Change callback path

[mikara89]

Support plan

• is this issue currently blocking your project? (yes/no): no
• is this issue affecting a production system? (yes/no): no

Context

• node version: 12.6.1
• module version: 12.3.0
• environment (e.g. node, browser, native): node/ts
• used with (e.g. hapi application, another framework, standalone, ...): hapi application
• any other relevant information:

How can we help?

Is it possible to redirect back to different path then when login started. Example starting from =>/login and callback => /login/callback ?

[Nargonath]

If I may ask, why do you want to setup a different path for the callback in the first place?

From what I understood when you query your endpoint, /login in your example, the handler of your route is only reached once the user is successfully authenticated through the third-party system. The intermediary steps are handled for you by bell. If you want to have the hand over these intermediary steps then I'm not sure there is a point to use bell then. From the docs:

bell works by adding a login endpoint and setting it to use a bell-based authentication strategy. bell will manage the third-party authentication flow and will only call the handler if the user successfully authenticated.

Source: https://hapi.dev/module/bell#usage.

As per your question, I don't think you can change to a different redirect path.

[mikara89]

For example, for the login endpoint I will expect some query parameters that I would like to validate and on callback endpoint I will not validate those parameters. And I don't like the idea of starting a login process and ending it (callback process) done on the same endpoint. I am using bell with "custom strategy", so I like that bell provides functionalities but if it is possible to change the callback route that would be nice.

Usage without a strategy
Sometimes, you want to use bell without using specifying a Hapi strategy. This can be the case when combining the auth logic together with another module.
bell exposes an oauth object in its plugin. Therefore, server.plugins.bell.oauth now has all that's needed. For example, calling the v2 method with all the settings documented above, will handle the oauth2 flow.

[Nargonath]

For the checks on your query parameter, depending on the checks you want to make you could validate them directly in your route configuration through joi schemas. If you want deeper validation i.e database checks you can try using a lifecycle endpoint that happens before credentials validation/auth logic like onRequest.

As of now, I'm not sure you can separate your callback URL to the starting point URL.

[Eomm]

? As of now, I'm not sure you can separate your callback URL to the starting point URL.

I did it by setting the location as function

    const basicSettings = {
        provider: {
            protocol: 'oauth',
            profileMethod: 'post',
            signatureMethod: 'RSA-SHA1',
        },
        providerParams: false,
        allowRuntimeProviderParams: false,

        cookie: settings.cookieName,
        skipProfile: true,
        forceHttps: false,
        location (request) {
            if (request.query.oauth_verifier) {
                return request.server.info.protocol + '://' + request.info.host + '/foo';
            }
            return request.server.info.protocol + '://' + request.info.host + '/bar?xyz=' + encodeURIComponent(request.query.custom);
        },
    };