[pbs-devel] [PATCH proxmox-backup v2 0/2] add support for HttpOnly cookies for OpenID authentication flow
Mira Limbeck
m.limbeck at proxmox.com
Thu Aug 7 14:17:18 CEST 2025
On 8/7/25 14:02, Shannon Sterz wrote:
> these two patches do the following:
>
> 1. add a `http-only` parameter to the OpenID login endpoint, so clients
> can opt into receive the authentication ticket via a HttpOnly cookie
> 2. opt the ui dialog into using this new HttpOnly parameter
>
> this should fix a bug where users were instantly logged out again after
> a successful OpenID authentication.
>
> changes since v1, thanks @ Mira Limbeck:
>
> - fixed an issue where the open id login endpoint would return a
> `ticket_info` field instead of a `ticket-info` field.
>
> Shannon Sterz (2):
> api: openid: allow users of openid to opt into the HttpOnly cookies
> ui: opt open id authentication flows into the new http only flow
>
> src/api2/access/openid.rs | 346 ++++++++++++++++++++++----------------
> www/LoginView.js | 1 +
> 2 files changed, 206 insertions(+), 141 deletions(-)
>
> --
> 2.47.2
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
>
>
Gave this a quick test. Looks good!
Both cookies are now set.
Consider this:
Tested-by: Mira Limbeck <m.limbeck at proxmox.com>
More information about the pbs-devel
mailing list