Release Request

src/main/java/uk/ac/ox/ctl/ltiauth/CustomLti13Configurer.java

@@ -9,8 +9,6 @@
 import uk.ac.ox.ctl.lti13.security.oauth2.client.lti.web.OptimisticAuthorizationRequestRepository;
 import uk.ac.ox.ctl.lti13.security.oauth2.client.lti.web.PathOIDCInitiationRegistrationResolver;
 
-import java.time.Duration;
-
 /**
  * This overrides the standard configurer to add our token passing redirect along with allowing client
  * registration lookups by client ID instead of requiring a custom path (although that's still supported).
@@ -27,14 +25,6 @@ public CustomLti13Configurer(JWTService jwtService, ClientRegistrationService cl
         this.clientRegistrationService = clientRegistrationService;
     }
 
-    @Override
-    protected OptimisticAuthorizationRequestRepository configureRequestRepository() {
-        MultiStateCacheAuthorizationRequestRepository repository =
-                new MultiStateCacheAuthorizationRequestRepository(Duration.ofMinutes(1), 2);
-        repository.setLimitIpAddress(limitIpAddresses);
-        return new StatelessOptimisticAuthorizationRequestRepository(repository);
-    }
-
     @Override
     protected OAuth2LoginAuthenticationFilter configureLoginFilter(ClientRegistrationRepository clientRegistrationRepository, OidcLaunchFlowAuthenticationProvider oidcLaunchFlowAuthenticationProvider, OptimisticAuthorizationRequestRepository authorizationRequestRepository) {
         OAuth2LoginAuthenticationFilter loginFilter = super.configureLoginFilter(clientRegistrationRepository, oidcLaunchFlowAuthenticationProvider, authorizationRequestRepository);

src/main/resources/application.properties

@@ -63,3 +63,5 @@ management.endpoints.web.exposure.include=health,sentry
 # disable by default
 spring.cloud.aws.secretsmanager.enabled=false
 
+# This is needed for the OAuth flow so that the cookie is sent in cross-origin requests.
+server.servlet.session.cookie.same-site=None