[pbs-devel] [PATCH proxmox-backup v2 0/2] add support for HttpOnly cookies for OpenID authentication flow

Maximiliano Sandoval m.sandoval at proxmox.com
Thu Aug 7 14:53:33 CEST 2025


Shannon Sterz <s.sterz at proxmox.com> writes:

> these two patches do the following:
>
> 1. add a `http-only` parameter to the OpenID login endpoint, so clients
>    can opt into receive the authentication ticket via a HttpOnly cookie
> 2. opt the ui dialog into using this new HttpOnly parameter
>
> this should fix a bug where users were instantly logged out again after
> a successful OpenID authentication.
>
> changes since v1, thanks @ Mira Limbeck:
>
> - fixed an issue where the open id login endpoint would return a
>   `ticket_info` field instead of a `ticket-info` field.
>
> Shannon Sterz (2):
>   api: openid: allow users of openid to opt into the HttpOnly cookies
>   ui: opt open id authentication flows into the new http only flow
>
>  src/api2/access/openid.rs | 346 ++++++++++++++++++++++----------------
>  www/LoginView.js          |   1 +
>  2 files changed, 206 insertions(+), 141 deletions(-)

Tested with a Keycloak instance. It works now and both cookies are set!

Tested-by: Maximiliano Sandoval <m.sandoval at proxmox.com>

-- 
Maximiliano




More information about the pbs-devel mailing list