Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect back after scope validation failure #506

Open
lewismoore10100 opened this issue Jan 16, 2024 · 1 comment
Open

Redirect back after scope validation failure #506

lewismoore10100 opened this issue Jan 16, 2024 · 1 comment

Comments

@lewismoore10100
Copy link

Question related to token validation:

In the example given:

if res.scope ~= "edit" then
  ngx.exit(ngx.HTTP_FORBIDDEN)
end

How would the user be redirect back to relevant openid-connect/auth end point when the above scope validation fail? The above example simply returns forbidden back to user which isn't actionable.

For context at our organisation we have a different scope depending on if 2FA login is required or not. Therefore sometimes the users are issued non-2FA JWT token, and I would like to force the user to login with 2FA. So ideally I'd like to validate the token, and if non-2FA scope is present, force a redirect back to openid (with the correct scope) to allow login with 2FA.
@lewismoore10100 lewismoore10100 changed the title Redirect back after scope validation failed Redirect back after scope validation failure Jan 16, 2024
@bodewig
Copy link
Collaborator

bodewig commented Aug 25, 2024

One way would be to create a new opts table with the necessary scope values plus force_reauthorize=true and then invoke authenticate again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bodewig @lewismoore10100