Hello again!
Thanks again for the awesome work, I love to use this package in my project!
As far as I know, the only task of the secret is to check whether the request to the OIDC provider was sent by our client or not. So I think we should remove the cookie, after wie loaded it into a variable in the callback file. The variable is later used to verify that the request was sent by that client and the cookie doesnt ever need to be used again.
aborn
commented
1 year ago
Hello again! Thanks again for the awesome work, I love to use this package in my project!
As far as I know, the only task of the secret is to check whether the request to the OIDC provider was sent by our client or not. So I think we should remove the cookie, after wie loaded it into a variable in the callback file. The variable is later used to verify that the request was sent by that client and the cookie doesnt ever need to be used again.
What do you think?
Cheers