omniauth-saml icon indicating copy to clipboard operation
omniauth-saml copied to clipboard

Published 20 hours ago verified publisher icon omniauth

feat: allow request uuid to be stored

Open Jamedjo opened this issue 6 years ago • 4 comments

What

Introduces a :store_request_uuid option for later comparison with InResponseTo

By default it saves the request uuid in the session as "saml_transaction_id", but also accepts a proc that will then be called with the uuid for custom storage.

Why

Needed for #172, although we may also want to pass the value to ruby-saml with matches_request_id:.

Jamedjo avatar Mar 25 '19 09:03 Jamedjo

Coverage Status

Coverage remained the same at 100.0% when pulling 8ac901c33d641641496d351d91611a78c1a0b44a on Jamedjo:jej/allow-storing-request-uuid into 715cc44f4d0b85db61d6abed415ad70ec36c076a on omniauth:master.

coveralls avatar Mar 25 '19 09:03 coveralls

@md5 @supernova32 Does this look ok?

Jamedjo avatar Mar 25 '19 11:03 Jamedjo

Was this ever solved in a different way? I see no updates here, and I was trying to do SP-initiated only log-in by looking at the InResponseTo, but I don't think that is currently possible, is it?

Is there any recommendation to avoid CSFR otherwise?

How do you recommend to go about this?

alexrecuenco avatar Oct 06 '23 21:10 alexrecuenco