From c63f7cf6788cbb6c633fc51dcee20462f56fb878 Mon Sep 17 00:00:00 2001
From: oyurov <oyurov@thingsboard.io>
Date: Thu, 17 Nov 2022 18:20:08 +0100
Subject: [PATCH] Added state support for Dashboards after oauth2 redirect

---
 .../Oauth2AuthenticationSuccessHandler.java       | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
index 9be9d2217b..bc861692ea 100644
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/oauth2/Oauth2AuthenticationSuccessHandler.java
@@ -104,10 +104,9 @@ public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS
             SecurityUser securityUser = mapper.getOrCreateUserByClientPrincipal(request, token, oAuth2AuthorizedClient.getAccessToken().getTokenValue(),
                     registration);
 
-            JwtPair tokenPair = tokenFactory.createTokenPair(securityUser);
-
             clearAuthenticationAttributes(request, response);
-            getRedirectStrategy().sendRedirect(request, response, baseUrl + "/?accessToken=" + tokenPair.getToken() + "&refreshToken=" + tokenPair.getRefreshToken());
+
+            getRedirectStrategy().sendRedirect(request, response, getRedirectUrl(baseUrl, securityUser));
             systemSecurityService.logLoginAction(securityUser, new RestAuthenticationDetails(request), ActionType.LOGIN, registration.getName(), null);
         } catch (Exception e) {
             log.debug("Error occurred during processing authentication success result. " +
@@ -128,4 +127,14 @@ public class Oauth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationS
         super.clearAuthenticationAttributes(request);
         httpCookieOAuth2AuthorizationRequestRepository.removeAuthorizationRequestCookies(request, response);
     }
+
+    private String getRedirectUrl(String baseUrl, SecurityUser securityUser) {
+        JwtPair tokenPair = tokenFactory.createTokenPair(securityUser);
+        if (baseUrl.contains("state")) {
+            baseUrl += "&";
+        } else {
+            baseUrl += "/?";
+        }
+        return baseUrl + "accessToken=" + tokenPair.getToken() + "&refreshToken=" + tokenPair.getRefreshToken();
+    }
 }