Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[auth][oauth] set oauth2 state and nonce cookies with "lax" samesite policy #4685

Closed
Tracked by #3433
axiomofjoy opened this issue Sep 20, 2024 · 2 comments · Fixed by #4693
Closed
Tracked by #3433

[auth][oauth] set oauth2 state and nonce cookies with "lax" samesite policy #4685

axiomofjoy opened this issue Sep 20, 2024 · 2 comments · Fixed by #4693
Assignees
Labels
enhancement New feature or request

Comments

@axiomofjoy
Copy link
Contributor

No description provided.

@dosubot dosubot bot added the enhancement New feature or request label Sep 20, 2024
@mikeldking
Copy link
Contributor

Why lax?

@axiomofjoy axiomofjoy changed the title [auth][oauth] makes cookie samesite value configurable and default to lax [auth][oauth] set oauth2 state and nonce cookies with "lax" samesite policy Sep 20, 2024
@axiomofjoy axiomofjoy self-assigned this Sep 20, 2024
@axiomofjoy
Copy link
Contributor Author

@mikeldking If the user is not yet authenticated with the OAuth2 IDP and has to sign in for the first time, strict cookies won't be sent back to the callback URL.

https://stackoverflow.com/a/42220786

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

2 participants