Hi all,
I was just setting up Koha to use an OpenID Connect server provided by a Wordpress plugin, and it sent an “iframe” query string parameter along with the “code”.
I added “iframe” as an optional parameter to public_oauth.yaml which got it working, but it seems an unfortunate workaround.
It looks like Koha::REST::V1::Auth::authenticate_api_request validates query parameters and will fail if there’s one that isn’t in the spec. Most of the time that might be the right thing to do, but I don’t think it’s the right thing for the OAuth/OIDC routes.
What do other people think?
David Cook
Senior Software Engineer
Prosentient Systems
Suite 7.03
6a Glen St
Milsons Point NSW 2061
Australia
Office: 02 9212 0899
Online: 02 8005 0595