Feature #100077: Add PSR-14 event to conditionally disable request token validation - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Feature #100077

closed

Add PSR-14 event to conditionally disable request token validation

Added by Torben Hansen about 1 year ago. Updated about 1 year ago.

Status:

Closed

Priority:

Must have

Assignee:

Torben Hansen

Category:

Authentication

Target version:

12 LTS

Start date:

2023-03-03

Due date:

% Done:

Estimated time:

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

The request token validation introduced in #97305 required a valid request token in AbstractUserAuthentication. This is problematic for extensions implementing an external SSO (e.g. OpenID, OpenID Connect, ...), if the authentication process was initialized without submitting a request token.

A new PSR-14 event must be added, so extensions can conditionally disable the request token validation in AbstractUserAuthentication.