[pbs-devel] [PATCH proxmox-backup v2 0/2] add support for HttpOnly cookies for OpenID authentication flow
Maximiliano Sandoval
m.sandoval at proxmox.com
Thu Aug 7 14:53:33 CEST 2025
Shannon Sterz <s.sterz at proxmox.com> writes:
> these two patches do the following:
>
> 1. add a `http-only` parameter to the OpenID login endpoint, so clients
> can opt into receive the authentication ticket via a HttpOnly cookie
> 2. opt the ui dialog into using this new HttpOnly parameter
>
> this should fix a bug where users were instantly logged out again after
> a successful OpenID authentication.
>
> changes since v1, thanks @ Mira Limbeck:
>
> - fixed an issue where the open id login endpoint would return a
> `ticket_info` field instead of a `ticket-info` field.
>
> Shannon Sterz (2):
> api: openid: allow users of openid to opt into the HttpOnly cookies
> ui: opt open id authentication flows into the new http only flow
>
> src/api2/access/openid.rs | 346 ++++++++++++++++++++++----------------
> www/LoginView.js | 1 +
> 2 files changed, 206 insertions(+), 141 deletions(-)
Tested with a Keycloak instance. It works now and both cookies are set!
Tested-by: Maximiliano Sandoval <m.sandoval at proxmox.com>
--
Maximiliano
More information about the pbs-devel
mailing list