Our senior dev left us recently and i'm trying to swim into the ocean that is IdentityServer.
There is a few things I don't understand and can't find informations on it.
Like for example, when you run the client application, it is redirrected to IdentityServer/Account/Login with a parameter called returnUrl.
That returnUrl seems to be used for many things, like retrieving the authorization context with :
await _interaction.GetAuthorizationContextAsync(returnUrl);
My first question would be :
From where is that returnUrl coming from? how/where is it created?
Second question is :
Is there a way to store it somewhere in the client application after you sign-in? I mean, there is a point in the client application where we have to send mails to create new accounts. Those mails redirrect new users in a "register" page in IdentityServer. What i'd like to do is to have the returnUrl here to redirrect the new user to the correct client application.
Thanks for your time !
EDIT :
here is the return url set in my Client (in IdentityServer) :
RedirectUris = {"http://localhost:44349" + "/signin-oidc"}
and here is the returnUrl recieve by the Login method in IdentityServer when i start the client application
"/connect/authorize/callback?client_id=MyApplication_Web&redirect_uri=http%3A%2F%2Flocalhost%3A44349%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20offline_access%20roles%20Cri_Identity_Serveur_Api.Full_Access&response_mode=form_post&nonce=637230882720491348.YmQzODA4ZTQtNDczZS00OWYwLWFmNmEtYjA2NmQ3YmIwZjg2YzdiODk4ZDYtMTU1YS00ZTM0LWE0MGEtNDVjOWNkZWFiYTM1&state=CfDJ8Ly2XCz96vdGkR4YQuJ4jeE-v9P4l1W7fLWpJcCGZpt1rMpXyWqEGdnaeRZfiZy4M4Z79LcixUbo06zImhsxwbgyV4hK82qmn0mI6wkrxwraT1tH3XNCdSXCfUJqwk_hZguMSwspZDEN6r1WxnZsU9kT8MHrb9qpzsMOMzsotVzToEjgMtxIeoRfqFSoK8ZfUXBkSw__qxVyIe1lCs96-I--ufZSyO2pBe2kfau-ah7eR5-9oopxX6x1k0tzFHAk6Y3_jMqGysES_GmmfeUJvXXFIR35Rc-IaxU1igswmL2h1IUS-0DQ98Tv_Gf3hirnS87SU87aSJhajgn2YmARXWc&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.3.0.0"
it seems that to retrieve the autorization context using await _interaction.GetAuthorizationContextAsync(returnUrl); the returnUrl must be the entire url with "/connect/authorize/callback?..."
Unfortunatley Martin's answer is incorrect - returnUrl in this case is the authorize endpoint URL that was originally requested by the client. If the user is not authenticated then that endpoint will redirect to your nominated sign in UI endpoint and include this param. GetAuthorizationContextAsync() simply analyses that URL and if it's matches the signature of an authorize endpoint URL then it will parse, validate and return you an object representing that original request. You can then customise your sign in flow based on that info (e.g. show the name of the client you're signing into or restrict what social sign in methods are available or any number of other things).
You could include this URL in your sign up flow but personally I'd favour a single-use code based email verification flow and that means the user doesn't lose context if for example signing into a native mobile app and also doesn't need an email client on the device they're signing up on - e.g. a phone which doesn't have access to their work email account. Everyone's requirements are different though.