{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":651543612,"defaultBranch":"master","name":"nginx-oidc-njs","ownerLogin":"jirutka","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2023-06-09T13:25:27.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/949228?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1709826559.0","currentOid":""},"activityList":{"items":[{"before":"67842737b3f0b8494185935223b1fd933d7e4775","after":"5b950ec49cd0fd1885a5349603d357df22425229","ref":"refs/heads/master","pushedAt":"2024-03-07T15:49:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Release version 0.1.1","shortMessageHtmlLink":"Release version 0.1.1"}},{"before":"bf4633c8acce1878f2869284bd9e7ac4e4d100bb","after":"67842737b3f0b8494185935223b1fd933d7e4775","ref":"refs/heads/master","pushedAt":"2024-03-07T15:48:20.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Readme: Mark $oidc_cache_zone_tokens as required","shortMessageHtmlLink":"Readme: Mark $oidc_cache_zone_tokens as required"}},{"before":"0a20e384e1f8ff0611e6a198a16390c02d008bf1","after":"bf4633c8acce1878f2869284bd9e7ac4e4d100bb","ref":"refs/heads/master","pushedAt":"2024-03-07T15:44:20.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Change SameSite=strict to SameSite=lax in default $oidc_cookie_attrs\n\nWhen you click on a link in MS Teams, it opens https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html\nin the browser which sends the URL and some metadata to Microsoft and if\nit decides that the URL is okay (and logs it because they want to spy on\nyou...), it calls `window.location.replace()` to finally redirect you to\nthe site you wanted to go to. The nginx module sends you a redirect to\nthe authorization endpoint, OIDC redirects you to the callback endpoint\nwith the authorization code which is handled by the module. It exchanges\nthe authorization code for the id token, then sends you Set-Cookie with\nthe session id and redirects you to the original target. And now comes\nthe problem. Browser ignores Set-Cookie due to the SameSite policy, so\nthe browser doesn't send the session cookie back to the nginx module.\nSo, you're still not authenticated, thus the module redirects you to the\nauthorization endpoint... and this repeats again and again, until the\nbrowser detects the loop and stops it.","shortMessageHtmlLink":"Change SameSite=strict to SameSite=lax in default $oidc_cookie_attrs"}},{"before":"277b63c3d581c99e3b0c2a960c6c2bd2c18ed961","after":"0a20e384e1f8ff0611e6a198a16390c02d008bf1","ref":"refs/heads/master","pushedAt":"2024-03-07T15:43:03.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Change SameSite=strict to SameSite=lax in default $oidc_cookie_attrs\n\nWhen you click on a link in MS Teams, it opens https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html\nin the browser which sends the URL and some metadata to Microsoft and if\nit decides that the URL is okay (and logs it because they want to spy on\nyou...), it calls `window.location.replace()` to finally redirect you to\nthe site you wanted to go to. The nginx module sends you a redirect to\nthe authorization endpoint, OIDC redirects you to the callback endpoint\nwith the authorization code which is handled by the module. It exchanges\nthe authorization code for the id token, then sends you Set-Cookie with\nthe session id and redirects you to the original target. And now comes\nthe problem. Browser ignores Set-Cookie due to the SameSite policy, so\nthe browser doesn't send the session cookie back to the nginx module.\nSo, you're still not authenticated, thus the module redirects you to the\nauthorization endpoint... and this repeats again and again, until the\nbrowser detects the loop and stops it.","shortMessageHtmlLink":"Change SameSite=strict to SameSite=lax in default $oidc_cookie_attrs"}},{"before":"ae531d730404f8129baec7edab82f10ac672176f","after":"277b63c3d581c99e3b0c2a960c6c2bd2c18ed961","ref":"refs/heads/master","pushedAt":"2024-03-07T13:53:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Ignore Set-Cookie from token and introspection endpoint to fix caching\n\nhttps://stackoverflow.com/a/9232739/2217862:\n\n> Make sure your backend does not return Set-Cookie header. If Nginx sees\n> it, it disables caching.\n>\n> proxy_ignore_header will ensure that the caching takes place.\n> proxy_hide_header will ensure the Cookie payload is not included in the\n> cached payload. This is important to avoid leaking cookies via the\n> NGINX cache.","shortMessageHtmlLink":"Ignore Set-Cookie from token and introspection endpoint to fix caching"}},{"before":"4935ddf249fb06ecdf8df4d298728fb0fb58be37","after":"ae531d730404f8129baec7edab82f10ac672176f","ref":"refs/heads/master","pushedAt":"2024-03-05T12:33:09.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Release version 0.1.0","shortMessageHtmlLink":"Release version 0.1.0"}},{"before":"d8f35294532ad99eeb26fd22c8fd9b7c49967e52","after":"4935ddf249fb06ecdf8df4d298728fb0fb58be37","ref":"refs/heads/master","pushedAt":"2024-03-05T12:28:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"CI: Bump actions/{checkout,upload-artifact} from v3 to v4","shortMessageHtmlLink":"CI: Bump actions/{checkout,upload-artifact} from v3 to v4"}},{"before":"52d298d1bcba92e4837270a3587764ac3396a463","after":"d8f35294532ad99eeb26fd22c8fd9b7c49967e52","ref":"refs/heads/master","pushedAt":"2024-03-05T12:21:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Update package-lock.json","shortMessageHtmlLink":"Update package-lock.json"}},{"before":"8b132ad0faacb7b5b769837bc965fc280d4b99a9","after":"52d298d1bcba92e4837270a3587764ac3396a463","ref":"refs/heads/master","pushedAt":"2024-03-05T12:18:10.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Readme: Add very short intro","shortMessageHtmlLink":"Readme: Add very short intro"}},{"before":"a74c19b1c5dbde81cb2162e27bb81ba9fb438db0","after":"8b132ad0faacb7b5b769837bc965fc280d4b99a9","ref":"refs/heads/master","pushedAt":"2024-02-26T13:42:14.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Readme: Add section Snippets","shortMessageHtmlLink":"Readme: Add section Snippets"}},{"before":"00cee68333f2c8657ed68e70c20aa55e1582a11b","after":"a74c19b1c5dbde81cb2162e27bb81ba9fb438db0","ref":"refs/heads/master","pushedAt":"2023-10-04T14:54:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Don't return 401 if refresh token is invalid, continue like unauthorized\n\nThe user don't care if their refresh token expired, the right approach\nis to treat them like unauthorized and either allow anonymous access or\nredirect to the authorization endpoint.","shortMessageHtmlLink":"Don't return 401 if refresh token is invalid, continue like unauthorized"}},{"before":"63bddcd123b2c9c5bcc4016cf34074c9c173e60c","after":"00cee68333f2c8657ed68e70c20aa55e1582a11b","ref":"refs/heads/master","pushedAt":"2023-10-02T13:11:03.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Expose roles and username claims via js_var from auth-access","shortMessageHtmlLink":"Expose roles and username claims via js_var from auth-access"}},{"before":"8755d3fc965006b43bfcc041b7b956979019c7b8","after":"63bddcd123b2c9c5bcc4016cf34074c9c173e60c","ref":"refs/heads/master","pushedAt":"2023-09-12T15:04:24.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Change debug logging of received tokens to avoid truncating\n\nLong lines are truncated.","shortMessageHtmlLink":"Change debug logging of received tokens to avoid truncating"}},{"before":"10d70875875909850f016ece6d07fc513ea174f7","after":"8755d3fc965006b43bfcc041b7b956979019c7b8","ref":"refs/heads/master","pushedAt":"2023-07-13T21:27:52.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Readme: Add CI badge","shortMessageHtmlLink":"Readme: Add CI badge"}},{"before":"5e7a479ac45f83a0a30ca1fa3a905bd7f0c2013a","after":"10d70875875909850f016ece6d07fc513ea174f7","ref":"refs/heads/master","pushedAt":"2023-07-02T22:39:08.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Readme: Add CI badge","shortMessageHtmlLink":"Readme: Add CI badge"}},{"before":"041a9258b5195bcd4b0c3bacbef7b099b9561ba7","after":"5e7a479ac45f83a0a30ca1fa3a905bd7f0c2013a","ref":"refs/heads/master","pushedAt":"2023-07-01T22:07:55.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Readme: Add CI badge","shortMessageHtmlLink":"Readme: Add CI badge"}},{"before":"be6082cbfed9c47b26f00d033e3268e25cf5562a","after":"041a9258b5195bcd4b0c3bacbef7b099b9561ba7","ref":"refs/heads/master","pushedAt":"2023-07-01T22:00:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Readme: Add CI badge","shortMessageHtmlLink":"Readme: Add CI badge"}},{"before":"10f65a502ab9577693b1444421d2adffb4f1e88e","after":"be6082cbfed9c47b26f00d033e3268e25cf5562a","ref":"refs/heads/master","pushedAt":"2023-07-01T21:58:39.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Readme: Add section Installation, remove section Development","shortMessageHtmlLink":"Readme: Add section Installation, remove section Development"}},{"before":"81750afe24ceb5dee6f748e8f1aba3f8a43edae3","after":"10f65a502ab9577693b1444421d2adffb4f1e88e","ref":"refs/heads/master","pushedAt":"2023-06-29T22:00:06.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"CI: Add release job","shortMessageHtmlLink":"CI: Add release job"}},{"before":"7a819de2c168006ea42ad6e74b6a4e99046e9a2d","after":null,"ref":"refs/tags/v0.0.0_pre1","pushedAt":"2023-06-29T21:59:58.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"}},{"before":"ed9a60147e6da754c88eb4dbc178743a0c6a23f3","after":null,"ref":"refs/tags/v0.0.0_pre1","pushedAt":"2023-06-29T21:56:51.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"}},{"before":"0bb3bbabeaf703234310e7c304d9c12b99a370c4","after":"81750afe24ceb5dee6f748e8f1aba3f8a43edae3","ref":"refs/heads/master","pushedAt":"2023-06-29T21:48:25.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"CI: Add release job","shortMessageHtmlLink":"CI: Add release job"}},{"before":"1628701a8b839c7dd5fc9fb472315091ee7351bb","after":"0bb3bbabeaf703234310e7c304d9c12b99a370c4","ref":"refs/heads/master","pushedAt":"2023-06-29T21:45:30.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"CI: Add release job","shortMessageHtmlLink":"CI: Add release job"}},{"before":"92865552f2db82aabd1acb2c21fe89af886353b6","after":"1628701a8b839c7dd5fc9fb472315091ee7351bb","ref":"refs/heads/master","pushedAt":"2023-06-29T12:12:41.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Readme: Add section Configuration","shortMessageHtmlLink":"Readme: Add section Configuration"}},{"before":"8670d65e770f44dfc500270fa779fc5bf0a0b1cc","after":"92865552f2db82aabd1acb2c21fe89af886353b6","ref":"refs/heads/master","pushedAt":"2023-06-29T11:50:22.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"WIP","shortMessageHtmlLink":"WIP"}},{"before":"6d1974f3f797e7ab2f3e5422cad6aed855055aad","after":"8670d65e770f44dfc500270fa779fc5bf0a0b1cc","ref":"refs/heads/master","pushedAt":"2023-06-28T23:13:18.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"WIP","shortMessageHtmlLink":"WIP"}},{"before":"0239744463757a1327bb8cd7ab8a1b22be3866e7","after":"6d1974f3f797e7ab2f3e5422cad6aed855055aad","ref":"refs/heads/master","pushedAt":"2023-06-28T10:47:56.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Always send absolute URI in redirect_uri and post_logout_redirect_uri\n\nIt's required by the spec.","shortMessageHtmlLink":"Always send absolute URI in redirect_uri and post_logout_redirect_uri"}},{"before":"afbca174d0ae49ee5f5ce0ff08daab42828f65f8","after":"0239744463757a1327bb8cd7ab8a1b22be3866e7","ref":"refs/heads/master","pushedAt":"2023-06-27T21:39:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Improve typing of arrify() in tests","shortMessageHtmlLink":"Improve typing of arrify() in tests"}},{"before":"8cadc7c08ef3c8facfdac89db25c815d168beb6b","after":"afbca174d0ae49ee5f5ce0ff08daab42828f65f8","ref":"refs/heads/master","pushedAt":"2023-06-26T22:38:05.332Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Implement support for OpenID Connect RP-Initiated Logout 1.0","shortMessageHtmlLink":"Implement support for OpenID Connect RP-Initiated Logout 1.0"}},{"before":"d1c05338decdd3524f90cec4918df4c02efdfb5d","after":"8cadc7c08ef3c8facfdac89db25c815d168beb6b","ref":"refs/heads/master","pushedAt":"2023-06-20T11:02:38.961Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jirutka","name":"Jakub Jirutka","path":"/jirutka","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/949228?s=80&v=4"},"commit":{"message":"Bump oauth2-mock-server from ^5.0.2 to ^6.0.0","shortMessageHtmlLink":"Bump oauth2-mock-server from ^5.0.2 to ^6.0.0"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAED0B95AA","startCursor":null,"endCursor":null}},"title":"Activity · jirutka/nginx-oidc-njs"}