Closed chibenwa closed 7 months ago
Can I verify it on preprod? It also has the same configuration?
@guimard Maybe we forgot offline_access
scope in configuration in env.file
of front-end. Must be
OIDC_SCOPES=openid,profile,email,offline_access
True.
https://ci.linagora.com/linagora/lrs/saas/tools/helm-charts/tmail-frontend/-/blob/main/tmail-frontend/values.yaml#L109
holds the following value:
oidcScopes: openid,profile,email
So it should rather be:
oidcScopes: openid,profile,email,offline_access
Correct?
Ps @guimard what do you think about this?
But to be fairly honnest offline_access
for a web application seems not necessary, and I feel like it's a hack to not implement correct error handling. I feel reluctant to accept such a solution and would like to get @guimard optinion.
@chibenwa, you can see in the response of /token
, no refreshToken
, so that why we can not handle the case of expiration. Yes, @guimard will help us more details.
But to be fairly honnest
offline_access
for a web application seems not necessary, and I feel like it's a hack to not implement correct error handling. I feel reluctant to accept such a solution and would like to get @guimard optinion.
It depends on what you want to do with web. If you want to follow Lemonldap session, then you have to detect when session is down (just to read expiration of access_token) and relaunch authentication.
If you want to stay active after session expiration, then you need offline_access
If you want to follow Lemonldap session, then you have to detect when session is down (just to read expiration of access_token) and relaunch authentication.
I bet this is what we want.
@chibenwa, you can see in the response of /token, no refreshToken, so that why we can not handle the case of expiration. Yes, @guimard will help us more details.
@hoangdat That's not an excuse for completly failing at doing anything and not managing the error.
In such case we should discard auth materials and re-initiate a connection to the OIDC provider?
Ahh, got your point.
@dab246 I changed from Queue Interceptor to Interceptor, retry
request does not be blocked anymore. App can go to login page as normal. Debugging to find out why?.
Root cause: retry on onError
is blocked by queue interceptor, the current one was not resolved but still try to get the new one and the new one also have the error too.
Description
WHEN using an expired JWT claim Upon
401
TwakeMail blocks foreverExpected result
Once again, I expect correct error management:
Current behavior
https://github.com/linagora/tmail-flutter/assets/6928740/3425d1b2-eb1c-4b94-b1cc-29f0b33c3c27
Apisix log:
Cc @guimard