Open spwitt opened 1 month ago
federated.csrf
The federated.csrf cookie (required for IdP logins since version 1.47.0) is not written by the /oauth2/authorize page when
1.47.0
/oauth2/authorize
idp_hint
1.49.2
>= 1.47.0
The federated.csrf cookie should be written when redirecting to an external IdP based on the idp_hint parameter.
All issues filed in this repository must abide by the FusionAuth community guidelines.
Assuming we are considering this is a bug, can we tag it?
when this bug will be addressed?
federated.csrf
cookie is not created in some casesDescription
The
federated.csrf
cookie (required for IdP logins since version1.47.0
) is not written by the/oauth2/authorize
page whenidp_hint
query string parameter is provided in the URL -and-Observed versions
1.49.2
Affects versions
>= 1.47.0
Steps to reproduce
/oauth2/authorize
page for the application and include theidp_hint
query string parameterfederated.csrf
cookie writtenExpected behavior
The
federated.csrf
cookie should be written when redirecting to an external IdP based on theidp_hint
parameter.Screenshots
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.