Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: allow request uuid to be stored #174

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: allow request uuid to be stored #174

wants to merge 1 commit into from

Conversation

Jamedjo
Copy link

@Jamedjo Jamedjo commented Mar 25, 2019

What

Introduces a :store_request_uuid option for later comparison with InResponseTo

By default it saves the request uuid in the session as "saml_transaction_id",
but also accepts a proc that will then be called with the uuid for custom storage.

Why

Needed for #172, although we may also want to pass the value to ruby-saml with matches_request_id:.

@Jamedjo Jamedjo force-pushed the jej/allow-storing-request-uuid branch from 250c64b to 220d9be Compare March 25, 2019 09:33
@coveralls
Copy link

coveralls commented Mar 25, 2019
edited
Loading

Coverage Status

Coverage remained the same at 100.0% when pulling 8ac901c on Jamedjo:jej/allow-storing-request-uuid into 715cc44 on omniauth:master.

@Jamedjo Jamedjo force-pushed the jej/allow-storing-request-uuid branch from 220d9be to cf08ad5 Compare March 25, 2019 10:58
@Jamedjo
Copy link
Author

Jamedjo commented Mar 25, 2019

@md5 @supernova32 Does this look ok?

suprnova32
suprnova32 previously approved these changes Apr 17, 2019
View reviewed changes
Copy link
Member

@suprnova32 suprnova32 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Jamedjo the code looks good. Are you using this already in your apps?

bufferoverflow
bufferoverflow previously approved these changes May 5, 2019
View reviewed changes
feat: allow request uuid to be stored
8ac901c 
Introduces a :store_request_uuid option for later comparison with InResponseTo

By default it saves the request uuid in the session as "saml_transaction_id",
but also accepts a proc that will then be called with the uuid for custom storage.
@Jamedjo Jamedjo dismissed stale reviews from bufferoverflow and suprnova32 via 8ac901c March 13, 2020 12:11
@Jamedjo Jamedjo force-pushed the jej/allow-storing-request-uuid branch from cf08ad5 to 8ac901c Compare March 13, 2020 12:11
@alexrecuenco
Copy link

Was this ever solved in a different way? I see no updates here, and I was trying to do SP-initiated only log-in by looking at the InResponseTo, but I don't think that is currently possible, is it?

Is there any recommendation to avoid CSFR otherwise?

How do you recommend to go about this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@suprnova32 suprnova32 suprnova32 left review comments

@bufferoverflow bufferoverflow bufferoverflow left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Jamedjo @coveralls @alexrecuenco @bufferoverflow @suprnova32