Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow configuration of same site attribute on auth_verification cookie #323

Merged
merged 4 commits into from
Feb 11, 2022
Merged

allow configuration of same site attribute on auth_verification cookie #323

merged 4 commits into from
Feb 11, 2022

Conversation

BitPatty
Copy link
Contributor

@BitPatty BitPatty commented Feb 4, 2022
edited
Loading

Description

This is a breaking change. Allows to use a custom same site configuration for the auth_verification cookie. I only included the override of the samesite but it could be extended later on.

References

#322

Testing

  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not master

@BitPatty BitPatty requested a review from a team as a code owner February 4, 2022 13:03
adamjmcgrath
adamjmcgrath suggested changes Feb 4, 2022
View reviewed changes
Copy link
Contributor

@adamjmcgrath adamjmcgrath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for raising this @BitPatty

lib/config.js Outdated Show resolved Hide resolved
lib/config.js Outdated
@@ -45,6 +45,14 @@ const paramsSchema = Joi.object({
.maxArity(1)
.optional()
.default(() => defaultSessionIdGenerator),
verificationCookie: Joi.object({
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the transaction cookie isn't strictly part of the session, can we move this config up to the root.

Also, I'm going to need to think about if other properties need to be configurable.

Also, can we call it transactionCookie

Copy link
Contributor Author

@BitPatty BitPatty Feb 4, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Renamed it. I kept it in object format to allow for more options, but/since I'm unsure if there's currently a use case for modifying the other cookie settings.

@BitPatty BitPatty requested a review from adamjmcgrath February 4, 2022 16:19
@adamjmcgrath
Copy link
Contributor

Thanks @BitPatty - will merge shortly

@adamjmcgrath adamjmcgrath merged commit 2f427f4 into auth0:master Feb 11, 2022
@adamjmcgrath adamjmcgrath mentioned this pull request Feb 17, 2022
Merged
@BitPatty BitPatty mentioned this pull request Feb 21, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamjmcgrath adamjmcgrath adamjmcgrath approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BitPatty @adamjmcgrath