Return to gated content after logging in

NikShafiq · June 1, 2022, 3:50am

Hi,

I’ve had a Netlify based site running for my Organization for some time now and we’ve used RBAC alongside identity. However, we’ve run into an issue where if a user is linked to a gated content and accesses it with an expired token, they would be redirected back to our /login page for a token refresh which will redirect them to /home. I’m trying to figure out a way for users to get back to their linked page without having to access the link again.

We’re using Hugo and are serving basic static web pages. Only our login is separate which also has identity-widget as well as a token refresh:

        console.log('init', user);
        if(user && user.token) {
            if (Date.now() > user.token.expires_at) {
                // The documentation engine's cookie has expired
                netlifyIdentity.refresh()
                    .then((jwt) => {
                        var now = new Date();
                        now.setTime(user.token.expires_at);

                        // reset the token
                        document.cookie = "nf_jwt=" + jwt +
                            ";expires=" + now.toUTCString() + ";path=/;secure;"

                        location.href = '/';
                    }, reason => {
                        // Something went wrong during refresh
                        console.log('Token refresh failed, logging out');
                        return netlifyIdentity.logout();
                    });
            }
        }
    }
);

Redirect rules:

# Always allow login page
/login/*        /login/*        200
/templates/*    /templates/*    200
#Circumvent docsy quirk, redirect after login to /home
/       /home   200!    Cookie=nf_jwt
#Allow any user with role to access website
/*      200!    Cookie=nf_jwt
# Other send to login
/*    /login    401!

And for every markdown pages, we’ve added a token refresh in the partials:

  netlifyIdentity.on('init', user => {
    user.jwt().then(
    (refreshed) => { console.log('abc'); }, 
    (reason) => { console.log('I was rejected because->' + reason); })
    .catch((err) => { console.log(' something went wrong...'); }); 
})

We’ve added the token refresh to the markdown pages hoping that user tokens would be refreshed when accessing pages they’ve been linked to, but redirect would kick in faster and kick them out to /login.

The token refresh in /login has a location.href = '/', which is why users just end up back in /home after token is refreshed and not where they inteded to be. Is there any way to make it so users are back on their intended page?

NikShafiq · June 1, 2022, 4:58am

After messing around I’ve found a simple temporary solution. The redirect back to login still has the previously accessed/clicked URL even when in /login. With that there, I replaced location.href = '/' with location.reload();.

Accessing a gated page with no nf_jwt would give me a brief flash of the login page before showing me the gated content as planned.

hillary · June 2, 2022, 1:49pm

Thanks so much for coming back and letting us know. Happy building!