No way to get client address set for ExternalAuth sessions
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
The external-auth handler in loopback mode has no way to get the address set for the client session other than the usual request.getClientAddress call inside the session cache, so it's set to 127.0.0.1.
If you side-step the address lookup using the REMOTE_ADDR property and use an HTTP header, then the address check inside the handler itself to limit access breaks, obviously.
May need to use deprecated session cache method for now to set the address manually or provide an additional API somewhere.
The external-auth handler in loopback mode has no way to get the address set for the client session other than the usual request.getClientAddress call inside the session cache, so it's set to 127.0.0.1.
If you side-step the address lookup using the REMOTE_ADDR property and use an HTTP header, then the address check inside the handler itself to limit access breaks, obviously.
May need to use deprecated session cache method for now to set the address manually or provide an additional API somewhere.