We ran into a need where an external auth provider expects credential in the request headers instead of body and the auth token is returned in the body instead of a cookie. This PR adds three external auth options:
data_as_headers
token_cookie_mappings
secret_prompt_mappings
These are made to be optional and the authenticate_with_external would retain existing behaviors when these options are not defined.
There is one functional change to start_session_from_configuration to change how auth tokens are retrieved when external auth is enabled. It has been changed from a direct authentication against Aerie gateway, which would not work if the app is fully delegating authentication to an external provider, to a new validateSSO function that validates externally authenticated sessions against Aerie gateway.
We ran into a need where an external auth provider expects credential in the request headers instead of body and the auth token is returned in the body instead of a cookie. This PR adds three external auth options:
data_as_headers
token_cookie_mappings
secret_prompt_mappings
These are made to be optional and the
authenticate_with_external
would retain existing behaviors when these options are not defined.There is one functional change to
start_session_from_configuration
to change how auth tokens are retrieved when external auth is enabled. It has been changed from a direct authentication against Aerie gateway, which would not work if the app is fully delegating authentication to an external provider, to a new validateSSO function that validates externally authenticated sessions against Aerie gateway.