Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

revive refresh token #7756

Merged
merged 1 commit into from
Oct 10, 2022
Merged

revive refresh token #7756

merged 1 commit into from
Oct 10, 2022

Conversation

fschade
Copy link
Collaborator

@fschade fschade commented Oct 9, 2022

Description

This pr adds the ability to try to refresh the refresh token one last time before sending the user to the "log out" view.
This scenario only happens in rare cases where the browser sits in the background and the native browser throttling could happen.

Please read https://developer.chrome.com/blog/timer-throttling-in-chrome-88/ for a more detailed explanation.

The problematic part is oidc-auth-ts which uses an internal timer to organize all tasks, the timer then uses setInterval which gets throttled. If this happens the timer gets out of sync and the accessTokenExpired event gets emitted.

In those cases the code now tries to refresh the token one more time before it sends the user to the error view. Please note that the oidc server needs to be setup correct and the access token lifespan should't be too short.

Related Issue

  • none

Motivation and Context

be able to keep the web intact if it runs in the background.

How Has This Been Tested?

  • manual setup in docker compose with ocis and keycloak

Screenshots (if appropriate):

Bildschirmfoto 2022-10-09 um 13 40 14

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:

Open tasks:

  • lets discuss if this is something to hit the master or should go into experimental quarantine.

@fschade
add default oidc-auth logger
93201c0 
revive refresh token
@sonarcloud
Copy link

sonarcloud bot commented Oct 9, 2022

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

dschmidt
dschmidt approved these changes Oct 10, 2022
View reviewed changes
Copy link
Member

@dschmidt dschmidt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm ok with this in oC Web, but do you think there would be a chance to fix this inside the library? Then we should at least open a ticket

packages/web-runtime/src/services/auth/authService.ts Show resolved Hide resolved
@fschade
Copy link
Collaborator Author

fschade commented Oct 10, 2022

I'm ok with this in oC Web, but do you think there would be a chance to fix this inside the library? Then we should at least open a ticket

can't be changed inside the lib, the lib is doing the correct thing here, the library has zero knowledge about the implementing spa app and how it should handle those 'rare' cases.

@fschade fschade merged commit 96efab5 into master Oct 10, 2022
@delete-merged-branch delete-merged-branch bot deleted the revive-refresh-token branch October 10, 2022 09:23
@micbar micbar mentioned this pull request Nov 25, 2022
Closed
73 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dschmidt dschmidt dschmidt approved these changes

@kulmann kulmann kulmann left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fschade @dschmidt @kulmann