Redirect when auth fails - I think!

app/controllers/api/forward_auth_controller.rb

@@ -112,9 +112,22 @@ module Api
       # Set header to help with debugging
       response.headers["X-Auth-Reason"] = reason if reason
 
-      # Return 401 Unauthorized
-      # The reverse proxy should redirect to login
-      head :unauthorized
+      # Get the redirect URL from query params or construct default
+      base_url = params[:rd] || "https://clinch.aapamilne.com"
+
+      # Set the original URL that user was trying to access
+      # This will be used after authentication
+      request_host = request.headers["X-Forwarded-Host"] || request.headers["Host"]
+      original_url = if request_host
+        "https://#{request_host}#{request.fullpath}"
+      else
+        request.fullpath
+      end
+
+      session[:return_to_after_authenticating] = original_url
+
+      # Return 302 redirect to login page
+      redirect_to "#{base_url}/signin", allow_other_host: true
     end
 
     def render_forbidden(reason = nil)

config/credentials.yml.enc

@@ -1 +0,0 @@
-DxrlTZBeCpuC6si/9Fw1CJc6YR2p7LCIRxlJgTpjvgL+SEH1caIYRHhu5V2JgeqwdXnmoDnKX8cKbzQQSlTyQ7TPKA6qjPKoeHLvDYGCxHNr5mOboa9jPLdsrGrKg5+GA3X/5piNQQfFzHiiSgzkD3pxPRpX1V0MjA5r0wAFuqzSmkOHq5zV46PFX1WDdfUEZocPDrdOmEt2xxmuq+k+csh5SLi73MjHOTz5KWMVUuwISAUTMqSwzoPRpb1H3Dh8+YXhtbJDifIfPu8vfH4qK6C+6+Bi9cH2YwhTblAggqB3lQ1Tkpo4b631MdT7eRT5qwJ+Rr4EfrFHVfcT46QT774Rc8pd2ifLdJqEOSnskWN1BJza1mxrLcb8kI0cV6zCTZI0ChzPI9gR2YZ9CNJCbHZtR+s9LsmnCx2iy3vPVYsLeCU3Qg0+kILVuA/EY+m/bUhPiD5POj73e8ygBnUgU37HLosllBLs5tHPSeF5BYXq9IxLQe+pMaYY--wcVJty2PK9h/klT6--pZOot1WksDZmdWdBHi7s3w==