macOS SSO extension runs into a loop in redirect

Hi,

I created an SSO extension that works fine. The extension triggers for my domain when I need to run an OIDC flow by the "authorize" path of my issuer. I finish the whole OIDC flow inside the extension and get the required parameters (access token, ID token, state, etc.), and build the "Location" header to return to the caller (in my case it triggers from Safari). I also attach the "Set-Cookie" with my cookies.

For completion, I call the

authorizationRequest?.complete(httpResponse: response, httpBody: nil)

with a 302 code response I create which contains the cookies and the Location header.

My problem is that the Safari gets the response with the redirect, removes the Extension, and a sec after the extension triggers again with the same "authorize" request. All this happens in a loop without stopping, unless I call authorizationRequest?.doNotHandle(). I checked the "Location" header to a similar one from a regular web flow that works fine (without the extension) and both are the same.

Any help or idea will be blessed.

Thank you!

Hello, What OIDC flow are you using? If it is an authorization code flow and you have already completed the request, then you likely need a 200 response instead of the 302.

I'm using Implicit and need to return the access token and ID token. On second thought, we are probably doing Device flow (or hybrid) as the authentication is done via a push to the user's mobile device, and we poll for the answer while waiting. We do not use SFSafari or any other in the extension, but regular NSSessions to complete the flow in front of our AS (also certificate-based) so the extension will catch the "authorize", do the token endpoint, etc., and needs to return to Safari with the access token and ID token, but it seems what I try doesn't work. I tried 200 but return to a blank page.

macOS SSO extension runs into a loop in redirect
 
 
Q