[Koha-bugs] [Bug 32354] Handle session_state param given by OAuth identity provider
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Nov 29 02:19:33 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32354
--- Comment #4 from David Cook <dcook at prosentient.com.au> ---
(In reply to Tomás Cohen Arazi from comment #3)
> We need to document it better. Understand if the param name is standard, if
> it needs to be carried around in responses as well, etc.
I'm not 100% sure what you mean, but I think I agree. I've got a deadline
tomorrow, but I'm hoping to look at this in December. I'll be testing with
Keycloak.
That said, from what I've read so far at
https://openid.net/specs/openid-connect-session-1_0.html, it looks like the
session_state is just used by optional client side iframes for checking the
user's session status with the IdP.
So I think we can accept session_state in the IdP's AuthN response without
actually supporting OIDC session management ourselves.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list