Project

General

Profile

Actions

Feature #100077

closed

Add PSR-14 event to conditionally disable request token validation

Added by Torben Hansen over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Must have
Assignee:
Category:
Authentication
Target version:
Start date:
2023-03-03
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

The request token validation introduced in #97305 required a valid request token in AbstractUserAuthentication. This is problematic for extensions implementing an external SSO (e.g. OpenID, OpenID Connect, ...), if the authentication process was initialized without submitting a request token.

A new PSR-14 event must be added, so extensions can conditionally disable the request token validation in AbstractUserAuthentication.

Actions

Also available in: Atom PDF