Evaluation of the "next" parameter in combination with "OAuth" authentication
psandtner opened this issue · comments
Dear Flask-AppBuilder community!
I have an probable issue about the "next" parameter in flask_appbuilder/security/views.py (in the context of Apache Superset Version 2.0.0)
We use Superset with a “Custom OAuth2 Configuration” and several “OAUTH_PROVIDERS”. This leads for example to the following dashboard URLs:
https://dashboard.example.com/login/ProviderOne?next=https://dashboard.example.com/superset/dashboard/special_dashboard/
https://dashboard.example.com/login/OtherProvider?next=https://dashboard.example.com/superset/dashboard/special_dashboard/
In our tests, however, these only work (meaning: lead to the URL specified under "next") if the user is not logged in yet. Of course, these links should also work if the user is already logged in.
Is this a known problem or am I missing something here?