auth_fc: store id_token in session when linking (#69989)
Password change view is hidden only if the current session was opened with FranceConnect and if the id_token is visible in the session, this change will enforce the second condition when during the same session the account is unlinked and linked again to FranceConnect. It will also permit to launch a logout if the link fails.
This commit is contained in:
parent
5a821a8883
commit
89b526066d
|
@ -334,6 +334,10 @@ class LoginOrLinkView(View):
|
|||
|
||||
def link(self, request):
|
||||
'''Request an access grant code and associate it to the current user'''
|
||||
# keep id_token around for logout
|
||||
request.session['fc_id_token'] = self.id_token
|
||||
request.session['fc_id_token_raw'] = self.token['id_token']
|
||||
|
||||
try:
|
||||
self.fc_account, created = models.FcAccount.objects.get_or_create(
|
||||
sub=self.sub,
|
||||
|
|
Loading…
Reference in New Issue