[BUG] URL parameters are dropped when redirected back to OS after OAuth authentication

[filip-piotrowski]

What is the bug?
If you have no session in OpenSearch and OpenSearch is protected by external IdP via OAuth 2.0, when you launch a "deep link" to e.g. dashboard with some filters etc., after successful authentication you are redirected to baseUrl/app/dashboards instead of the link where you started.

How can one reproduce the bug?
Steps to reproduce the behavior:

1. Setup OpenSearch with IdP via OAuth 2.0
2. Log in to OpenSearch to obtain a "deep link", e.g. link to any dashboard, set time filter to anything else than 15 min to create additional parameter in the URL
3. Copy the dashboard link
4. Clear session cookies to force authentication on next interaction with OpenSearch
5. Launch the link copied in step 3
6. Complete authentication flow
7. Notice that you land on /app/dashboards context instead of the specific dashboard along with selections from step 2

What is the expected behavior?
After successfully authenticated user should be brought back to the context with parameters that were orignally requested prior the authentication workflow, instead of the generic landing page.

What is your host/environment?

• OS:
  Dashboards OS:
  Amazon Linux release 2 (Karoo) (Dashboards default docker container from dockerhub)
  Browser OS:
  Chrome / Windows 10
• Version 2.7.0
• Plugins:
  security plugin

Do you have any additional context?
This functionality works fine in a mirror environment based on Elasticsearch 7.10.2, however it is not using OAuth 2.0, it only has basic authentication

[derek-ho]

@opensearch-project/triage can you move this to Security dashboards repo? This seems more relevant to them

[filip-piotrowski]

@derek-ho I see there was no action taken, should I create this issue in opensearch-project/security-dashboards-plugin? It seems I can't just move the issue there