-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[QUESTION] Support for absence of state parameter in logout response #106
Comments
As stated in the FranceConnect documentation for the Logout Endpoint, the |
Fyi, this switch was introduced because France connect stopped sending the parameter in logout response (see issue #6). |
Previous version of this plugin had a switch to allow for the absence of the state parameter in franceconnect logout response (for csrf protection)
Shoud we reintroduce this switch in admin panel or should we definitively remove support for accepting logout responses without state parameter ?
It's about code around https://github.com/InseeFr/Keycloak-FranceConnect/blob/master/src/main/java/fr/insee/keycloak/providers/common/AbstractBaseIdentityProvider.java#L202C1-L211C100
The text was updated successfully, but these errors were encountered: