Difference between revisions of "Authentication Cookie"

From MgmtWiki
Jump to: navigation, search
(Problems)
(Problems)
Line 7: Line 7:
 
==Problems==
 
==Problems==
 
*The use of [[Cookies]] on various devices and [[User Agent]]s has be restricted in ever more severe ways. These restrictions have limited the functionality of the [[Authentication Cookie]].
 
*The use of [[Cookies]] on various devices and [[User Agent]]s has be restricted in ever more severe ways. These restrictions have limited the functionality of the [[Authentication Cookie]].
*In particular Apple introduced a restriction on same-site cookies that caused common implementations of [[OAuth 2.0]] to fail. Brock Allen decode that issue on his site<ref>Brock Allen, ''Same-site cookies, ASP.NET Core, and external authentication providers.'' (2019-01-11) https://brockallen.com/2019/01/11/same-site-cookies-asp-net-core-and-external-authentication-providers/</ref> The basic problem is OAuth front channel [[Authentication]] is determining which site is the "same site". So, while the authentication works, the redirect to the client code is not considered, by iOS 12) to be a same site operation.
+
*In particular Apple introduced a restriction on same-site cookies that caused common implementations of [[OAuth 2.0]] to fail. Brock Allen decode that issue on his site<ref>Brock Allen, ''Same-site cookies, ASP.NET Core, and external authentication providers.'' (2019-01-11) https://brockallen.com/2019/01/11/same-site-cookies-asp-net-core-and-external-authentication-providers/</ref> The basic problem with OAuth front channel [[Authentication]] is determining which site is the "same site". So, while the authentication works, the redirect to the client code is not considered, by iOS 12, to be a same-site operation. Even in the case a refresh of the client site will work and be fully authenticated, because it is not a redirect, but a same-site operation.
  
 
==Solution==
 
==Solution==

Revision as of 10:09, 17 March 2019

Full Title or Meme

An Authentication Cookie is a compact collection of data provided to a User Agent by a Web Site to be retrieved later as proof that an Authentication has be successful with this session on this device.

Context

Cookies were introduced to Web Sites to enable a continuity of

Problems

  • The use of Cookies on various devices and User Agents has be restricted in ever more severe ways. These restrictions have limited the functionality of the Authentication Cookie.
  • In particular Apple introduced a restriction on same-site cookies that caused common implementations of OAuth 2.0 to fail. Brock Allen decode that issue on his site[1] The basic problem with OAuth front channel Authentication is determining which site is the "same site". So, while the authentication works, the redirect to the client code is not considered, by iOS 12, to be a same-site operation. Even in the case a refresh of the client site will work and be fully authenticated, because it is not a redirect, but a same-site operation.

Solution

Reverences

  1. Brock Allen, Same-site cookies, ASP.NET Core, and external authentication providers. (2019-01-11) https://brockallen.com/2019/01/11/same-site-cookies-asp-net-core-and-external-authentication-providers/