mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-15 01:02:54 +02:00
fb9eb31be9
The identity manager expects to be able to read session ID and user ID from any deleted databroker session records. The session.Delete() wrapper method is not compatible with this expectation, as it calls Put() with a record containing an empty session. The stateful authentication flow currently calls session.Delete() from its RevokeSession() method. The result is that the identity manager will not correctly track sessions deleted by the the stateful authentication flow, and will still try to use them during session refresh and user info refresh. Instead, let's change the stateful authentication flow RevokeSession() method to perform deletions in a way that is compatible with the current identity manager code. That is, include the existing session data in the Put() call to delete the revoked session. |
||
|---|---|---|
| .. | ||
| authenticateflow.go | ||
| identityprofile.go | ||
| request.go | ||
| request_test.go | ||
| stateful.go | ||
| stateful_test.go | ||
| stateless.go | ||