Hi all,

 

I was just setting up Koha to use an OpenID Connect server provided by a Wordpress plugin, and it sent an “iframe” query string parameter along with the “code”.

 

I added “iframe” as an optional parameter to public_oauth.yaml which got it working, but it seems an unfortunate workaround.

 

It looks like Koha::REST::V1::Auth::authenticate_api_request validates query parameters and will fail if there’s one that isn’t in the spec. Most of the time that might be the right thing to do, but I don’t think it’s the right thing for the OAuth/OIDC routes.

 

What do other people think?

 

David Cook

Senior Software Engineer

Prosentient Systems

Suite 7.03

6a Glen St

Milsons Point NSW 2061

Australia

 

Office: 02 9212 0899

Online: 02 8005 0595