Dick Snel

Did you pull the latest version? I cannot reproduce the issue.

Hi @mudit94, I ran into this issue myself. As far as I could see, it was not possible to set a cookie with ZAP for another domain. If you have...

Hi @cocoytech , do you have an example app I can test with? This should already be supported, you can provide the login URL and the hook will try to...

@cocoytech so if I understand it correctly you would like a feature that: * User provides OIDC issuer endpoint, Client Id, Client Secret, username and password in arguments * Hook...

@JossSparkesAnswer I think it will get too complex to make a generic implementation for this. I'm thinking you could run the curl command before starting zap and then passing the...

@JossSparkesAnswer in that case I could add an extra config parameter, for example auth.bearer_token=eyJrxxxx. Using this the authentication module will not attempt to perform authentication but will just force the...

@JossSparkesAnswer I just added the param auth.bearer_token. Could you give this a try? If you pass it a JWT token (eyJ...) it should force this token as the Authorization: Bearer...

@JossSparkesAnswer auth.include was intended for this, but maybe there is a bug. I will try to setup a test environment and discover why it is not working.

@bat79a can you paste the full log? It should print if session identifiers were discovered and used.

@bat79a are you using authentication cookies on a different domain from your application? Then it may be related to https://github.com/ICTU/zap2docker-auth-weekly/issues/52 Unfortunately at this moment the session cookie must be on...