peezy-tech/jojo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-05-15 23:40:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
jojo/services/auth
History
Erwan Leboucher 0211c1eace feat: persist OAuth2/OIDC sign-in via IdP re-validation (#12321) 
The session cookie has no Max-Age, so it is lost when the browser closes. The password flow compensates via a "Remember me" checkbox issuing an LTA cookie; OAuth2/OIDC sign-in had no such UI.

Issuing a regular LTA cookie after an OAuth callback would skip the IdP for LOGIN_REMEMBER_DAYS. Instead, this introduces a separate LongTermAuthorizationSSO purpose: the cookie is opt-in via the existing "Remember me" checkbox, and when presented without a session, autoSignIn redirects through the IdP with OIDC prompt=none for silent re-auth. On login_required / interaction_required / consent_required / account_selection_required
we transparently fall back to interactive sign-in.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12321
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-15 02:31:20 +02:00
..
method feat: allow Authorized Integrations to have multiple values for a claim match (#12482) 2026-05-10 04:52:02 +02:00
source feat: persist OAuth2/OIDC sign-in via IdP re-validation (#12321) 2026-05-15 02:31:20 +02:00
interface.go feat: allow Authorized Integrations to authenticate to Forgejo's package registries (#12310) 2026-04-29 19:13:01 +02:00
main_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
source.go feat: persist OAuth2/OIDC sign-in via IdP re-validation (#12321) 2026-05-15 02:31:20 +02:00
sync.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00