Closed tanguilp closed 2 years ago
Fix for this is in https://github.com/tanguilp/plugoid/compare/conn_callback.
Works for me. Can this get merged?
I am debating whether or not we still need the state cookie. With this change, all required variables can go into the main session. I guess it might be better(?) having the state cookie with SameSite=None, rather then doing this for the main session cookie. But does that actually gain us anything? Still trying to think this through.
This is merged already in v0.5.0. See the CHANGELOG.
The state cookie is used for requests between the app and the OP, and cannot be removed. See https://hexdocs.pm/plugoid/Plugoid.html#module-cookie-configuration
Right now there exists a callback called with the tokens after redirect (https://hexdocs.pm/plugoid/Plugoid.RedirectURI.html#module-options).
The initial idea was to use it with the
oauth2_token_manager
library, but this one is not production ready (and won't as long as there's no good solution for clustered deployments).Right now only the
"sub"
and"acr"
claims are set in Plugoid's session. As requested by a user on a forum, it would be nice if more claims could be set in the session. 2 possible ways:Plug.Conn.t()
so that the user can set anything he wants in the session