Add option to redirectDocument instead of redirect in authenticator.authenticate

[adam1658]

I have a scenario where I have a resource route that generates PDFs on the fly.

If you're unauthenticated when accessing this route (maybe your session went stale before you followed a link to this PDF, etc.), my authenticator.isAuthenticated(request, {...}) call on this route will redirect to /login?returnTo=/pdf-route. My login route does a successRedirect to new URL(request.url).searchParams.get('returnTo') ?? '/', which redirects you back to the original route.

The problem is that in this case we've redirected the remix client back to a resource route, which results in an empty <Outlet /> (blank page). It would have been better to do a proper HTTP redirect in this case to load the resource route directly.

My solution to this is that I set my login URL for this route to /login?returnTo=/pdf-route&returnRedirect=document, then on my login route check the returnRedirect parameter before deciding what kind of post-auth redirect to do (redirect() or redirectDocument()).

Would it be possible to add a successRedirectType?: 'redirect' | 'redirectDocument' on AuthenticateOptions? Then the redirect call in AuthStrategy.success could use redirectDocument when required.

I've had a little think about a workaround, and I think I'll try catching that redirect response and checking if it's a success redirect (based on location header, etc.), and then rethrowing an equivalent redirectDocument if necessary.

[adam1658]

I worked on a workaround based on my idea of catching the redirect() response and rethrowing a redirectDocument() response, and I actually just need to add an internal remix header to my response as follows:

await authenticator
  .authenticate('form', request, {
    successRedirect: getPostAuthRedirect(request),
    throwOnError: true,
  })
  .catch(convertRedirectToDocumentRedirect(shouldRedirectDocument));

function convertRedirectToDocumentRedirect(shouldConvert: boolean) {
  return async (error: unknown) => {
    if (!shouldConvert) {
      throw error;
    }

    // If this is a redirect response then turn it into a redirectDocument response.
    // header grabbed from https://github.com/remix-run/react-router/blob/4b1f73f3dc5af23a378554ae708105549c8ff82a/packages/router/utils.ts#L1639-L1640
    if (error instanceof Response && error.status === 302) {
      error.headers.set('X-Remix-Reload-Document', 'true');
    }

    throw error;
  };
}

As a workaround it works for me for today, but I'm now accessing some remix internals that are potentially subject to change in future, breaking my solution. I still think that an option in remix-auth would be very useful!

Also, I'm just using remix-auth-form for auth in my project. This workaround may interfere with redirects from other strategies that redirect to other sites during authentication (like oauth, etc.)