Extending the request handler on the base url of an application
1
I’m implementing SSO with our own auth service. My implementation: My application is deployed on AWS and it sits behind a load balancer. The load balancer manages my session and tokens with our auth service. When you hit the base url of my application (www.myapp.com), the load balancer forwards you to our auth service and displays the login screen (hosted my auth service). The load balancer authorizes with our auth service and forwards me back to the base url (the load balancer just forwards you back the to url that you originally requested and it can’t change the redirect uri). I have a request handler ‘auth/’ setup. I do the same checks as the MendixSSO module to see on which path the request is coming from and based on the path there is custom functionality that fires. I get 3 headers from AWS ‘x-amzn-oidc-data’, ‘x-amzn-oidc-accesstoken’ and ‘x-amzn-oidc-identity’, accesstoken and data being JWT’s. I check that they are valid, decode them and pass them to the custom methods written to find or created users based on the header’s data. With this implementation I can only handle requests coming from www.myapp.com/auth/* and it just shows me the normal login.html screen unless I enter www.myapp.com/auth/login Desired implementation: I would like to create a request handler on the base url (www.myapp.com) so that I can check on each request that the ‘x-amzn-oidc-identity’ matches the one saved for the user and that it auto forwards me to our auth service if there is no valid session or ‘x-amzn-oidc-identity’. I can still deal with not checking ‘x-amzn-oidc-identity’ on every request, but how can I auto forward requests to the desired login page. At the moment the best option is to expose a rest endpoint, making the login.html blank with javascript that calls the rest endpoint and forwards to www.myapp.com/auth/login. This includes my implementation too. With this implementation I can handle requests coming from anywhere, thus not needing to create the rest endpoint and javascript page. Thanks Jean