AGURRU

AGURRU

Redirecting from external URL remaining authenticated

Hi I am struggling to achieve the flow that I would like. I have a form that a user submits and if successful I redirect the user to an external url to complete some actions.

This external url can POST back to my site via a web hook that I can validate and either do an action or just redirect the user to a page I want.

However the issue I am facing is that we lose the csrf_token or it become invalidated and it no longer has the current_user assigns.

How can I have it so the webhook triggers and the user returns to our site with valid csrf token and the current_user assigned?

I have no control to change the external webhook but I can validate it as being a genuine message from said source.

Could it be as simple as not redirecting a user after the form submits but opening a new tab instead?

All suggestions welcome

Most Liked

LostKobrakai

LostKobrakai

I’d suggest looking a the oauth2 flow. What you described sounds like 90% of the flow they use for external authentification.

LostKobrakai

LostKobrakai

The session does continue if the user is making the http request from their browser.

Your issue is that it’s not the user making the http request, but the external server if I understood you correctly. That web hook http request essentially has no relationship with your user and even less with the browser window your user has open.

You either want that external page to redirect the user(s browser) back to your website or you’re better of embedding the external site e.g. in an iframe.

derek-zhou

derek-zhou

You can’t; if the browser attaches your session cookie with cross site posts then all hell breaks loose. Think about all the phishing sites / emails out there.

The best you can do is redirect and post again. I had a blog post on this: Pass data from site A to site B Basically, you let the user confirm the data again.

Where Next?

Popular in Questions Top

sergio
In Ruby, I can go: User.find_by(email: "foobar@email.com").update(email: "hello@email.com") How can I do something similar in Elixir? ...
New
siddhant3030
Hi, I have to write a raw query for one of my project. But till now I have used ecto queries and don’t have much experience writing raw ...
New
chrisalley
ExUnit now has describe blocks which is a welcome addition coming from RSpec. In the docs, it states that nested hierarchies of describe ...
New
Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID<0.412.0> terminating ** (Postgrex.Error) FATAL...
New
johnnyicon
Hi all, I’ve just started learning Elixir and Phoenix Framework, so please pardon my n00bness at this stage. I’m trying to use Postgres...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New

Other popular topics Top

gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
jason.o
In the code below, if the create action is not set to accept “extra_key” as an input, it errors out with a message shown above. Is there ...
New
saif
Hello everyone, Long time lurker first time poster here. I’ve recently begun working on Elixir full-time again! :raised_hands: It’s been...
New
KronicDeth
Elixir plugin for JetBrain’s IntelliJ Platform (including Rubymine) This is a plugin that adds support for Elixir to JetBrains IntelliJ...
289 36128 110
New
romenigld
I am trying to run a deploy with docker and I successfully runned with this command: docker build -t romenigld/blog-prod . but when I t...
New
klo
Got a question about when to concat vs. prepending items to list then reversing to achieve appending. So i know lists boil down to [1 | ...
New
joaquinalcerro
Hi there, I am working with Ecto-Postgresql and I need to call all of the records from a specific table but the table has 40,000 records...
New
hariharasudhan94
I would like to know what is the best IDE for elixir development?
New
Qqwy
Update: How to use the Blogs & Podcasts section You can post links to your blog posts or podcasts either in one of the Official Blog...
3271 126479 1222
New

We're in Beta

About us Mission Statement