Auth not triggered from .htaccess after update from 2.4.12 to 2.4.17

[darxmurf]

Hi all,

Just upgraded a debian server to trixie and libapache2-mod-auth-openidc moved from 2.4.12 to 2.4.17.

Lets say I have https://mypage.myinternalsite.tld/auth-area/

Before the update, a simple .htaccess in ./auth-area/ containing

AuthType openid-connect
OIDCCookie oidcstate
OIDCCookiePath "/"

Require claim myusername:frank
Require claim myusername:roger

Was enough to trigger the authentication page but now it doesn't and drops me to an error page with AH01631: user : authorization failure for "/auth-area": in the logs

it's working if I add
Require valid-user

but then it's bypassing the other filters.

Any advise about that?
Thanks

EDIT:

Workaround (or good way to configure it?) I added this in my apache conf file and it fixes the issue

<Location "/">
          AuthType openid-connect
          OIDCCookie oidcstate
          OIDCCookiePath /
</Location>

[zandbelt]

see the release notes for 2.4.17.2 https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.17.2