Skip to content

Add redirect URI support to authentication system#275

Merged
svenwltr merged 1 commit intomainfrom
auth-redirect-support
Nov 7, 2025
Merged

Add redirect URI support to authentication system#275
svenwltr merged 1 commit intomainfrom
auth-redirect-support

Conversation

@svenwltr
Copy link
Copy Markdown
Member

@svenwltr svenwltr commented Nov 6, 2025

Store redirect URI in state cookie to enable returning users to their
intended destination after login.

Changes:

  • Add authState struct to store CSRF token and redirect URI in state cookie
  • Update handleLogin to extract and validate redirect query parameter
  • Update handleCallback to decode state and return redirect URI
  • Add validateRedirectURI function for secure redirect validation
  • Add AuthLoginURL helper function returning templ.SafeURL
  • Update DevAuthMiddleware to support redirect URIs
  • Update full example template to use AuthLoginURL helper

Security:

  • Validates redirect URIs to allow only relative paths and same-origin URLs
  • Uses url.URL for proper URL construction and encoding
  • Returns templ.SafeURL to prevent XSS

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

@svenwltr svenwltr self-assigned this Nov 6, 2025
@svenwltr @claude
Add redirect URI support to authentication system
16c0c9d 
Store redirect URI in state cookie to enable returning users to their
intended destination after login.

Changes:
- Add authState struct to store CSRF token and redirect URI in state cookie
- Update handleLogin to extract and validate redirect query parameter
- Update handleCallback to decode state and return redirect URI
- Add validateRedirectURI function for secure redirect validation
- Add AuthLoginURL helper function returning templ.SafeURL
- Update DevAuthMiddleware to support redirect URIs
- Update full example template to use AuthLoginURL helper

Security:
- Validates redirect URIs to allow only relative paths and same-origin URLs
- Uses url.URL for proper URL construction and encoding
- Returns templ.SafeURL to prevent XSS

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@svenwltr svenwltr force-pushed the auth-redirect-support branch from 46bb34a to 16c0c9d Compare November 7, 2025 08:48
@svenwltr svenwltr marked this pull request as ready for review November 7, 2025 08:54
@svenwltr svenwltr requested a review from a team as a code owner November 7, 2025 08:54
@svenwltr svenwltr merged commit 45304dc into main Nov 7, 2025
1 check passed
@svenwltr svenwltr deleted the auth-redirect-support branch November 7, 2025 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjoernhaeuser bjoernhaeuser bjoernhaeuser approved these changes

@der-eismann der-eismann der-eismann approved these changes

Assignees

@svenwltr svenwltr

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@svenwltr @bjoernhaeuser @der-eismann