Skip authorize page after successful login

By: harmanjeet singh user 26 Apr 2018 at 4:39 a.m. CDT

13 Responses
harmanjeet singh gravatar
I am using Oxd Server api for login from my site . For this i create client at Gluu server and communicate through its oxdId. Firstly we get redirectUrl which redirect user to gluu server login screen , where user can enter username and password after successful login user have to redirect to its provided redirect url, but before it a permission page named authorize.xhtml come. I want to skip this page please help me in doing this list text here. Snapshot of page ia attached at link :- [Link](https://drive.google.com/file/d/19NQ-v-lvmY_vX8_YHY5cukWcEujMYK4N/view?usp=sharing)
Ubuntu 16.04
closed

Answers

By Mohib Zico staff 26 Apr 2018 at 4:42 a.m. CDT

Copy
Mohib Zico gravatar
You need to set 'Pre-Authorization'. Doc: https://gluu.org/docs/ce/admin-guide/openid-connect/

By harmanjeet singh user 26 Apr 2018 at 6:21 a.m. CDT

Copy
harmanjeet singh gravatar
Thanks Mohib Zico , Now i am able to skip that page,.But now i had done this by updating client using oxtrust Interface , how i can manage this while creating client using API. Also I have one another query regarding user redirection after login. For now i will update oxd Client RedirectUris using Oxd server Api. By this i will update client redirectUris to uri of my site from where user come to login. This is successfully working for now. I want to confirm that the way i am doing this right way ?? or any alternate is also possible?? Because this may cause problem when multiple user hit login for same time.. Note : i am using only one client for all users and update its redirect uri is it a good way or i have to create client for every users

By William Lowe user 26 Apr 2018 at 8:39 a.m. CDT

Copy
William Lowe gravatar
> how i can manage this while creating client using API. I don't think you can... that would subvert the OPs ability to prompt a user for authorization of the release. It's fine for a trusted client you create, but if you could do this dynamically, so could another client developer that should not have this authorization. Get what I mean? > I want to confirm that the way i am doing this right way ?? Seems correct to me. > Because this may cause problem when multiple user hit login for same time. Why would it cause a problem? > or i have to create client for every users absolutely not. one client per application.

By William Lowe user 26 Apr 2018 at 9:44 a.m. CDT

Copy
William Lowe gravatar
> how i can manage this while creating client using API. I may have spoken too soon about this. My colleague Aliaksander is going to follow up with some details about how you can expose this setting via an API.

By harmanjeet singh user 27 Apr 2018 at 12:36 a.m. CDT

Copy
harmanjeet singh gravatar
Thanks William Lowe , But sometime i faced problem while redirecting user back to out site after login .Snapshot is attached at [Link](https://drive.google.com/file/d/1Qap9W9XXlhq-kmTZ3DYt8i5m4K9ghIrC/view?usp=sharing)

By Mohib Zico staff 27 Apr 2018 at 3:46 a.m. CDT

Copy
Mohib Zico gravatar
>> But sometime i faced problem while redirecting user back to out site after login It shouldn't be the case; you might wanna check oxAuth log why it's complaining sometimes.

By harmanjeet singh user 27 Apr 2018 at 4:31 a.m. CDT

Copy
harmanjeet singh gravatar
can u share where i should check logs next time when i face same problem?

By Aliaksandr Samuseu staff 27 Apr 2018 at 5:36 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi. Here is a example `curl` command which registers a client with "Pre-Authorization" property set to "True": ``` curl -k -X POST -H "Content-Type: application/json" -d '{"client_name":"Test dynreg client","redirect_uris":["https://127.0.0.1:8080/login-redirect"],"response_types":["code","id_token"],"grant_types":["authorization_code"],"applicationType":"web","oxAuthTrustedClient": "true"}' 'https://your.gluu.host/oxauth/restv1/register' ``` It's possible thanks to oxAuth's feature allowing to specify additional properties you can set/edit with dynamic registration. Check "dynamicRegistrationCustomAttributes" field at "Configuration -> JSON Configuration -> oxAuth". "oxAuthTrustedClient" present there OOTB is the name of attribute representing "Pre-Authorization" property. I'll see through that this is added to our docs, if it hasn't been yet.

By harmanjeet singh user 27 Apr 2018 at 6:54 a.m. CDT

Copy
harmanjeet singh gravatar
Thanks Aliaksandr Samuseu. But i cannot find **OOTB is the name of attribute representing "Pre-Authorization** I go to Configuration -> JSON Configuration -> Oxauth -> oxAuthTrustedClient I only find "dynamicRegistrationPersistClientAuthorizations" i set it to false but cannot able to find which parameter should used for pre-authoization. Thanks in Advance

By Aliaksandr Samuseu staff 27 Apr 2018 at 9:51 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
It seems to me there is some kind of confusion. "OOTB" is just acronym for "Out-of-the-box", meaning that feature/setting is already included/set to a specific value. You weren't expected to change anything in "dynamicRegistrationCustomAttributes" for it to work, sorry if I wasn't specific enough. You need "oxAuthTrustedClient" to be in this field on that page. "oxAuthTrustedClient" is an "internal name" for "Pre-Authorization" setting. So it's already there from the start, you don't need to change anything (but you may add additional settings you want to change via dynamic registration requests)

By harmanjeet singh user 30 Apr 2018 at 4:16 a.m. CDT

Copy
harmanjeet singh gravatar
Can u share where i check oxauth logs when i faced a problem showed in [LINK](https://drive.google.com/file/d/1Qap9W9XXlhq-kmTZ3DYt8i5m4K9ghIrC/view "enter image title here")

By Mohib Zico staff 30 Apr 2018 at 5:24 a.m. CDT

Copy
Mohib Zico gravatar
https://gluu.org/docs/ce/3.1.2/operation/faq/

By harmanjeet singh user 30 Apr 2018 at 5:53 a.m. CDT

Copy
harmanjeet singh gravatar
Thanks Mohib Zico **It shouldn't be the case; you might wanna check oxAuth log why it's complaining sometimes** As i already mentioned that i am using one client for all users . This issue happens when two or more user hit login at same time and get RedirectUrl using api which redirect user to gluu login screen , for redirecting user back to same page i update client redirect Uris . But in case of multiple hit client redirect uri will be latest that is updated by latest user so in that case this problem occur . For example 4 users came from different pages and hit login which will update client redirect uri but redirect Uri for 4th user will sustained . In that case only 4th user will succeed to return back from where it come other 3 failed and show error like [LINK](https://drive.google.com/file/d/1Qap9W9XXlhq-kmTZ3DYt8i5m4K9ghIrC/view "enter image title here") .It happen because redirect url (that is received to hitting getRedirectUrl for login )for first 3 users will not matched with any of the client .

Post an answer