Bug 32354: Accept session_state param given by OAuth IdP

This patch ensures Koha doesn't throw an error if the IdP hands back a
session_state parameter.

To test:

1) Set up an identity provider
2) On the IdP's configuration, make it hand back a session_state
3) Confirm authentication using OIDC works with and without the
session_state

Sponsored-by: Plant & Food Research
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

diff --git a/api/v1/swagger/paths/oauth.yaml b/api/v1/swagger/paths/oauth.yaml
index e471336..2b3f2fb 100644 (file)
--- a/api/v1/swagger/paths/oauth.yaml
+++ b/api/v1/swagger/paths/oauth.yaml
@@ -98,6 +98,10 @@
         in: query
         description: Web page with user friendly description of the error
         type: string
+      - name: session_state
+        in: query
+        description: Session state returned by OAuth server
+        type: string
     responses:
       "302":
         description: User authorized

diff --git a/api/v1/swagger/paths/public_oauth.yaml b/api/v1/swagger/paths/public_oauth.yaml
index 40fe951..80ac4e3 100644 (file)
--- a/api/v1/swagger/paths/public_oauth.yaml
+++ b/api/v1/swagger/paths/public_oauth.yaml
@@ -53,6 +53,10 @@
         in: query
         description: Web page with user friendly description of the error
         type: string
+      - name: session_state
+        in: query
+        description: Session state returned by OAuth server
+        type: string
     responses:
       "302":
         description: User authorized