Redirect Cookie
Loading "Intro to Redirect Cookie"
Run locally for transcripts
Whenever the user is required to authenticate before performing an action, it
can be very jarring to not be placed right back where they left off. We handled
this in a previous exercise when we created a
redirectTo query param on the
/login and /signup routes. However, things get a little more tricky when it
comes to third party auth.The problem is that we lose the
redirectTo query param when we redirect to
the third party auth provider. When the user finishes authenticating with the
third party, they get sent back to our callback URL. However, at that point, we
don't have the redirectTo query param anymore!To solve this problem, we're going to use a simple cookie. This doesn't even
need to be very sophisticated because it's no big secret where the user's going.
So while we do want it to be secure with
HTTPOnly and SameSite directives,
we don't need to worry about signing it or anything like that.All we need to do is make sure we keep track of the
redirectTo query param
that we're already sending to /login and /signup, get that into the cookie,
retrieve that from the cookie when we get back to our callback URL, and delete
the cookie when we redirect the user. Let's go!