Hi,
I created an SSO extension that works fine. The extension triggers for my domain when I need to run an OIDC flow by the "authorize" path of my issuer. I finish the whole OIDC flow inside the extension and get the required parameters (access token, ID token, state, etc.), and build the "Location" header to return to the caller (in my case it triggers from Safari). I also attach the "Set-Cookie" with my cookies.
For completion, I call the
authorizationRequest?.complete(httpResponse: response, httpBody: nil)
with a 302 code response I create which contains the cookies and the Location header.
My problem is that the Safari gets the response with the redirect, removes the Extension, and a sec after the extension triggers again with the same "authorize" request. All this happens in a loop without stopping, unless I call authorizationRequest?.doNotHandle(). I checked the "Location" header to a similar one from a regular web flow that works fine (without the extension) and both are the same.
Any help or idea will be blessed.
Thank you!