diff --git a/CHANGELOG.md b/CHANGELOG.md index 119970df..48883a3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## v23.44 (release candidate) ### Pre-releases +- `v23.44-alpha5` - `v23.44-alpha4` - `v23.44-alpha3` @@ -10,10 +11,12 @@ - Dropped support for authorize query params `ldid` and `expiration` (#296, PLUM Sprint 231006) ### Fix +- Fix client cookie introspection (#322, INDIGO Sprint 231110, `v23.44-alpha5`) - Handle missing webauthn data in login request (#314, INDIGO Sprint 231027, `v23.44-alpha4`) - Fix default authorize parameter values when redirecting (#313, PLUM Sprint 231020) ### Features +- Lower client ID length limit (#322, INDIGO Sprint 231110, `v23.44-alpha5`) - Include client ID and scope in session detail (#318, INDIGO Sprint 231027, `v23.44-alpha4`) - Reduce grafana sync frequency (#317, INDIGO Sprint 231027, `v23.44-alpha3`) - Authorization for websocket requests (#300, PLUM Sprint 231006) diff --git a/seacatauth/client/service.py b/seacatauth/client/service.py index 3f544932..a61bb04c 100644 --- a/seacatauth/client/service.py +++ b/seacatauth/client/service.py @@ -50,7 +50,7 @@ # The order of the properties is preserved in the UI form "preferred_client_id": { "type": "string", - "pattern": "^[-_a-zA-Z0-9]{8,64}$", + "pattern": "^[-_a-zA-Z0-9]{4,64}$", "description": "(Non-canonical) Preferred client ID."}, "client_name": { # Can have language tags (e.g. "client_name#cs") "type": "string", diff --git a/seacatauth/cookie/handler.py b/seacatauth/cookie/handler.py index 4f178331..81773fc9 100644 --- a/seacatauth/cookie/handler.py +++ b/seacatauth/cookie/handler.py @@ -455,7 +455,7 @@ async def _authenticate_request(self, request, client_id=None): Locate session by request cookie """ try: - session = await self.CookieService.get_session_by_request_cookie(request) + session = await self.CookieService.get_session_by_request_cookie(request, client_id) except exceptions.NoCookieError: L.log(asab.LOG_NOTICE, "No client cookie found in request", struct_data={"client_id": client_id}) return None