From a4d9f572bcd9bf5464040dadf70ca9ad9e4810b7 Mon Sep 17 00:00:00 2001 From: Aleisha Amohia Date: Sun, 27 Nov 2022 21:24:59 +0000 Subject: [PATCH] Bug 32354: Accept session_state param given by OAuth IdP This patch ensures Koha doesn't throw an error if the IdP hands back a session_state parameter. To test: 1) Set up an identity provider 2) On the IdP's configuration, make it hand back a session_state 3) Confirm authentication using OIDC works with and without the session_state Sponsored-by: Plant & Food Research Signed-off-by: David Cook Signed-off-by: Tomas Cohen Arazi --- api/v1/swagger/paths/oauth.yaml | 4 ++++ api/v1/swagger/paths/public_oauth.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/api/v1/swagger/paths/oauth.yaml b/api/v1/swagger/paths/oauth.yaml index e471336ced..2b3f2fb029 100644 --- a/api/v1/swagger/paths/oauth.yaml +++ b/api/v1/swagger/paths/oauth.yaml @@ -98,6 +98,10 @@ in: query description: Web page with user friendly description of the error type: string + - name: session_state + in: query + description: Session state returned by OAuth server + type: string responses: "302": description: User authorized diff --git a/api/v1/swagger/paths/public_oauth.yaml b/api/v1/swagger/paths/public_oauth.yaml index 40fe951909..80ac4e3741 100644 --- a/api/v1/swagger/paths/public_oauth.yaml +++ b/api/v1/swagger/paths/public_oauth.yaml @@ -53,6 +53,10 @@ in: query description: Web page with user friendly description of the error type: string + - name: session_state + in: query + description: Session state returned by OAuth server + type: string responses: "302": description: User authorized