Referer URL not captured in onNotAuthorized


#1

Hi,

I’m not sure if I missed something in the docs, but I didn’t find how to save the referer URL when one tries to access a secure action and then being redirected to the login page.

(I’m using Silhouette 2.0 and Play 2.3.10)

For example, a secured route:

  def secured = SecuredAction.async {
    implicit request =>
      Future.successful(Ok(request.identity.toString))
  }

And the global fallback:

  override def onNotAuthenticated(request: RequestHeader, lang: Lang): Option[Future[Result]] = {
    val referer = request.headers.get(HeaderNames.REFERER)
    println(referer) // is None
    Some(Future.successful(Redirect(routes.Auth.signIn(referer))))
}

Unfortunately when a not logged in user is redirected through the onNotAuthenticated the headers do not contain the referer URL.

Is there are way to catch that? The ultimate goal is to redirect the user on the page he tried to access after a successful login. For now I’ve been trying to do that for credentials login, not oAuth2 as the workflow seems to be slightly more complicated.

Thanks,
Jeremy


#2

Hi,

Maybe the browser does not set the referer? Silhouette cannot strip the header because the fallback handler is called without an addition redirect.

Best regards,
Christian


#3

Hi there,

I see, my mistake was trying to access directly the /secured action in the browser. So I created another route /toSecured which has a button to redirect to /secured. When following this action flow, in onNotAuthenticated I get /toSecured as referer, which makes sense since it is set by the browser.

So now I’m wondering if there’s a way in onNotAuthenticated to get the action that the user was trying to access, in my case /secured? Does Silhouette keep this information and expose it?

Thanks for the quick replay!
Jeremy


#4

Hi,

You can access the current path from the request.

Best regards,
Christian


#5

Gotcha! Here’s how I ended up doing it:

  override def onNotAuthenticated(request: RequestHeader, lang: Lang): Option[Future[Result]] = {
    Some(Future.successful(Redirect(routes.Auth.signIn(Some(request.uri)))))
  }

Thank you so much for your help,
Jeremy