OIDC: oidcchecksession and session data encoding
Environment
LemonLDAP::NG version: 2.0.8
Operating system: Debian buster
Web server: NginX
Summary
The iodcchecksession iFrame always return "changed" to the host web application.
Possible fixes
The code to encode OIDC session state seems to differ between portal and oidcchecksession iframe.
my $data = $client_id . " " . $session_id . " " . $salt;
my $hash = sha256_base64($data);
client_id = decodeURIComponent(message.split(' ')[0]);
session_state = decodeURIComponent(message.split(' ')[1]);
salt = decodeURIComponent(session_state.split('.')[1]);
ss = btoa(client_id + ' ' + e.origin + ' ' + salt) + '.' + salt;
That has the effect of having JavaScript session state never match portal session state, and always returning changed to the host web application.