Merge pull request #69 from supabase/chore/redirect-authorize

awalias · web-flow · commit 4bb48144368a · 2021-02-18T11:56:58.000+08:00
feat: adds ability to specify redirectURL on external authorize calls
diff --git a/api/external.go b/api/external.go
@@ -51,7 +51,10 @@ func (a *API) ExternalProviderRedirect(w http.ResponseWriter, r *http.Request) e
 		}
 	}
 
-	referrer := a.getReferrer(r)
+	redirectURL := a.validateRedirectURL(r, r.URL.Query().Get("redirect_to"))
+	if redirectURL == "" {
+		redirectURL = a.getReferrer(r)
+	}
 	log := getLogEntry(r)
 	log.WithField("provider", providerType).Info("Redirecting to external provider")
 
@@ -66,7 +69,7 @@ func (a *API) ExternalProviderRedirect(w http.ResponseWriter, r *http.Request) e
 		},
 		Provider:    providerType,
 		InviteToken: inviteToken,
-		Referrer:    referrer,
+		Referrer:    redirectURL,
 	})
 	tokenString, err := token.SignedString([]byte(a.config.OperatorToken))
 	if err != nil {
