https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42719
--- Comment #9 from David Cook <[email protected]> --- If we look at OIDC, it does outline some information about "Initiating Login from a Third Party": https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin Okta itself refers you to the OIDC docs: https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm It looks like X-FRAME-OPTIONS is what blocks the iframe clickjacking in modern browsers... And my testing for putting it into something like an <img> actually only failed because of using localhost for testing... For Okta, wouldn't it make sense to create a "initiate_login_uri" that takes the "iss" parameter, checks it against the Koha database, and then prompts the user saying "Issuer <iss> is initiating login. Would you like to proceed?" and then go off that? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
