🐛 [#4435] Exempt legacy OIDC URLs from sessionrefresh

by default, the OIDC endpoints that are used are marked as exempt from SessionRefresh, but this caused infinite redirects in case the legacy URLs were used
open-formulieren · Jul 2, 2024 · d1a3f14 · d1a3f14
1 parent ad725c2
commit d1a3f14
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/src/openforms/conf/base.py b/src/openforms/conf/base.py
@@ -1031,6 +1031,15 @@
 # Access token required for performing the Token exchange
 OIDC_STORE_ACCESS_TOKEN = True
 
+# Paths that are exempt from the SessionRefresh middleware
+# these must be explicitly added to avoid infinite redirects from happening (#4435)
+if _USE_LEGACY_OIDC_ENDPOINTS:
+    OIDC_EXEMPT_URLS = [
+        "legacy_oidc:oidc_authentication_init",
+        "legacy_oidc:oidc_authentication_callback",
+        "legacy_oidc:oidc_logout",
+    ]
+
 # TODO: remove once 2.7 is released, this is required for data migration(s)
 MOZILLA_DJANGO_OIDC_DB_CACHE = "solo"