Add config option to bypass cookie checking on SSO callback.

Signed-off-by: Jason Volk <jason@zemos.net>
2026-02-26 05:00:42 +00:00
parent 9e09162817
commit 99bbcb34b6
3 changed files with 35 additions and 15 deletions
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@@ -2768,6 +2768,15 @@ pub struct IdentityProvider {
 	/// default: 300
 	#[serde(default = "default_sso_grant_session_duration")]
 	pub grant_session_duration: Option<u64>,
+
+	/// Whether to check the redirect cookie during the callback. This is a
+	/// security feature and should remain enabled. This is available for
+	/// developers or deployments which cannot tolerate cookies and are willing
+	/// to tolerate the risks.
+	///
+	/// default: true
+	#[serde(default = "true_fn")]
+	pub check_cookie: bool,
 }

 impl IdentityProvider {