[Koha-bugs] [Bug 33675] Add CSRF protection to OAuth/OIDC authentication
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu May 11 13:36:54 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33675
--- Comment #8 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
(In reply to Jonathan Druart from comment #7)
> First time trying this, and I failed to test.
>
> I am getting
>
> """
> test
> We are sorry...
>
> Invalid parameter: redirect_uri
> """
> After I clicked "login with test"
> The generated URL is
> http://sso:8082/auth/realms/test/protocol/openid-connect/
> auth?response_type=code&client_id=kohaoidc&redirect_uri=http%3A%2F%2Fkohadev-
> intra.myDNSname.
> org%3A8081%2Fapi%2Fv1%2Foauth%2Flogin%2Ftest%2Fstaff&scope=openid+email&state
> =873f7839ab38384730c0635c3b260564297de884%2Ca443349be07f4216b95089525be35eeb9
> 6b74452%2C1683794690
>
> I guess I made an error in the config somewhere but I have double-checked
> everything :-/
The wiki suggests using localhost:port/* but your URL is using
kohadev.myDNSname... because it picks it from the baseURL prefs
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list