Hi Louis,
I was working on similar functionality while integrating an OAuth authentication framework.
I was able to prevent the 302 redirect using a custom JS action with the code below:
export async function CheckUsernamePassword(flowid, username, password, environmentID) {
// BEGIN USER CODE
const body = {
username: username,
password: password,
environmentID: environmentID
};
const headers = {
'Content-Type': 'CUSTOM_HEADER_VALUE'
};
const response = await fetch(URL,
{
method: 'POST',
headers: headers,
body: JSON.stringify(body),
credentials: 'include',
redirect: 'manual'
}
).then(response => response.json())
.then(data => {
if(data.status) {
if (data.status === 'COMPLETED') {
document.location = 'URL'
}
}
});
// END USER CODE
}
A colleague of mine tested this and confirmed that REST calls do follow a 302 automatically. This is due to the default behavior of the underlying Apache library.