eu2pey4
commented
1 year ago For me, I had to settle on just using the Okta Sign-in Widget 5.0.1
Open eburkland opened 1 year ago
eu2pey4
commented
1 year ago For me, I had to settle on just using the Okta Sign-in Widget 5.0.1
eburkland
commented
1 year ago When I exchange the code for tokens by calling the /token endpoint I get the access token, id token as expected. If I attempt to use the same code twice it doesn't work. This to me is a good thing as you wouldn't want someone to keep trying to use the same code to get tokens. Because of this I'm wondering if it is necessary to do checks on state and nonce. Just a thought.
silver8ack
commented
1 year ago Something seems broken with the middleware of this project. I'm not sure what it is. See issue 33 I created.
I can get authentication working using the /accounts/login url as long as I don't have the middleware enabled. It seems like the middleware is removing the session or something. I never see a session get created in the database when the middleware is enabled.
https://github.com/AzMoo/django-okta-auth/blob/99116ff0650f3a20d5b03c8baa20ce6653009700/okta_oauth2/views.py#L57
Trying to implement the latest okta-signin-widget into my existing django project. I'm having difficulty with the callback method. Curernt okta-signin-widget as of 7.0+ no longer creates state or nonce cookies. Also it doesn't look like this supports PKCE.
There seems to be a number of github repositories that reference okta and django but none of them work very well with the current standards. Any ideas?
Thanks!