m0n9oose
commented
4 years ago @hobbypunk90 thanks for your time!
Can you explain what kind of problem do you mean?
It would be great if you can create a PR as described in readme
Closed hobbypunk90 closed 4 years ago
m0n9oose
commented
4 years ago @hobbypunk90 thanks for your time!
Can you explain what kind of problem do you mean?
It would be great if you can create a PR as described in readme
hobbypunk90
commented
4 years ago Hey @m0n9oose,
if I was sure, it is a bug I create a pr, but I don't know if it is really a bug or only a problem in our system 🙈 We login via keycloak as sso, there is a state value in the URL. There are no problems on normal logins but with a bookmarked login we run in an "invalid state" because omniauth.state is nil and we have a state in params 🤔 In an old version, the omniauth.state value was checked If it's nil 😅
m0n9oose
commented
4 years ago @hobbypunk90 I guess that's not a good idea to bookmark the page that contains temporary values in a query
hobbypunk90
commented
4 years ago I'm with you, but user bookmarks everything 😁
Hello,
I think i found a problem with this line: https://github.com/m0n9oose/omniauth_openid_connect/blob/af1e49b6d9268c8041d4b653b0172ec407d878d4/lib/omniauth/strategies/openid_connect.rb#L111 i'm not familar enough to decide if its the correct way, but i patched it for our application with this:
invalid_state = session['omniauth.state'] && (params['state'].to_s.empty? || params['state'] != stored_state)Greets Marcel