go-pkgz / auth

84%

master: 84%

LAST BUILD ON BRANCH paskal/fix_send_jwt_header

branch: paskal/fix_send_jwt_header

CHANGE BRANCH

x

Reset

• paskal/fix_send_jwt_header
• allowed-provider-check
• apple-reponse-mode-fix
• aud-secrets
• ava-factory
• cookie-domain
• custom-dev-host
• custom-dev-port
• dependabot/go_modules/_example/golang.org/x/crypto-0.17.0
• dependabot/go_modules/_example/golang.org/x/image-0.5.0
• dependabot/go_modules/_example/golang.org/x/net-0.17.0
• dependabot/go_modules/_example/golang.org/x/net-0.7.0
• dependabot/go_modules/golang.org/x/crypto-0.31.0
• dependabot/go_modules/v2/github.com/golang-jwt/jwt/v5-5.2.2
• dependabot/go_modules/v2/golang.org/x/crypto-0.31.0
• dependabot/go_modules/v2/golang.org/x/net-0.33.0
• dependabot/go_modules/v2/golang.org/x/net-0.36.0
• direct-custom-id
• dverhoturov/telegram_fix
• email-sender
• fix-anon
• fix-providers-names
• go1_20
• jwt-header
• master
• microsoft
• no-ava
• official-mongo-drvier
• paskal/HttpOnly
• paskal/add_common_processor
• paskal/avatar_return_proper_content_type
• paskal/bump_ci_go_version
• paskal/bump_dep
• paskal/bump_go_modules
• paskal/bump_modules
• paskal/double_close
• paskal/email_module
• paskal/facelift
• paskal/fix_actions_test
• paskal/fix_apple_key_panic
• paskal/fix_custom_server
• paskal/fix_error
• paskal/fix_golangcilint
• paskal/fix_lint_report
• paskal/google_auth_doc
• paskal/improve_telegram
• paskal/modules_bump
• paskal/mongodb
• paskal/moq
• paskal/new_errors
• paskal/plain_text
• paskal/switch_to_v2
• paskal/sync_v2
• paskal/telegram_site_id
• paskal/tg_username
• paskal/token_generation_instructions
• paskal/update-dependencies
• paskal/update-modules
• paskal/update_modules
• paskal/update_pkcs8
• paskal/v2
• paskal/v2_golangcilint
• paskal/v2_jwt5
• rbac
• refs/tags/v0.10.0
• refs/tags/v0.10.1
• refs/tags/v0.10.2
• refs/tags/v0.11.0
• refs/tags/v0.12.0
• refs/tags/v0.12.1
• refs/tags/v1.13.0
• refs/tags/v1.13.1
• refs/tags/v1.14.0
• refs/tags/v1.15.0
• refs/tags/v1.16.0
• refs/tags/v1.17.0
• refs/tags/v1.18.0
• refs/tags/v1.19.0
• refs/tags/v1.19.1
• refs/tags/v1.20.0
• refs/tags/v1.21.0
• refs/tags/v1.22.0
• refs/tags/v1.22.1
• refs/tags/v1.23.0
• refs/tags/v1.24.0
• refs/tags/v1.24.1
• refs/tags/v1.24.2
• refs/tags/v1.25.1
• refs/tags/v1.5.1
• refs/tags/v2.0.0
• remove-bluemonday
• samesite
• sanitize-verifyed
• v0.8.0
• v0.8.1
• v0.8.2
• v0.8.3
• v0.9.0
• verify-avatar

Build # 14726384563

Build Type

Pull #241

github

Committed by paskal

Commit Message

Set cookies for OAuth flows when SendJWTHeader is enabled

This fixes https://github.com/umputun/remark42/issues/1877 where OAuth
 authentication
fails when the send-jwt-header option is enabled. The problem occurred
 because:

1. When SendJWTHeader is enabled, the auth service only sends the JWT
as a header
   without setting cookies
2. During OAuth flows, the authentication involves redirects between
the app and the
   provider
3. HTTP headers don't persist through redirects, so the authentication
 state was lost

The solution:
- Modified the jwt.go token Set method to always set cookies during
OAuth handshake
  phases (when claims.Handshake != nil), even when SendJWTHeader is
enabled
- For normal authentication (non-handshake), maintain the original
behavior where
  SendJWTHeader=true will only set headers
- This ensures the OAuth flow works properly while maintaining the
correct behavior
  for API requests

Pull Request Pull Request #241: Set cookies for OAuth flows when SendJWTHeader is enabled

Run Details

5 of 5 new or added lines in 1 file covered. (100.0%)

8 existing lines in 1 file now uncovered.

2693 of 3221 relevant lines covered (83.61%)

7.19 hits per line