Skip to content

Commit

Permalink
Merge pull request #4438 from open-formulieren/issue/4435-oidc-infini…
Browse files Browse the repository at this point in the history 
…te-redirect

🐛 [#4435] Fix infinite redirect on sessionrefresh for OIDC
  • Loading branch information
@stevenbal
stevenbal authored Jul 2, 2024
2 parents 74b2f40 + 3cc8cba commit f8a62b9
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 8 deletions.
4 changes: 2 additions & 2 deletions requirements/base.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ django-csp==3.8
# via -r requirements/base.in
django-csp-reports==1.8.1
# via -r requirements/base.in
django-digid-eherkenning[oidc]==0.15.0
django-digid-eherkenning[oidc]==0.16.0
# via -r requirements/base.in
django-filter==23.2
# via -r requirements/base.in
Expand Down Expand Up @@ -334,7 +334,7 @@ maykin-python3-saml==1.16.1
# via django-digid-eherkenning
mozilla-django-oidc==4.0.0
# via mozilla-django-oidc-db
mozilla-django-oidc-db==0.18.1
mozilla-django-oidc-db==0.19.0
# via
# -r requirements/base.in
# django-digid-eherkenning
Expand Down
4 changes: 2 additions & 2 deletions requirements/ci.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@ django-csp-reports==1.8.1
# via
# -c requirements/base.txt
# -r requirements/base.txt
django-digid-eherkenning[oidc]==0.15.0
django-digid-eherkenning[oidc]==0.16.0
# via
# -c requirements/base.txt
# -r requirements/base.txt
Expand Down Expand Up @@ -618,7 +618,7 @@ mozilla-django-oidc==4.0.0
# -c requirements/base.txt
# -r requirements/base.txt
# mozilla-django-oidc-db
mozilla-django-oidc-db==0.18.1
mozilla-django-oidc-db==0.19.0
# via
# -c requirements/base.txt
# -r requirements/base.txt
Expand Down
4 changes: 2 additions & 2 deletions requirements/dev.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,7 @@ django-csp-reports==1.8.1
# -r requirements/ci.txt
django-debug-toolbar==4.3.0
# via -r requirements/dev.in
django-digid-eherkenning[oidc]==0.15.0
django-digid-eherkenning[oidc]==0.16.0
# via
# -c requirements/ci.txt
# -r requirements/ci.txt
Expand Down Expand Up @@ -693,7 +693,7 @@ mozilla-django-oidc==4.0.0
# -c requirements/ci.txt
# -r requirements/ci.txt
# mozilla-django-oidc-db
mozilla-django-oidc-db==0.18.1
mozilla-django-oidc-db==0.19.0
# via
# -c requirements/ci.txt
# -r requirements/ci.txt
Expand Down
4 changes: 2 additions & 2 deletions requirements/extensions.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ django-csp-reports==1.8.1
# via
# -c requirements/base.in
# -r requirements/base.txt
django-digid-eherkenning[oidc]==0.15.0
django-digid-eherkenning[oidc]==0.16.0
# via
# -c requirements/base.in
# -r requirements/base.txt
Expand Down Expand Up @@ -515,7 +515,7 @@ mozilla-django-oidc==4.0.0
# via
# -r requirements/base.txt
# mozilla-django-oidc-db
mozilla-django-oidc-db==0.18.1
mozilla-django-oidc-db==0.19.0
# via
# -c requirements/base.in
# -r requirements/base.txt
Expand Down
9 changes: 9 additions & 0 deletions src/openforms/conf/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1031,6 +1031,15 @@
# Access token required for performing the Token exchange
OIDC_STORE_ACCESS_TOKEN = True

# Paths that are exempt from the SessionRefresh middleware
# these must be explicitly added to avoid infinite redirects from happening (#4435)
if _USE_LEGACY_OIDC_ENDPOINTS:
OIDC_EXEMPT_URLS = [
"legacy_oidc:oidc_authentication_init",
"legacy_oidc:oidc_authentication_callback",
"legacy_oidc:oidc_logout",
]

# TODO: remove once 2.7 is released, this is required for data migration(s)
MOZILLA_DJANGO_OIDC_DB_CACHE = "solo"

Expand Down

0 comments on commit f8a62b9

Please sign in to comment.