Keep state query parameters when redirecting to "main" application

[SimonLab]

The following code adds the jwt to the referrer value (ie the "main" application url): https://github.com/dwyl/auth/blob/9744fe50c697b613749f07c55b10bcb19744e83d/lib/auth_web/controllers/auth_controller.ex#L384-L385

However it will remove all existing query parameters and replace them with only the jwt:

jwt = "fake_jwt"
state = "http://localhost:4000/admin?name=bob"
List.first(String.split(URI.decode(state), "?")) <> "?jwt=" <> jwt
# returns http://localhost:4000/admin?jwt=fake_jwt

Would it be better to concatenate the jwt to the exsting query parameter or is it intentional to only keep jwt

[nelsonic]

@SimonLab yes, we definitely need a more advanced way of doing the query params to ensure no info is lost during an auth redirect. Once we have logging in place #67 and we can track the URLs, we can determine the priority of this refactor. I don't actually invisage us using too many get query params in the short term. But if we want the Auth Service to be generic and reusable by any App (i.e. Open Source and actually useful to other people) then it will make sense to prioritize this. As always, I suggest we wait for someone using the Auth Service to "second" this refactor request before doing any work on it. It might be "YAGNI". 🤔