brianmay
commented
2 years ago Fix for this is in https://github.com/tanguilp/plugoid/compare/conn_callback.
Works for me. Can this get merged?
Closed tanguilp closed 2 years ago
brianmay
commented
2 years ago Fix for this is in https://github.com/tanguilp/plugoid/compare/conn_callback.
Works for me. Can this get merged?
brianmay
commented
2 years ago I am debating whether or not we still need the state cookie. With this change, all required variables can go into the main session. I guess it might be better(?) having the state cookie with SameSite=None, rather then doing this for the main session cookie. But does that actually gain us anything? Still trying to think this through.
tanguilp
commented
2 years ago This is merged already in v0.5.0. See the CHANGELOG.
The state cookie is used for requests between the app and the OP, and cannot be removed. See https://hexdocs.pm/plugoid/Plugoid.html#module-cookie-configuration
Right now there exists a callback called with the tokens after redirect (https://hexdocs.pm/plugoid/Plugoid.RedirectURI.html#module-options).
The initial idea was to use it with the
oauth2_token_managerlibrary, but this one is not production ready (and won't as long as there's no good solution for clustered deployments).Right now only the
"sub"and"acr"claims are set in Plugoid's session. As requested by a user on a forum, it would be nice if more claims could be set in the session. 2 possible ways:Plug.Conn.t()so that the user can set anything he wants in the session