sberyozkin
commented
1 year ago This may be tricky to achieve. For example, OIDC session cookie name alone encodes the tenant name, and the config profile name. The lifetime of this OIDC cookie is determined by the ID token lifetime. I think the interface can be tuned to accommodate various extensions requirements, the main code can drive the cookie encryption, and in general it makes sense, but it can be a fairly time consuming effort.
Description
Right now,
OIDC,WebAuthn,Formauthentication mechanisms, but alsoCSRFprevention feature, all manage their own session cookies in their own way.WebAuthn,Form, share the same cookie manager to create an encrypted cookie. The goal is to have every extension which needs to create a session cookie use the same code residing in the Vert.x HTTP extensionImplementation ideas
No response