Hi all, I am implementing an OpenID Connect(OIDC) handler for Apache Sling. In an OIDC request there is a parameter called state. Below is the definition given to state in OIDC specification[1]. state RECOMMENDED. Opaque value used to maintain state between the request and the callback. Typically, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie. I want to store the state value in a HashMap against an unique parameter such as browser cookie. Is there any implementation in Sling to take the browser cookie or what should I use instead of cookie?
Thank You. [1] - https://openid.net/specs/openid-connect-basic-1_0.html -- *Hasini Witharana* Undergraduate | Department of Computer Science and Engineering University of Moratuwa Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/>
