Open daniellienert opened 4 years ago
In https://github.com/flownative/flow-openidconnect-client/blob/master/Classes/Authentication/OpenIdConnectProvider.php#L101 exp of the identity token is validated and when not valid the status is set to TokenInterface::AUTHENTICATION_NEEDED. With this, the client is redirected to the IDP.
TokenInterface::AUTHENTICATION_NEEDED
When editing in the backend, this happens also in the guest frame where the CORS settings deny the redirect.
After reading through the basics (https://openid.net/specs/openid-connect-core-1_0.html#IDToken) and https://stackoverflow.com/questions/25686484/what-is-intent-of-id-token-expiry-time-in-openid-connect it seems to me, that coupling the users session experation time in Neos to the identity token experation might not be correct.
In our case, the identity tokens exp is just 1 minute by default which makes editing impossible.
@daniellienert Did you find a solution for this in the meantime?
In https://github.com/flownative/flow-openidconnect-client/blob/master/Classes/Authentication/OpenIdConnectProvider.php#L101 exp of the identity token is validated and when not valid the status is set to
TokenInterface::AUTHENTICATION_NEEDED
. With this, the client is redirected to the IDP.When editing in the backend, this happens also in the guest frame where the CORS settings deny the redirect.
After reading through the basics (https://openid.net/specs/openid-connect-core-1_0.html#IDToken) and https://stackoverflow.com/questions/25686484/what-is-intent-of-id-token-expiry-time-in-openid-connect it seems to me, that coupling the users session experation time in Neos to the identity token experation might not be correct.
In our case, the identity tokens exp is just 1 minute by default which makes editing impossible.