Conversation
When oidc_auto_redirect is set in login options, automatically redirect unauthenticated users to the OIDC provider instead of showing the login page. Users can bypass by appending ?disableAutoLogin to the login URL.
| const secondFactorPending = passkeyIsPending || totpIsPending; | ||
|
|
||
| // Auto-redirect to OIDC provider if configured and disableAutoLogin is not set | ||
| const autoRedirectTriggered = useRef(false); |
There was a problem hiding this comment.
Why does it need to store whether auto redirect has been triggered?
There was a problem hiding this comment.
It may not be strictly necessary, it just prevents calling redirect twice if a dependency changes. (React dev in Strict Mode calls useEffect twice, as well.) Can remove it if you prefer. 🤷
There was a problem hiding this comment.
But the first redirect moves client away from this page, the useEffect won't run again because client now on another page
There was a problem hiding this comment.
Right, it's to prevent a race condition where, before the page has unloaded due to the redirect, render is called again. This is possible because the redirect caused by location.replace() is an asynchronous operation - JS will continue to execute until the page is unloaded.
This could create two redirects in the local browser. The "worst case scenario" here is an extra HTTP request that the user likely doesn't notice. It's really just a matter of correctness, to satisfy things like linters, and React strict mode.
I have absolutely zero strong opinions on this matter. Removed the useRef.
2 participants
When oidc_auto_redirect is set in login options, automatically redirect unauthenticated users to the OIDC provider instead of showing the login page. Users can bypass by appending ?disableAutoLogin to the login URL.
Requires moghtech/komodo#1339 to enable