Client side filter for checking access_token expiration and refreshing

mitreid-connect / OpenID-Connect-Java-Spring-Server

An OpenID Connect reference implementation in Java on the Spring platform.

Other

1.47k stars 767 forks source link

Client side filter for checking access_token expiration and refreshing #1460

Closed rhinmass closed 5 years ago

rhinmass commented 5 years ago

Hello,

Just trying to figure out if there is support in the client framework for setting up a filter to

check if the current access_token has expired
if so use the refresh token to get a new one
if that fails redirect to login

Is this a filter we need to develop from scratch, or is there something in the framework that we can make use of.

Sorry for the newbie question. I couldn't find any documentation on it.

jricher commented 5 years ago

The MITREid Connect client library does not include that functionality automatically at this time since it focuses on OpenID Connect login and not on OAuth2 API access, which is what you'd need a long-term access token for.

Also, please note that the lifetime of the access token, the lifetime of the ID token, and the lifetime of the user's session (being logged in) aren't the same.

rhinmass commented 5 years ago

Answering my own question, for anyone in the future who stumbles over this:

        SecurityContext sc = SecurityContextHolder.getContext();
        OIDCAuthenticationToken auth = (OIDCAuthenticationToken) sc.getAuthentication();

        String accessToken = auth.getAccessTokenValue();
        String refreshToken = auth.getRefreshTokenValue();