https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736
--- Comment #7 from Lari Taskula <[email protected]> --- Hi David, (In reply to David Cook from comment #4) > Lari: Which version of Koha are you using? 25.05.02 and 24.11.06 (In reply to David Cook from comment #2) > While I think coding a fix for that error message would be a good idea, you > need to have a Koha session in order to generate the state value for the > OIDC login. > I suppose you could argue that the endpoint could generate a CGISESSID > cookie if it's missing, but there shouldn't be a scenario where it's missing > when logging in, since you should be navigating to it from the Koha UI. Would there be any downsides of having the endpoint generate the CGISESSID in case it is missing? Out of curiosity wouldn't it be useful to do so for external applications wanting to OIDC-authenticate an user to Koha to gain access to its authorized REST API endpoints? By bare minimum we have to handle the exception by checking the existence of CGISESSID and responding with a HTTP 400 (bad request) in case it is missing, and perhaps log a warning instead of an error, if the logging of this event is wanted in the first place. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
