How do I open a Modal after a successful Oauth2 redirect?

Question

I'm working on a relatively old web application, based on portal/portlet architecture.

I have an ingress on the application which loads my feature in a Modal. Currently we have navigation built into the modal where we show and hide divs if customers move back and forth and update our ingress with Javascript once the interaction ends.

Now we want to introduce another card inside the modal which requires the customer to access sensitive data, therefore we want the customer to authenticate again.

We have an OpenId OAuth2 Authentication provider that we call with a callback URL. Currently this callback URL is the URL for the main page, therefore the customer is taken out of our modal experience and we have a high likelihood of engagement drop-off. We'd want to be able to get them back into the Modal experience where they'd left off before authenticating.

Are there some common strategies or patterns that can help achieve this? One thing that might work is if we are able to pass in a javascript method as a part of the redirect url too.

I can't make any changes to the underlying container but have freedom to add javascript events and handlers.

Answer 1

You could use the state parameter in the OAuth2 request. From RFC 6749:

the client MAY use the "state" request parameter to achieve per-request customization

Then when you get the state value back in the response, you could open the modal with your additional card. The state value is a string value and could include what you wanted. Just make sure to not forget to cover CSRF.

https://tools.ietf.org/html/rfc6749#section-3.1.2