Issue: If multiple domain cookies are sent with a authentication request, getToken() only parses the first one. If the first cookie is not the ssoCookie, authentication fails.
Steps to reproduce:
In postman, add one or more domain cookies with any name/value. Authenticate using bearer-credentials strategy. Response will include a crowd_token_key cookie.
Attempt to authenticate another request using the basic strategy. All cookies are sent with the request, but only the first cookie in the string is parsed, which will fail to authenticate.
natlibfi-arlehiko
commented
4 years ago
Issue: If multiple domain cookies are sent with a authentication request, getToken() only parses the first one. If the first cookie is not the ssoCookie, authentication fails.
Steps to reproduce:
In postman, add one or more domain cookies with any name/value. Authenticate using bearer-credentials strategy. Response will include a crowd_token_key cookie.
Attempt to authenticate another request using the basic strategy. All cookies are sent with the request, but only the first cookie in the string is parsed, which will fail to authenticate.