[RFC] Redirection to login should be done in the authProvider

[fzaninotto]

Problem

If the authProvider delegates login and check to a third-party server (e.g. OAuth), then it should be able to manage the login form URL.

Currently, the login form URL is hardcoded. The only possibility to redirect to an external authentication server is to use window.location in AUTH_LOGOUT, which occurs after a first redirection to '/login' in case of voluntary disconnection. That creates a blinking screen.

extract from the current auth saga:

case USER_CHECK: {
    try {
        yield call(authProvider, AUTH_CHECK, payload);
    } catch (error) {
        yield call(authProvider, AUTH_LOGOUT);
        yield put(
            replace({
                pathname: (error && error.redirectTo) || '/login',
                state: { nextPathname: meta.pathName },
            })
        );
    }
    break;
}
case USER_LOGOUT: {
    yield put(
        push(
            (action.payload && action.payload.redirectTo) ||
                '/login'
        )
    );
    yield call(authProvider, AUTH_LOGOUT);
    break;
}

Solution

The auth saga should not do the redirection by itself, but use the return object from AUTH_LOGOUT as login URL.

This is a breaking change.

[calebfaruki]

Has there been any progress on making this change?

[fzaninotto]

No, as it's a breaking change, it can only occur in a major release. Development for 3.0 has just started on the next branch.

[deksden]

Complete Oauth (social login via Facebook/Instagram?) example will be extremely welcome!

[mnlbox]

I also recommend to add some example about authentication servers like Keycloak It's support OpenID Connect protocol.

[fzaninotto]

Fixed by #3269

[Nefcanto]

I found this issue from Google search. It seems that the implementation has a bug.

I reported this in this issue.

[fzaninotto]

Implemented in #6326, which was released in 3.17.0.