Skip to content

fix: redirect lost after Pangolin auth session timeout (#3001)#3200

Merged
miloschwartz merged 3 commits into
fosrl:devfrom
Adityakk9031:#3001
Jul 8, 2026
Merged

fix: redirect lost after Pangolin auth session timeout (#3001)#3200
miloschwartz merged 3 commits into
fosrl:devfrom
Adityakk9031:#3001

Conversation

@Adityakk9031

Copy link
Copy Markdown
Contributor

Problem
When a user's Pangolin session expires (org maxSessionLengthHours policy) and they visit a protected resource, they are correctly redirected to /auth/resource/{guid}?redirect=https://myservice.mydomain.com. However, after re-authenticating, they stay on pangolin.mydomain.com instead of being sent to myservice.mydomain.com.

It only works correctly if the user manually logs out first.

Root Cause
In src/app/auth/resource/[resourceGuid]/page.tsx, redirectUrl is correctly computed from the ?redirect query param. But when the org policy check fails (maxSessionLength.compliant = false), the page renders without passing redirectUrl. That component had a hardcoded button sending the user to the Pangolin dashboard — the redirect was permanently lost.

Fix
page.tsx — constructs resourceAuthPageUrl (the resource auth page with the ?redirect param preserved) and passes it as redirectAfterAuth to
OrgPolicyRequired.tsx — detects maxSessionLength policy failure and renders a dedicated "Session Expired" card with a "Re-authenticate" button that calls POST /auth/logout then navigates back to the resource auth page. Without a session, the page shows the login form and after login correctly redirects to the original resource
en-US.json — adds sessionExpired, sessionExpiredReauthRequired, and reauthenticate translation keys
Fixed Flow

Session expired → visit myservice.mydomain.com
→ /auth/resource/{guid}?redirect=https://myservice.mydomain.com
→ "Session Expired" card shown
→ click "Re-authenticate"
→ logout + navigate back to /auth/resource/{guid}?redirect=https://myservice.mydomain.com
→ login form shown (no session now)
→ login → redirected to https://myservice.mydomain.com
Files Changed
src/app/auth/resource/[resourceGuid]/page.tsx
src/components/OrgPolicyRequired.tsx
messages/en-US.json
Fixes
Closes #3001

@miloschwartz

Copy link
Copy Markdown
Member

Thanks @Adityakk9031!

@miloschwartz
miloschwartz merged commit cb7962c into fosrl:dev Jul 8, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants