Closed tjveldhuizen closed 8 months ago
Sephster
commented
1 year ago Apologies for the delay in picking this up. The state is passed back via an http query value along with the auth code. Why do you need to include it in the auth_code specifically? Thanks
tjveldhuizen
commented
1 year ago Hmm, this requires some digging in my memory😅
At least I want to log keep track of the completed log in sessions of the user, therefore I create an entry in my session log table when the access token is provided. In that entry, I want to log the IP address of the device of the authenticating user (which is not available in the token request, since that's instantiated by the client and not the browser of the user).
Next to that, I want to add extra data to the token when the user is logged in using 2FA.
Sephster
commented
1 year ago Thank you. I haven't seen anyone asking for this but I can't see why we don't support this when we do similar events for other issued codes/tokens.
Are you willing to provide some tests for this PR? It would be great to have some in prior to merging. Thanks for getting back to me so quickly with the above :+1:
tjveldhuizen
commented
1 year ago I'll see what I can do!
Like events are emitted (#1211) when the access and refresh tokens are created, I've added an event when the auth_code is created.
Using this event, I am able to add state to the auth_code, which I need to generate the correct access token, later