New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Session change without session token #7883
Comments
relates to #6099 |
@livio-a, I have 2 questions:
zitadel/docs/docs/guides/integrate/login-ui/_logout.mdx Lines 4 to 7 in 6cf9ca9
As without the token we can't establish the "authenticated user" and the logic falls back to the I have a draft PR here if you want to check what I mean: #7963
|
|
The session update and deletion require the current session token as argument.
Since this adds extra complexity but no real additional security and prevents case like magic links, we want to remove this requirement.
We still require the session token on other resouces / endpoints, e.g. for finalizing the auth request or on idp intents.
Acceptance criteria
The text was updated successfully, but these errors were encountered: