Session type modifiers "persistent" and "store_id_token" are not being recognized together

[rgcv]

There is an issue when configuring OIDCSessionType as a client cookie and combining both persistent and store_id_token suffixes. The configuration parser is wrongly looking at a string that starts with the separator ":" here

mod_auth_openidc/src/cfg/cfg.c

Lines 198 to 199 in 8a4fae5

	} else if (_oidc_strcmp(p, OIDC_SESSION_TYPE_SEPARATOR OIDC_SESSION_TYPE_PERSISTENT
	OIDC_SESSION_TYPE_SEPARATOR OIDC_SESSION_TYPE_STORE_ID_TOKEN) == 0) {

when it was previously stripped away here

mod_auth_openidc/src/cfg/cfg.c

Lines 180 to 183 in 8a4fae5

	if (p) {
	*p = '\0';
	p++;
	}

I'm assuming the intention here is

- } else if (_oidc_strcmp(p, OIDC_SESSION_TYPE_SEPARATOR OIDC_SESSION_TYPE_PERSISTENT 
+ } else if (_oidc_strcmp(p, OIDC_SESSION_TYPE_PERSISTENT 
 			       OIDC_SESSION_TYPE_SEPARATOR OIDC_SESSION_TYPE_STORE_ID_TOKEN) == 0) {

I've managed to identify the issue by experimenting with both suffixes separately, and everything works just as intended. The cookie is either persistent per the OIDCSessionInactivtyTimeout or the ID token gets stored in the session, becoming usable. The combination of both yields an ephemeral session cookie and a missing ID token from the session.

[zandbelt]

thanks for reporting; this was fixed in 7355470 and will be in 2.4.17.1

[rgcv]

No problem! Thank you for the quick turnaround.

[zandbelt]

now released in https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.17.1