[Koha-devel] Extra parameters sent by OpenID Connect servers
David Cook
dcook at prosentient.com.au
Wed Apr 26 03:05:03 CEST 2023
Hi all,
I was just setting up Koha to use an OpenID Connect server provided by a
Wordpress plugin, and it sent an "iframe" query string parameter along with
the "code".
I added "iframe" as an optional parameter to public_oauth.yaml which got it
working, but it seems an unfortunate workaround.
It looks like Koha::REST::V1::Auth::authenticate_api_request validates query
parameters and will fail if there's one that isn't in the spec. Most of the
time that might be the right thing to do, but I don't think it's the right
thing for the OAuth/OIDC routes.
What do other people think?
David Cook
Senior Software Engineer
Prosentient Systems
Suite 7.03
6a Glen St
Milsons Point NSW 2061
Australia
Office: 02 9212 0899
Online: 02 8005 0595
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20230426/07b6144c/attachment.htm>
More information about the Koha-devel
mailing list