fix: token + redirect

server/handlers/authorize.go

@@ -1,6 +1,7 @@
 package handlers
 
 import (
+	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
@@ -50,6 +51,8 @@ func AuthorizeHandler() gin.HandlerFunc {
 			gc.JSON(400, gin.H{"error": "invalid response mode"})
 		}
 
+		fmt.Println("=> redirect URI:", redirectURI)
+		fmt.Println("=> state:", state)
 		if redirectURI == "" {
 			redirectURI = "/app"
 		}

server/handlers/oauth_login.go

@@ -16,7 +16,11 @@ import (
 func OAuthLoginHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		hostname := utils.GetHost(c)
+		// deprecating redirectURL instead use redirect_uri
 		redirectURI := strings.TrimSpace(c.Query("redirectURL"))
+		if redirectURI == "" {
+			redirectURI = strings.TrimSpace(c.Query("redirect_uri"))
+		}
 		roles := strings.TrimSpace(c.Query("roles"))
 		state := strings.TrimSpace(c.Query("state"))
 		scopeString := strings.TrimSpace(c.Query("scope"))

server/handlers/token.go

@@ -110,8 +110,6 @@ func TokenHandler() gin.HandlerFunc {
 				return
 			}
 
-			// rollover the session for security
-			sessionstore.RemoveState(sessionDataSplit[1])
 			// validate session
 			claims, err := token.ValidateBrowserSession(gc, sessionDataSplit[1])
 			if err != nil {
@@ -121,6 +119,8 @@ func TokenHandler() gin.HandlerFunc {
 				})
 				return
 			}
+			// rollover the session for security
+			sessionstore.RemoveState(sessionDataSplit[1])
 			userID = claims.Subject
 			roles = claims.Roles
 			scope = claims.Scope