-
-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Infinite redirect loop for prompt=login
#187
Labels
Comments
wojtek-fliposports
added a commit
that referenced
this issue
Jun 6, 2017
wojtek-fliposports
added a commit
to wojtek-fliposports/django-oidc-provider
that referenced
this issue
Jun 6, 2017
Bug juanifioren#187 prompt handling (juanifioren#188)
suutari-ai
added a commit
to suutari-ai/django-oidc-provider
that referenced
this issue
May 23, 2018
* 'develop' of github.com:juanifioren/django-oidc-provider: Update changelog.rst include request in password grant authenticate call Update setup.py Update changelog.rst Update changelog.rst Adjust import order and method order in introspection tests Replace resource with client in docs. Update settings docs to add extra introspection setting Update README.md Update README.md Remove the Resource model Skip csrf protection on introspection endpoint Add token introspection endpoint to satisfy https://tools.ietf.org/html/rfc7662 Test docs with tox. Remove Django 1.7 for travis. Drop support for Django 1.7. Move extract_client_auth to oauth2 utils. Remove duplicate link in docs. Bump version v0.6.0. Fix BaseCodeTokenModel and user attr. Update README.md Edit README and contribute doc. Edit changelog. Update changelog.rst Add protected_resource_view test using client_credentials. Fix docs. Improve docs. Client credentials implementation. Move changelog into docs. Update README.md Update CHANGELOG.md Fixed infinite callback loop in check-session iframe Fix PEP8. New migration. Update example project. Fix PEP8. Fix PEP8. PEP8 errors and urls. PEP8 models. Fix contribute docs. Fix tox for checking PEP8 all files. Update README.md Update README.md Simplify test suit. Update CHANGELOG.md Bump version 0.5.3. Update installation.rst Update CHANGELOG.md Fixed wrong Object in Template Update project to support Django 2.0 Now passing along the token to create_id_token function. Made token and token_refresh endpoint return requested claims. Sphinx documentation fixes (juanifioren#219) Use request.user.is_authenticated as a bool with recent Django (juanifioren#216) Fixed client id retrieval when aud is a list of str. (juanifioren#210) Add owner field to Client (juanifioren#211) Update CHANGELOG removed tab char Add pep8 compliance and checker Bump version Update CHANGELOG.md Preparing v0.5.2 (juanifioren#201) Fix Django 2.0 deprecation warnings (juanifioren#185) Fix infinite login loop if "prompt=login" (juanifioren#198) fixed typos Bump version Fix scope handling of token endpoint (juanifioren#193) Fixes juanifioren#192 Use stored user consent for public clients too (juanifioren#189) Redirect URIs must match exactly. (juanifioren#191) Bug juanifioren#187 prompt handling (juanifioren#188) Don't pin exact versions in install_requires.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The bug is located in: https://github.com/juanifioren/django-oidc-provider/blob/v0.5.x/oidc_provider/views.py#L83
When user is authenticated, it should be logged out when prompt not contains
none
value.Basically whole
prompt
is not handled in proper way:http://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1
I will try to fix
none
login
andconsent
handling and skipselect_account
due is not supported right now.The text was updated successfully, but these errors were encountered: