Add device trust web redirect to githubCallback (#44906)

gravitational · Aug 1, 2024 · 50219e7 · 50219e7
1 parent bcddb6d
commit 50219e7
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
@@ -1857,6 +1857,11 @@ func (h *Handler) githubCallback(w http.ResponseWriter, r *http.Request, p httpr
 
 		if dwt := response.Session.GetDeviceWebToken(); dwt != nil {
 			logger.Debug("GitHub WebSession created with device web token")
+			// if a device web token is present, we must send the user to the device authorize page
+			// to upgrade the session.
+			// TODO (avatus) the web client currently doesn't handle any redirects after authorizing a web
+			// session with device trust. Once it does, append a redirect_url here as a query parameter
+			return fmt.Sprintf("/web/device/authorize/%s/%s", dwt.Id, dwt.Token)
 		}
 		return res.ClientRedirectURL
 	}