Question

OAUTH 2.0 ADFS 302 redirect

1

Hi All Will Mendix automatically follow a 302 redirect response from a REST GET call? I am currently trying to use ADFS to get a token via OAUTH2.0. When making the GET request from postman I can manage to view the 302 response before the redirect by setting the “Automatically follow redirects” option to “off”, however when making the same call in Mendix I recieve a 200.ok with an HTML doc requesting username and password as a response. I can only assume that mendix is automatically following the redirect, however I can be wrong. Thanks in advance.

asked 2020-01-30

Louis Visser

2 answers

Jounior Phomma · Answer 1 · 2021-03-01

Hi Louis,

I was working on similar functionality while integrating an OAuth authentication framework.

I was able to prevent the 302 redirect using a custom JS action with the code below:

export async function CheckUsernamePassword(flowid, username, password, environmentID) {
	// BEGIN USER CODE
	const body = {
		username: username,
		password: password, 
		environmentID: environmentID
	};
	const headers = {
        'Content-Type': 'CUSTOM_HEADER_VALUE'
    };
	const response = await fetch(URL,
		{
			method: 'POST',
			headers: headers,
			body: JSON.stringify(body),
			credentials: 'include',
			redirect: 'manual'
		}
	).then(response => response.json())
	 .then(data => {
		if(data.status) {
			if (data.status === 'COMPLETED') {
			document.location = 'URL'
            }		
         }
	});
	// END USER CODE
}

Eric Tieniber · Answer 2 · 2020-01-31

A colleague of mine tested this and confirmed that REST calls do follow a 302 automatically. This is due to the default behavior of the underlying Apache library.