okta-signin-widget 7.0+ No longer references cookies #31
Comments
|
For me, I had to settle on just using the Okta Sign-in Widget 5.0.1 |
|
When I exchange the code for tokens by calling the /token endpoint I get the access token, id token as expected. If I attempt to use the same code twice it doesn't work. This to me is a good thing as you wouldn't want someone to keep trying to use the same code to get tokens. Because of this I'm wondering if it is necessary to do checks on state and nonce. Just a thought. |
|
Something seems broken with the middleware of this project. I'm not sure what it is. See issue 33 I created. I can get authentication working using the /accounts/login url as long as I don't have the middleware enabled. It seems like the middleware is removing the session or something. I never see a session get created in the database when the middleware is enabled. |
django-okta-auth/okta_oauth2/views.py
Line 57 in 99116ff
Trying to implement the latest okta-signin-widget into my existing django project. I'm having difficulty with the callback method. Curernt okta-signin-widget as of 7.0+ no longer creates state or nonce cookies. Also it doesn't look like this supports PKCE.
There seems to be a number of github repositories that reference okta and django but none of them work very well with the current standards. Any ideas?
Thanks!
The text was updated successfully, but these errors were encountered: