[Koha-bugs] [Bug 34755] Error authenticating to external OpenID Connect (OIDC) identity provider : wrong_csrf_token
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 6 15:37:49 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755
--- Comment #5 from Maryse Simard <maryse.simard at inlibro.com> ---
Created attachment 161784
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=161784&action=edit
Bug 34755: Resets the userenv when calling OAuth api endpoints
When using OIDC authentication, the error "wrong_csrf_token" can happen
if another user's userenv is loaded during login. This is because the
wrong userenv is used to compare the tokens. This patch explicitly
resets userenv when using OAuth endpoints of the Koha api.
Steps to reproduce:
0. On a Koha with SSO configured
1. Open the OPAC
2. Log in with a regular Koha user, not using SSO.
3. In a private browser window, open the OPAC
4. log in using SSO with a different user account.
5. Notice that you get the error message "There was an error
authenticating to external identity provider wrong_csrf_token"
6. Click on the "Log in with [...]" button again.
7. Notice that the user is immediately logged in.
To test:
- Apply the tests patch
- prove t/db_dependent/api/v1/idp.t
=> FAIL: wrong_csrf_token
- Apply patch
- prove t/db_dependent/api/v1/idp.t
=> SUCCESS
- Run other OAuth endpoints tests to make sure nothing broke:
prove t/db_dependent/api/v1/auth_authenticate_api_request.t
prove t/db_dependent/api/v1/oauth.t
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list