Add description on what cookies are used and what they do #156
Labels
BankID
Related to the native BankID implementation.
enhancement
New feature or request
GrandID
Related to GrandID implementation.
Milestone
Is your feature request related to a problem? Please describe.
In EU, "the cookie law" requires you to show info on what cookies you store and for what reason. We lack such documentation today and it makes it difficult to explain to the end user what cookies we store and for what reason.
What area is it related to
This relates to the packages that might store cookies, and they are:
ActiveLogin.Authentication.BankId.AspNetCore
ActiveLogin.Authentication.GrandId.AspNetCore
Describe the solution you'd like
Write documentation on the cookies used in
Readme.md
, and also a short notice in code.Additional context
In Active Login the only cookie we store, is a cookie containing the
AuthenticationProperties
, containing things likeRedirectUri
. ButAuthenticationProperties
also has a property bag where the user can set their own things, so could contain any kind of data depending on how it's used.The
AuthenticationProperties
is set in the consuming code when doing the challenge, and a sample can be found in AccountController.cs:We have followed the convention that Microsoft uses themselves, and stores the
AuthenticationProperties
in a state cookie. The name of them are by default this, but can be overridden.__ActiveLogin.BankIdState
__ActiveLogin.GrandIdState
Look at (for example) the implementation for Twitter auth done by Microsoft to see where we got our inspiration. There seems to be little or no documentation on the exact approach here, only source code.
Note, in addition ASP.NET Core Auth might issue cookies themselves, depending on how you configure your pipeline. But that's outside the scope of Active Login.
The text was updated successfully, but these errors were encountered: