mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-05-20 01:36:37 +00:00
0211c1eace
The session cookie has no Max-Age, so it is lost when the browser closes. The password flow compensates via a "Remember me" checkbox issuing an LTA cookie; OAuth2/OIDC sign-in had no such UI. Issuing a regular LTA cookie after an OAuth callback would skip the IdP for LOGIN_REMEMBER_DAYS. Instead, this introduces a separate LongTermAuthorizationSSO purpose: the cookie is opt-in via the existing "Remember me" checkbox, and when presented without a session, autoSignIn redirects through the IdP with OIDC prompt=none for silent re-auth. On login_required / interaction_required / consent_required / account_selection_required we transparently fall back to interactive sign-in. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12321 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|---|---|---|
| .. | ||
| admin | ||
| auth | ||
| demo | ||
| events | ||
| explore | ||
| feed | ||
| healthcheck | ||
| misc | ||
| moderation | ||
| org | ||
| repo | ||
| shared | ||
| user | ||
| base.go | ||
| githttp.go | ||
| goget.go | ||
| home.go | ||
| metrics.go | ||
| nodeinfo.go | ||
| swagger_json.go | ||
| web.go | ||
| webfinger.go | ||