mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-05-20 01:36:37 +00:00
0211c1eace
The session cookie has no Max-Age, so it is lost when the browser closes. The password flow compensates via a "Remember me" checkbox issuing an LTA cookie; OAuth2/OIDC sign-in had no such UI. Issuing a regular LTA cookie after an OAuth callback would skip the IdP for LOGIN_REMEMBER_DAYS. Instead, this introduces a separate LongTermAuthorizationSSO purpose: the cookie is opt-in via the existing "Remember me" checkbox, and when presented without a session, autoSignIn redirects through the IdP with OIDC prompt=none for silent re-auth. On login_required / interaction_required / consent_required / account_selection_required we transparently fall back to interactive sign-in. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12321 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|---|---|---|
| .. | ||
| assert_interface_test.go | ||
| init.go | ||
| providers.go | ||
| providers_base.go | ||
| providers_custom.go | ||
| providers_openid.go | ||
| providers_simple.go | ||
| source.go | ||
| source_authenticate.go | ||
| source_callout.go | ||
| source_name.go | ||
| source_register.go | ||
| store.go | ||
| token.go | ||
| urlmapping.go | ||