Allow setting more claims from the ID token to the Plug.Conn.t() #7
Comments
brianmay
added a commit
to brianmay/plugoid
that referenced
this issue
Nov 7, 2021
This was referenced Nov 7, 2021
|
Fix for this is in https://github.com/tanguilp/plugoid/compare/conn_callback. Works for me. Can this get merged? |
|
I am debating whether or not we still need the state cookie. With this change, all required variables can go into the main session. I guess it might be better(?) having the state cookie with SameSite=None, rather then doing this for the main session cookie. But does that actually gain us anything? Still trying to think this through. |
|
This is merged already in v0.5.0. See the CHANGELOG. The state cookie is used for requests between the app and the OP, and cannot be removed. See https://hexdocs.pm/plugoid/Plugoid.html#module-cookie-configuration |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now there exists a callback called with the tokens after redirect (https://hexdocs.pm/plugoid/Plugoid.RedirectURI.html#module-options).
The initial idea was to use it with the
oauth2_token_managerlibrary, but this one is not production ready (and won't as long as there's no good solution for clustered deployments).Right now only the
"sub"and"acr"claims are set in Plugoid's session. As requested by a user on a forum, it would be nice if more claims could be set in the session. 2 possible ways:Plug.Conn.t()so that the user can set anything he wants in the sessionThe text was updated successfully, but these errors were encountered: