This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
This is just a proposal so far, it hasn't been accepted and needs further discussion.
We have decided to use configurable callbacks to redirect on claim validation success/failure (see here). These functions determine where we redirect the user by returning a string. We have to decide if this string is a full URL or just a path
- Full URL
The return value should be interpreted as a full URL (with the option to return just the path for local redirections):
- This doesn't matter if there is no session sharing between subdomains. This is the case for most sites.
- It makes sense for
onFailureto redirect to the website domain in many cases (e.g: email verification check failing)
- There are cases, where
onFailuredoesn't point to the website domain, e.g.: the access denied page is specific to the app/subdomain we are currently on
onSuccessis even more likely to redirect to a domain that doesn't match the websitedomain (e.g: continue browsing after email verification/2FA on websitedomain)
- Even if we could make onFailure redirect only to the website domain, doing the same to
onSuccesswould block too many usecases (or cause awkward double redirections).
- Making them inconsistent would be bad.