Bug 32354: Accept session_state param given by OAuth IdP

This patch ensures Koha doesn't throw an error if the IdP hands back a session_state parameter. To test: 1) Set up an identity provider 2) On the IdP's configuration, make it hand back a session_state 3) Confirm authentication using OIDC works with and without the session_state Sponsored-by: Plant & Food Research Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 years ago · a4d9f572bc
2 changed files with 8 additions and 0 deletions
--- a/api/v1/swagger/paths/oauth.yaml
+++ b/api/v1/swagger/paths/oauth.yaml
@ -98,6 +98,10 @@
        in: query
        description: Web page with user friendly description of the error
        type: string
+      - name: session_state
+        in: query
+        description: Session state returned by OAuth server
+        type: string
    responses:
      "302":
        description: User authorized
--- a/api/v1/swagger/paths/public_oauth.yaml
+++ b/api/v1/swagger/paths/public_oauth.yaml
@ -53,6 +53,10 @@
        in: query
        description: Web page with user friendly description of the error
        type: string
+      - name: session_state
+        in: query
+        description: Session state returned by OAuth server
+        type: string
    responses:
      "302":
        description: User authorized