Closed juliushaertl closed 2 years ago
WOPI tokens should have an expiry set and stored in the richdocuments_wopi table
:heavy_check_mark: This is already the case!
Hand over access_token_ttl in
Should be handled in this PR: https://github.com/nextcloud/richdocuments/pull/2149
Verify how expiry is handled in Collabora
:heavy_check_mark: Could not find any information regarding the TTL in the docs, but dug into their server code a bit and verified through testing: a warning is given to the user 15 minutes prior to the expiry of the token. A message is also shown once the token is expired.
From what I can tell Collabora does not enforce the TTL in any way, they just use it for displaying warnings etc. I think this is in line with what the WOPI spec describes.
On every WOPI operation it should validate that the token is not expired
Implemented in: #2150
Moved the renewal topic to a separate issue https://github.com/nextcloud/richdocuments/issues/2170
From the WOPI spec:
Collabora should properly handle the access_token_ttl, but needs some validation that it works as expected with a low one (e.g. 60 seconds)