Authentication gets harder with AJAX and Websockets, that can't be redirected to a login form if for some reason a session goes missing after page load. Hence X-Requested-With and OIDCUnAuthAction 401 in https://github.com/pingidentity/mod_auth_openidc/wiki/Cookies.
solsson
commented
6 years ago
Authentication gets harder with AJAX and Websockets, that can't be redirected to a login form if for some reason a session goes missing after page load. Hence
X-Requested-WithandOIDCUnAuthAction 401in https://github.com/pingidentity/mod_auth_openidc/wiki/Cookies.We already have the sample pages so it would be interesting to demonstrate use of https://github.com/pingidentity/mod_auth_openidc/wiki/Session-Management and/or Keycloak's javascript adapter, in particular session status.