Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: oidc token renewal #8762

Merged
merged 5 commits into from
Mar 31, 2023
Merged

fix: oidc token renewal #8762

merged 5 commits into from
Mar 31, 2023

Conversation

kulmann
Copy link
Member

@kulmann kulmann commented Mar 31, 2023
edited
Loading

Description

this PR fixes multiple oidc related things:

  • Our dockerized dev environment was missing the redirect uris for silent token renewal /oidc-silent-redirect.html. The silent renewal landed in a (silent :trollface: ) access_denied.
  • silent token renewal had a url format that the oidc-client-lib could not parse when in vue router hash mode
  • we now stop the application bootstrap early in the silent redirect callback page. This mitigates an ocis bug in the authentication middleware. Will post an ocis issue as well later on.

As a result you should not get redirected to the access denied page anymore. That was happening on token renewals before.

Issues

Fixes #8420

@update-docs
Copy link

update-docs bot commented Mar 31, 2023

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

dschmidt

This comment was marked as outdated.

Sign in to view

@kulmann kulmann marked this pull request as draft March 31, 2023 10:05
@kulmann
Copy link
Member Author

kulmann commented Mar 31, 2023

Converted back to draft. There are other issues... redirect to logged out page still happening. I see 401 errors from requests in the token renewal iframe in the network tab. Investigating.

kulmann added 2 commits March 31, 2023 17:18
@kulmann
fix: url for signin silent callback (only relevant in hash mode)
4538eea 
Also optimize application bootstrapping in iframe (relevant for oidc silent
redirect)
@kulmann
docs: add changelog items
8eb40de
@kulmann kulmann marked this pull request as ready for review March 31, 2023 15:39
@kulmann kulmann changed the title fix: redirect uri config in dev environment fix: oidc token renewal Mar 31, 2023
@kulmann
Copy link
Member Author

kulmann commented Mar 31, 2023

@dschmidt I re-introduced the redirect uris https://host.docker.internal:9200/ (and for the other ports as well) because those are needed for redirect after logout. At least that's what we've hardcoded in the userManager config. ;-)

@sonarcloud
Copy link

sonarcloud bot commented Mar 31, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

26.7% 26.7% Coverage
0.0% 0.0% Duplication

@kulmann
Copy link
Member Author

kulmann commented Mar 31, 2023

While debugging this @dschmidt and I also discovered an ocis bug: owncloud/ocis#5986

@kulmann kulmann merged commit 4832b89 into master Mar 31, 2023
@delete-merged-branch delete-merged-branch bot deleted the fix-token-refresh-dev-environment branch March 31, 2023 19:46
@kulmann kulmann mentioned this pull request Apr 3, 2023
Open
@micbar micbar mentioned this pull request May 3, 2023
Closed
89 tasks
@ScharfViktor ScharfViktor mentioned this pull request May 4, 2023
Closed
86 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dschmidt dschmidt dschmidt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OIDC token refresh failing
2 participants
@kulmann @dschmidt