Hans

Feel free to open a PR. This is only a problem for OTP-24 btw and you will need 1.11.2 :)

@doomspork Yes exactly. My idea was to have a gen server in front of the DB as a cache layer, and then only save to the database once in a...

Hi @pini-gh I think that would be great Would you have the time to change the Keycloak to a more general OIDC client? I think it is mostly the naming...

Feel free to open a PR for this 👍

Sorry for the delay on this, but I think this would be great 👍

According to this https://developers.google.com/identity/protocols/OAuth2WebServer Google can return `https://oauth2.example.com/auth?error=access_denied` If the user does not approve the request, the response contains an error message. This could potentilly be the problem?

Sounds like we might need to reopen this again

Still feels a bit like an anti pattern to store anything else than a nonce in the state param. I would suggest to follow the advice from the link above...

Yes from auth0 they mention here how to do redirects while still only using the state param for csrf protection https://auth0.com/docs/secure/attack-protection/state-parameters#redirect-users

Yes, precisely. The state is still "just" used for csrf protecting, but users can access the nonce before and after the auth request and therefore store any information related to...