<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 22:31:46 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[MODLOGINKC-10] /authn/token returns RT cookie with incorrect path</title>
                <link>https://folio-org.atlassian.net/browse/MODLOGINKC-10</link>
                <project id="10267" key="MODLOGINKC">mod-login-keycloak</project>
                    <description>&lt;p&gt;&lt;b&gt;Summary:&lt;/b&gt; &lt;tt&gt;/authn/token?code=...&lt;/tt&gt; returns an RT cookie with the path set to &lt;tt&gt;/&lt;/tt&gt;; it should be &lt;tt&gt;/authn&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Deatils:&lt;/b&gt; After authenticating via keycloak, you are redirected back to the stripes UI and stripes makes a request to &lt;tt&gt;/authn/token?code=...&lt;/tt&gt; to exchange keycloak&apos;s OTP for FOLIO&apos;s AT and RT cookies. This all works properly (yay, RTR coming soon!) but the path on the RT cookie is &lt;tt&gt;/&lt;/tt&gt; instead of &lt;tt&gt;/authn&lt;/tt&gt; as it is in legacy FOLIO (login to folio-snapshot and look at the cookies returned in the request to &lt;tt&gt;bl-users/login-with-expiry&lt;/tt&gt;). This means the RT cookie is sent on every request. This isn&apos;t technically wrong (functionally, it&apos;s harmless) but it&apos;s bad from a security angle because the RT&apos;s only job is getting a new AT, so it should only be sent over the wire once, and only in a request to an endpoint to refresh the tokens. &lt;/p&gt;</description>
                <environment></environment>
        <key id="79262">MODLOGINKC-10</key>
            <summary>/authn/token returns RT cookie with incorrect path</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10005" iconUrl="https://dev.folio.org/assets/jira-priority/tbd.svg">TBD</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="712020:07e467e0-0427-4289-9a70-d77fcc133763">Yauhen Vavilkin</assignee>
                                                                <reporter accountid="615afd1cd9820f0070a09ef0">Zak Burke</reporter>
                                    <labels>
                            <label>back-end</label>
                            <label>epam-eureka</label>
                            <label>eureka-phase4</label>
                    </labels>
                <created>Fri, 26 Jan 2024 12:09:39 +0000</created>
                <updated>Wed, 7 Feb 2024 10:41:18 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                    <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="13724">UXPROD-4640</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="61663">STCOR-796</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10149"><![CDATA[Eureka]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10367"><![CDATA[TBD]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i097cw:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1717">Eureka Sprint 46</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10044" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>