Only check oidc login token if logged in via user_oidc #1162
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
julien-nc
force-pushed
the
enh/noid/improve-login-token-check
branch
from
84b36eb to
e330f10
Compare
julien-nc
force-pushed
the
enh/noid/improve-login-token-check
branch
from
e330f10 to
6496584
Compare
Signed-off-by: Julien Veyssier <[email protected]>
…ilable since 30 Signed-off-by: Julien Veyssier <[email protected]>
julien-nc
force-pushed
the
enh/noid/improve-login-token-check
branch
from
6496584 to
3a37e5b
Compare
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When "Store login token" is enabled, the current logic is incorrect. We logout if the login oidc token was not found in the session. We should avoid doing that if we know we are not in a session started by user_oidc (when using an app password or after a direct login for example).
This PR add a step in the oidc login token check to abort when either:
SCOPE_SKIP_PASSWORD_VALIDATIONscopeThis should prevent unexpected disconnections from the desktop client.