You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When logging users directly using "Option 2" it seems that the cookies are not checked and authentication is performed for every request to the OIDC provider.
Note for me
As the cookie is encrypted, the user is not available unless we poll the OIDC provider (and thus have the same problem).
One solution might be to store the users logged in through oidc in the options table and fetch that list to iterate over just as yourls does with the $yourls_user_passwords array.
When logging users directly using "Option 2" it seems that the cookies are not checked and authentication is performed for every request to the OIDC provider.
Don't know if this is the expected behaviour, but it does create problems with for example XHR requests.
I think this is due to https://github.com/YOURLS/YOURLS/blob/a2d0d2f626c7ee8fcd280eb91d08c61354578d04/includes/functions-auth.php#L324-L333 not checking cookies is the user is not in the local database.
The text was updated successfully, but these errors were encountered: