CUNY Academic Commons

See https://redmine.gc.cuny.edu/issues/22691#note-5.

When on a mapped domain and attempting to navigate to the "Users > Add New" screen, the invite modal pops up, but when attempting to go to step 2, there are no group or site memberships being listed.

In the browser console, I see a 403 for a request to https://commons.gc.cuny.edu/wp-json/caco/v1/app-config/:

{"code":"rest_cookie_invalid_nonce","message":"Cookie check failed","data":{"status":403}}

CACO's nonce is generated here: https://github.com/cuny-academic-commons/cac-onboarding/blob/1ed119a17e1974b0442cb3acba745a236676828d/src/Modal.php#L76

This modal works fine when using the subdomain.

Since a login to a mapped domain is using a different session token and thus, a different nonce, this is where the 403 is coming from.

It might be possible to use the same session token if the user is initiating SSO login to the mapped domain via the admin bar's 'My Sites' menu when setting the auth cookie, but if the user is logging in manually to the mapped domain, this 403 will always occur.

Boone, how do you want to proceed here?