From 4e9583c5a3c4d7b8205b493a0b8b13c562e6913f Mon Sep 17 00:00:00 2001 From: Christopher McGee Date: Wed, 17 Jun 2020 11:57:48 -0400 Subject: [PATCH] Updated readme for json 401 response. --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index d66d65b1..73b3cdae 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,25 @@ XMLHttpRequests made by client-side code (i.e ajax) should include the `X-Reques 302 redirects are followed transparently via XMLHttpRequests (xhr/ajax requests) thus there is nothing the client side can do to detect if a 302 happened. Returning a status code of 401 allows the client to respond to the request accordingly. +The response body of this 401 is as follows: + +``` +{ + "status":401, + "request_path":"/api/path" +} +``` + +Currently we do NOT have access to the redirect url that **lua-resty-openidc** would normally generate thus we only respond with the above body. When **lua-resty-openidc** exposes the method generating the authorization code path uri then we change the http response body the following: + +``` +{ + "status":302, + "request_path":"/api/path", + "redirect_path":"https://idp.com/oauth/authorize?client_id=a17c21ed&response_type=code..." +} +``` + ## Dependencies **kong-oidc** depends on the following package: