diff --git a/client/src/components/User/ExternalIdentities/ExternalLogin.vue b/client/src/components/User/ExternalIdentities/ExternalLogin.vue index 6b688a9883fb..2bcf4c1f4b5a 100644 --- a/client/src/components/User/ExternalIdentities/ExternalLogin.vue +++ b/client/src/components/User/ExternalIdentities/ExternalLogin.vue @@ -77,7 +77,14 @@ async function submitOIDCLogin(idp: string) { loading.value = true; try { - const { data } = await axios.post(withPrefix(`/authnz/${idp}/login`)); + const loginUrl = withPrefix(`/authnz/${idp}/login`); + const urlParams = new URLSearchParams(window.location.search); + const redirectParam = urlParams.get("redirect"); + + const formData = new FormData(); + formData.append("next", redirectParam || ""); + + const { data } = await axios.post(loginUrl, formData, { withCredentials: true }); if (data.redirect_uri) { window.location = data.redirect_uri; diff --git a/lib/galaxy/webapps/galaxy/controllers/authnz.py b/lib/galaxy/webapps/galaxy/controllers/authnz.py index 1abcc722ce65..af7330e5c0c0 100644 --- a/lib/galaxy/webapps/galaxy/controllers/authnz.py +++ b/lib/galaxy/webapps/galaxy/controllers/authnz.py @@ -19,6 +19,7 @@ log = logging.getLogger(__name__) PROVIDER_COOKIE_NAME = "galaxy-oidc-provider" +LOGIN_NEXT_COOKIE_NAME = "galaxy-oidc-login-next" class OIDC(JSAppLauncher): @@ -72,12 +73,14 @@ def index(self, trans, **kwargs): @web.json @web.expose - def login(self, trans, provider, idphint=None): + def login(self, trans, provider, idphint=None, next=None): if not trans.app.config.enable_oidc: msg = "Login to Galaxy using third-party identities is not enabled on this Galaxy instance." log.debug(msg) return trans.show_error_message(msg) - success, message, redirect_uri = trans.app.authnz_manager.authenticate(provider, trans, idphint=idphint) + if next: + trans.set_cookie(value=next, name=LOGIN_NEXT_COOKIE_NAME) + success, message, redirect_uri = trans.app.authnz_manager.authenticate(provider, trans, idphint) if success: return {"redirect_uri": redirect_uri} else: @@ -86,6 +89,7 @@ def login(self, trans, provider, idphint=None): @web.expose def callback(self, trans, provider, idphint=None, **kwargs): user = trans.user.username if trans.user is not None else "anonymous" + login_next = url_for(trans.get_cookie(name=LOGIN_NEXT_COOKIE_NAME) or "/") if not bool(kwargs): log.error(f"OIDC callback received no data for provider `{provider}` and user `{user}`") return trans.show_error_message( @@ -110,7 +114,7 @@ def callback(self, trans, provider, idphint=None, **kwargs): kwargs.get("state", " "), kwargs["code"], trans, - login_redirect_url=url_for("/"), + login_redirect_url=login_next, idphint=idphint, ) except exceptions.AuthenticationFailed: