Francesco Martinelli

I deployed 7.42 (DevWorkspace) using chectl (stable channel) on EKS (amazon kubernetes) and configured an auth0 instance as OIDC. I opened the browser developer tools and compared the calls after...

Just installed the 7.43.0 and unfortunately the issue persists. In the following the http requests sequence:  As you can see the external OIDC sign out redirect is missing as...

I am using auth0 and in auth0 the logout endpoint is not configurable: https://auth0.com/docs/api/authentication#logout

`/oauth/sign_out` is correct but is missing the `rd` parameter. So, what I expect is that the logout button should redirect to `/oauth/sign_out?rd=` instead of `/oauth/sign_out` only. is a configuration that...

Unfortunately, I cannot currently plan to develop this feature. So currently, what I can suggest is the high level implementation (hopefully it will help) : - Add the configuration OIDC_END_SESSION_ENDPOINT...

Unfortunately, I haven't had a chance to try yet. As for the refresh functionality I think you are right. Session cookies do not expire so the refresh mechanism in this...

okay, so I suggest using an image based on ubuntu which almost always has far fewer vulnerabilities than debian.

Honestly in the meantime I found a workaround but from the changelog I see that in 7.5.0 the session cookie support has been added so probably yes, you can close...

Do you have a plan for the release of the new configbump image? It still has many critical and high vulnerabilities.

Any news on this item? It has sprint-current label since Jan 25.