Score:0

Ignore OIDC flow when the authorization and ID-token headers are already present

cn flag

We have in our nginx config a location that is protected with OpenID Connect. Now in the mobile app we want to reuse the login session to show the pages in app-browser. to do that we want to ignore the oidc flow if the sso-id-token and x-access-token headers are already present in the request.

 location /group/my-site {
  auth_jwt \"\" token=$session_jwt
  error_page 401 = @do_oidc_flow
  auth_jwt_key_file $oidc_jwt_keyfile
  set $target http://lb_liferaydxp_web-dev
  proxy_pass $target
  proxy_set_header Host $host
  proxy_set_header SSO-ID-Token $session_jwt
  proxy_set_header X-ACCESS-TOKEN $access_token

we tried the following by setting this if loop insde the location block

if ($http_sso_id_token != "") {
 set $session_jwt $http_sso_id_token;
}

that works and we are allowed to proceed without redirected to login page. but the problem is that it don't take into account the session we are in. so another request will take over the login of that person.

Any ideas how we can achieve this if possible?

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.