Hello,
I know it’s common for people to loads of stuff in cookies, but I struggled a bit with an Okta cookie today, okta-oauth-redirect-params, while working on a web server in Python. This is because this cookie’s value is JSON, and the Python webserver uses a Python (3.8) standard library module http.cookies to parse cookies. This results in everything after the okta-oauth-redirect-params cookie being unavailable to my server.
Here’s an example:
In [1]: import http.cookies
In [2]: cookieval = """okta-oauth-nonce=validAsciiblabla; okta-oauth-state=validAsciiBlabla; okta-oauth-redirect-params={"respon
...: seType":"code","state":"somestate","nonce":"somenonce","scopes":["openid","profile","email","phone"],"urls":{"issuer":"h
...: ttps://subdomain.okta.com/oauth2/authServer","authorizeUrl":"https://subdomain.okta.com/oauth2/authServer/v1/authorize",
...: "userinfoUrl":"https://subdomain.okta.com/oauth2/authServer/v1/userinfo"}}; importantCookie=importantValue; sessionCooki
...: e=importantSessionValue"""
...: cookie = http.cookies.SimpleCookie()
...: cookie.load(cookieval)
...: cookie.keys()
Out[2]: dict_keys(['okta-oauth-nonce', 'okta-oauth-state'])
The problem is that only the first two cookies are retrievable by my application because everything afterward is thrown away when parsing fails.
This application is a simple backend web application with the embedded Okta sign-in widget. Is there some way to prevent the Sign-In widget from setting the okta-oauth-redirect-params or is there some way to tell Okta to base64 encoded it so that it doesn’t break cookie parsing further upstream?
Thanks.