost after Pangolin auth session timeout (#3001)#3200

Open
Adityakk9031 wants to merge 1 commit into
fosrl:devfrom
Adityakk9031:#3001
Open

fix: redirect lost after Pangolin auth session timeout (#3001)#3200
Adityakk9031 wants to merge 1 commit into
fosrl:devfrom
Adityakk9031:#3001

Conversation

@Adityakk9031

Copy link
Copy Markdown
Contributor

Problem
When a user's Pangolin session expires (org maxSessionLengthHours policy) and they visit a protected resource, they are correctly redirected to /auth/resource/{guid}?redirect=https://myservice.mydomain.com. However, after re-authenticating, they stay on pangolin.mydomain.com instead of being sent to myservice.mydomain.com.

It only works correctly if the user manually logs out first.

Root Cause
In src/app/auth/resource/[resourceGuid]/page.tsx, redirectUrl is correctly computed from the ?redirect query param. But when the org policy check fails (maxSessionLength.compliant = false), the page renders without passing redirectUrl. That component had a hardcoded button sending the user to the Pangolin dashboard — the redirect was permanently lost.

Fix
page.tsx — constructs resourceAuthPageUrl (the resource auth page with the ?redirect param preserved) and passes it as redirectAfterAuth to
OrgPolicyRequired.tsx — detects maxSessionLength policy failure and renders a dedicated "Session Expired" card with a "Re-authenticate" button that calls POST /auth/logout then navigates back to the resource auth page. Without a session, the page shows the login form and after login correctly redirects to the original resource
en-US.json — adds sessionExpired, sessionExpiredReauthRequired, and reauthenticate translation keys
Fixed Flow

Session expired → visit myservice.mydomain.com
→ /auth/resource/{guid}?redirect=https://myservice.mydomain.com
→ "Session Expired" card shown
→ click "Re-authenticate"
→ logout + navigate back to /auth/resource/{guid}?redirect=https://myservice.mydomain.com
→ login form shown (no session now)
→ login → redirected to https://myservice.mydomain.com
Files Changed
src/app/auth/resource/[resourceGuid]/page.tsx
src/components/OrgPolicyRequired.tsx
messages/en-US.json
Fixes
Closes #3001

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant