feat: allow request uuid to be stored

omniauth / omniauth-saml

A generic SAML strategy for OmniAuth

https://github.com/omniauth/omniauth-saml

Other

331 stars 205 forks source link

feat: allow request uuid to be stored #174

Open Jamedjo opened 5 years ago

Jamedjo commented 5 years ago

What

Introduces a :store_request_uuid option for later comparison with InResponseTo

By default it saves the request uuid in the session as "saml_transaction_id", but also accepts a proc that will then be called with the uuid for custom storage.

Why

Needed for #172, although we may also want to pass the value to ruby-saml with matches_request_id:.

coveralls commented 5 years ago

Coverage remained the same at 100.0% when pulling 8ac901c33d641641496d351d91611a78c1a0b44a on Jamedjo:jej/allow-storing-request-uuid into 715cc44f4d0b85db61d6abed415ad70ec36c076a on omniauth:master.

Jamedjo commented 5 years ago

@md5 @supernova32 Does this look ok?

alexrecuenco commented 9 months ago

Was this ever solved in a different way? I see no updates here, and I was trying to do SP-initiated only log-in by looking at the InResponseTo, but I don't think that is currently possible, is it?

Is there any recommendation to avoid CSFR otherwise?

How do you recommend to go about this?