thucke
commented
2 years ago Hi, is there any progress on this request?
Open acourouppe opened 3 years ago
thucke
commented
2 years ago Hi, is there any progress on this request?
ayoho
commented
2 years ago @thucke We're using https://github.com/OpenLiberty/open-liberty/issues/15968 to track automatic refreshing of access tokens upon expiration. That feature has not been prioritized for any upcoming release yet due to other ongoing higher priority work. We'll update #15968 if and when we begin work on it.
We configured our application (Vaadin based) to use OpenId. That works well until the idToken expires. Indeed, in the OidcClientCache, the current token are checked and if not valid anymore, the subject is removed from the authCache and the request is redirected to the OP or should be. In my case, this doesn't work because I'm inside a Vaadin application (which is ajax based) but that's another story.
I'd like the refresh flow to be implemented if the refresh token is there and valid and have the user redirected only if the refresh token expired as well. So that the access and id token are automatically refreshed when expired. There is a TODO in the code for this I think.
boolean isValid(Subject subject, long cushionMilliseconds, boolean checkAccessToken) { boolean valid = true; // TODO handle different when refresh token exist and valid IdToken idToken = getIdToken(subject); if (idToken != null) { valid = this.isIdTokenValid(idToken, cushionMilliseconds); } if (valid) { if (checkAccessToken) valid = isAccessTokenValid(subject, cushionMilliseconds); } return valid; }