Put the state and nonce into the session store instead of using a cookie

istio-ecosystem / authservice

Move OIDC token acquisition out of your app code and into the Istio mesh

Apache License 2.0

217 stars 63 forks source link

Put the state and nonce into the session store instead of using a cookie #69

Closed cfryanr closed 4 years ago

cfryanr commented 4 years ago

This will simplify the code and will remove the need for the cryptor_secret configuration option.

It will also make the authservice compatible with any version of Istio/envoy, even versions from before the Set-Cookie bug that we fixed (that fix was first included in Istio 1.5).