1

We have an application which supports login with OAUTH2 through Google, Facebook, Twitter, Microsoft (Live), and LinkedIn. We were asked to add multiple session support to the login page, so if you are shown more than one login page (like if you restarted and your browser has multiple tabs open), it can redirect you to the page you were going to before.

For our built-in login, we handle this by adding multiple items to the PHP session and add a random hash to the url so we know where to redirect to:

For example, open tabs:

Corresponding session data:

[
    'fw4fwef': [
        'redirect_to': 'https://application11.example.com/',
    ],
    '46gbew4': [
        'redirect_to': 'https://application12.example.com/page/i/was/working/on',
    ],
]

Is there any parameter you can add to these common OAUTH2 providers that would be able to pass through?

When I try to add the same r to the OAUTH logins, we get an error that the URL is not allowed. error message

Any other common ways of implementing this?

yakatz
  • 2,142
  • 1
  • 18
  • 47
  • Does this answer your question? [google oauth2 redirect\_uri with several parameters](https://stackoverflow.com/questions/7722062/google-oauth2-redirect-uri-with-several-parameters) – Moshe Katz Jul 16 '20 at 14:09

0 Answers0