OIDC on the backend, redirect from frontend

Question

I am implementing a small tool with integration with GitLab as Identity Provider. React on the frontend, Quarkus on the backend.

I have configured my backend as web_app and this part is working. After entering localhost:8080/auth (backend) Quarkus redirects me to the GitLab, after login I am redirected back to the backend which returns UserInfo as JSON.

Now I want to add frontend part based on sessions (cookies). According to the docs I set quarkus.oidc.authentication.java-script-auto-redirect=false and my frontend receives 499 code and then using window.location.assign browser opens backend -> GitLab -> login -> UserInfo as JSON. And at the end, flow stops on the backend, and I am not able to get back to the frontend.

1. Is my flow correct? Is it even possible to achieve this (OIDC on the backend and session for frontend)?
2. How I can wrap window.location.assign("http://localhost:8080/auth") to hold frontend context (I need to use this, otherwise redirect to GitLab will fail with CORS)?

Answer 1

After some research, tries and fails, implementation is ready.

Flow:

• frontend shows button to log in with GitLab
• button is a link to the backend with additional HTTP Header 'X-Requested-With': 'JavaScript'
• if user is not authenticated, backend returns 499 code and frontend using window.location.assign redirects to the GitLab log-in page
• GitLab redirects to the backend (tokens are stored there)
• backend redirects to the frontend (at this point backend has user's tokens and frontend has cookie from backend for session)

Both - frontend and backend - are working on the same domain.

Implementation - https://gitlab.com/hakkie-it/time-tracker/time-tracker