Refresh Token

[klinux]

Is possible to use refresh_token to renew token?

Thank you

[chadlwilson]

I don't believe so, no.

However with my understanding of how these plugins interact with GoCD, the remote OAuth2 access token is thrown away after it is used to determine user identity, and then map and roles to internal GoCD roles, after which a session is entirely maintained within GoCD itself with GoCD's own session expiry (14 days by default, configurable). The roles are cached and dont appear to be refreshed over this session expiry time.

Is there something you are trying to achieve here with a refresh token?

(Edit: Actually, looks like maybe the token is kept within the server session, and perhaps used to try and re-authenticate the user via the plugin after the GoCD session expiry?)

[PavithrraBI]

@chadlwilson I think because of go.security.reauthentication.interval property, the user is being logged out and asked to sign-in for go dashboard?

[chadlwilson]

@PavithrraBI The re-authentication interval is 30m by default, so if you're not being logged out every 30 minutes, that wouldn't be the cause. Are you seeing logouts every 30m?

At least with the github-oauth plugin which I use every day, this works correctly. I only get logged out on server restart (all sessions cleared, session storage only in memory) or after 14 days.

My understanding is that the re-authentication interval just means the user's authentication status needs to be re-checked with the external authentication party or with a token acquired from them. Conceptually speaking, if the access token/identity token acquired during initial login is still valid, I don't believe the user would be logged out of GoCD.

This may depend on the plugin implementation or the expiry time of access tokens from the underlying OAuth2 provider, however, which I haven't checked/compared between, say, GitHub and Google.