Skip to content

Feature/479 nonce #500

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Zonnex wants to merge 6 commits into from
Closed

Feature/479 nonce #500

Zonnex wants to merge 6 commits into from

Conversation

@Zonnex
Copy link
Contributor

@Zonnex Zonnex commented Mar 27, 2025

This PR adds nonce and nonce-validation.

Created as draft for review. Piggy-backing on state-storage feature because we use IMemoryCache here as well.

@Zonnex Zonnex force-pushed the feature/479-nonce branch 2 times, most recently from 83f8b9c to 495cc35 Compare March 28, 2025 15:08
@Zonnex Zonnex force-pushed the feature/479-nonce branch from 495cc35 to cfb0110 Compare April 9, 2025 08:21
@elinohlsson
Copy link
Contributor

elinohlsson commented Sep 5, 2025

In many scenarios (depending on device, OS, etc.), Active Login deliberately clears the returnUrl value and replaces it with an empty string. This is required to make the flow work, the BankID app closes, and the user returns to the application in the background. Because of this behavior, letting Active Login attach a nonce to the returnUrl isn’t straightforward. I think we need to handle this another way. Will close this PR for now and open a new issue for potential improvements in this area.

@elinohlsson elinohlsson closed this Sep 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Zonnex @elinohlsson