oauth2_proxy icon indicating copy to clipboard operation
oauth2_proxy copied to clipboard
verified publisher icon bitly

OpenID Connect: refreshing the cookie

Open scr4tchy opened this issue 8 years ago • 1 comments

Hi,

When https://github.com/bitly/oauth2_proxy/pull/389 was implemented, it seems that the RefreshSessionIfNeeded function's definition is dummy? Why would we not use the refresh token instead and actually refresh the session?

Right now, if cookie-refresh is set, the dummy function is executed, and the code proceeds to ValidateSessionState (saveSession && !revalidated), which throws the ugly removing session. error validating and instantly de-authenticate.

In other words, as of now, if -cookie-expire=24h and -cookie-refresh=1h, instead of having at least 24h worth of session, or infinity if the page is visited every < 24h, we get dope 1h long sessions.

/cc @ericchiang

scr4tchy avatar Jan 16 '18 12:01 scr4tchy

I believe #621 solves this issue?

JoelSpeed avatar Jun 27 '18 08:06 JoelSpeed