-
Notifications
You must be signed in to change notification settings - Fork 322
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow setting allowAllUsers: true without forcing cookie domain #474
Comments
@SimonLemaireT2 yes this it definitely a limitation of the configuration system and VP When multiple There's no such lookup and matching for In my ideal world I'd prefer to get rid of There was some problems early on with how |
Describe the problem
We (Take Two) have hundreds of domains users authenticate to Okta with. Including all of these under Domains makes the cookie far too large, so right now we're forced to only allow a subset of users to authenticate with Vouch. Since we're only protecting an app that utilizes three domains, we really need to be able to set allowAllUsers: true while still having the cookie domain set via the callback url. A way to set multiple possible values for vouch.cookie.domain could also be a solution.
Expected behavior
Set allowAllUsers: true and provide a list of possible domains to vouch.cookie.domain instead of a single domain.
Additional context
We might be the largest org to utilize Vouch so far so we'd really like to see Vouch capable of operating at this scale. I'm sure this issue might come up for other larger orgs as well. Let me know your thoughts.
I understand running a separate vouch instance for each domain in the app would also be a solution. We'd like to avoid doing that if possible as it would create a lot of overhead when adding new domains to the app in question.
The text was updated successfully, but these errors were encountered: