github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-09 18:06:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
185 Commits 2 Branches 0 Tags
413b8dfc19d9a03f0458fdcf8aa9593a2d1ff63e
Commit Graph

18 Commits

Author SHA1 Message Date
ybelMekk
bc5f5138e4 add: handle trigger of logout for third-party and session_state 2022-01-24 22:44:45 +01:00
ybelMekk
e4c47f59e8 fix: create function for externalSessionId add random string generator. fix tests to reflect provider with checkSessionIframe Session management. 2022-01-23 21:37:36 +01:00
ybelMekk
65a0b5de52 fix: create function for externalSessionId add random string generator. 2022-01-23 14:31:01 +01:00
ybelMekk
7f6d323dde add: session management check to get session_state from OP response, generate a externalSessionID if none supported. 2022-01-22 16:23:16 +01:00
ybelMekk
f5e5d842e6 wip: sid claim only required if frontchannel_logout_session_supported && frontchannel_logout_supported. 2022-01-22 15:03:54 +01:00
Trong Huu Nguyen
879319cd2a fix(router/login): alleviate SameSite issues for login cookie 
A login cookie is set as part of the redirection flow between the RP
and OP, and thus inherently involves cross-site requests. Our client
uses the response_mode=query parameter for authorization requests, which
should work with the SameSite attribute set to Lax. However, there are
certain versions of user agents on certain operating systems (e.g.
Safari 12.2 on iOS<12.2, MacOS<10.14.4, Android WebView<72) that do not
properly handle cookies with the SameSite attribute set.

This commit attempts to alleviate this issue for legacy browsers by
introducing a fallback cookie without the SameSite attribute set.

Additionally, we also set the SameSite value for the original login
cookie to None to ensure that the cookie persists through the
cross-origin redirection requests.
 2022-01-07 14:16:46 +01:00
Trong Huu Nguyen
05e2509fac refactor: separate cookie operations to own package 2022-01-07 11:03:22 +01:00
Trong Huu Nguyen
8b7e76d6c4 refactor(router/handler): reduce log severity for certain error handler responses 2021-12-06 09:46:19 +01:00
Trong Huu Nguyen
3a35584a21 refactor: restructure and group related packages into subpackages 2021-10-20 09:03:14 +02:00
Trong Huu Nguyen
be585f9902 refactor: simplify config for acr_values and ui_locales; validate on startup 2021-10-17 20:24:34 +02:00
Trong Huu Nguyen
c702f8ff6c refactor: introduce generic provider for openid configs 2021-10-16 10:42:49 +02:00
Trong Huu Nguyen
8724e37e0d refactor: minor cleanups for callback handler 2021-10-14 20:34:26 +02:00
Trong Huu Nguyen
d0482b3490 refactor: log session store unavailability, ensure fallback cookies are deleted when no longer needed 2021-10-13 08:49:53 +02:00
Trong Huu Nguyen
d58e3339a9 refactor: only log route requests for owned routes 
Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-12 10:24:27 +02:00
Trong Huu Nguyen
2e10801d0e refactor: move client assertion generation, replace go-jose with jwx 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-11 11:46:11 +02:00
Trong Huu Nguyen
8b3075f6d0 fix: do not remove login cookies until end of callback 2021-10-07 07:59:48 +02:00
sindrerh2
1f939d603d feat: add configurable redirect to custom error page 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
 2021-10-06 14:49:04 +02:00
Trong Huu Nguyen
70516c3efb refactor: more cleanups; split up route handlers 2021-10-04 19:10:19 +02:00