auth
auth copied to clipboard
Published
20 hours ago •
go-pkgz
go-pkgz
Set cookies for OAuth flows when SendJWTHeader is enabled
This fixes https://github.com/umputun/remark42/issues/1877 where OAuth authentication fails when the send-jwt-header option is enabled. The problem occurred because:
- When SendJWTHeader is enabled, the auth service only sends the JWT as a header without setting cookies
- During OAuth flows, the authentication involves redirects between the app and the provider
- HTTP headers don't persist through redirects, so the authentication state was lost
The solution:
- Modified the jwt.go token Set method to always set cookies during OAuth handshake phases (when claims.Handshake != nil), even when SendJWTHeader is enabled
- For normal authentication (non-handshake), maintain the original behavior where SendJWTHeader=true will only set headers
- This ensures the OAuth flow works properly while maintaining the correct behavior for API requests
Pull Request Test Coverage Report for Build 14726384563
Details
- 9 of 9 (100.0%) changed or added relevant lines in 1 file are covered.
- No unchanged relevant lines lost coverage.
- Overall coverage increased (+0.03%) to 83.608%
| Totals | |
|---|---|
| Change from base Build 14460341874: | 0.03% |
| Covered Lines: | 2693 |
| Relevant Lines: | 3221 |
💛 - Coveralls
This diff doesn't work for Remark42 as-is because of reasons described in https://github.com/umputun/remark42/issues/1877#issuecomment-2840461165, but it would work oAuth for users of the library. It just seems that no one ever set this flag to hit the buggy behaviour with oAuth.