OIDC : Better handle 401

linagora / tmail-flutter

A multi-platform (Flutter) application for reading your emails, with your favorite devices, using the JMAP protocol!

GNU Affero General Public License v3.0

327 stars 75 forks source link

OIDC : Better handle 401 #1950

Open chibenwa opened 1 year ago

chibenwa commented 1 year ago

Description

CF https://github.com/linagora/james-project-private/issues/672

246777520-f2df03af-f461-425b-973b-6f99a2011936.webm

Today:

Logout I get an unexpected error
and when token expired there is a 401, the error is unmanaged and I cannot actually reconnect without a F5!

Expected result

Upon 401 redirect the user to the login page.

A good error message is Your session expired. Please login again.

Arsnael commented 1 year ago

Expected result

Upon 401 redirect the user to the login page.

A good error message is Your session expired. Please login again.

Why not just refreshing the token in this case? Most of the time the user is still logged in on the OIDC provider. If refresh does not work (aka user really logged out of the OIDC provider) then would make sense in this case to go back to the login page with such a message?

chibenwa commented 1 year ago

If we have refresh token we should of course attempt tge refresh before asking logging zgain yes!

Arsnael commented 1 year ago

Well I remember tmail front was doing it before on preprod with keycloak :)