Updated middleware example to use 'global' for OIDC routes.
Noted that ID token verification is distinct from DAT minting.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed GET /auth/logout to redirect to rpFrontendUrl instead of /login
to prevent re-authentication loop. When user logged out, redirecting to
/login would immediately start new OIDC flow with still-valid SwissOID
session, causing auto-login.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added POST_LOGIN_PATH env var (default: '/')
- Added ALLOW_CONTINUE_PARAM env var (default: true)
- Updated appConfigMap to read and pass these values
- Updated oidcConfigBuilder to include them in OIDC config
This allows consumers to configure post-login redirect behavior via env vars.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed hardcoded finalize URL to build from rpCallbackUrl
- Removed hardcoded /workspace redirect path
- Added postLoginPath config option (default: '/')
- Added allowContinueParam config option (default: true)
- Continue parameter now flows through signed state to session to final redirect
This fixes biblio-stats authentication flow and makes the package work for any RP.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Guillermo Pages