Closed tanguilp closed 3 years ago
In mod_auth_openidc there's a timeout for the state cookie (OIDC challenge): https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf#L739
Plugoid doesn't handle it. It's tied to the state cookie and is deleted when this state cookie expires (and it defaults to a session cookie - with unlimited lifetime as long as the browser is not closed).
Should we set a limit for this?
In mod_auth_openidc there's a timeout for the state cookie (OIDC challenge): https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf#L739
Plugoid doesn't handle it. It's tied to the state cookie and is deleted when this state cookie expires (and it defaults to a session cookie - with unlimited lifetime as long as the browser is not closed).
Should we set a limit for this?