Identity provider and bookmarks

Question

I know that for security reasons we cannot save a different address in the bookmarks that the one we are visiting, but it is quite annoying in my case.

We have the secured site and the idp site in the same domain. When the customer arrives to the secured site (https://mysite.domain.com), he is redirected to the login page (https://idp.domain.com), with url parameters received from the secured website.

The fact is that if the customer tries to save a bookmark when in the login page, it should save the secured site url (https://mysite.domain.com), not the idp (https://idp.domain.com) who needs extra information for the authentication process flow.

I'm surprised I didn't see anything about it yet.

Anyone has a solution ?

Answer 1

The issue was if a customer bookmarked IDP.

1. The user clicks on the bookmark
2. The login page of the IDP is presented
3. after authentication, user is redirected to website
4. website has no storage data of OIDC, so exception

Changed the website so

5. redirect to website root. If no token, storage of OIDC data and redirect to IDP.
6. IDP has data from previous login and resends auth token and redirect to website.
7. now localstorage data matches data received from IDP.