tennox
commented
9 months ago I respect it's not high on your priority list - but it's very unfortunate to not have a working token refresh workflow. users always need a popup to sign in again.
The code explicitly says "We handle the initial and refresh tokens the same way", so I think this is a structural issue :thinking:
Do you need details? Am I doing something wrong? Do I have to enter the codebase and craft a PR? (& would you accept it?)
I'm developing an app an chose to use our existing Nextcloud as OAuth SSO - which is great in general :+1: - but currently requires users to re-authenticate with Nextcloud very frequently, which is quite tedious (see https://github.com/nextcloud/server/issues/17165).
The access token has an expiry of 1 hour, which is rather short, but fine - as long as the refresh token has a long validity, but I don't think this is the case for Nexcloud - the refresh token seems to have the same expiry.
Auto-refreshing the token from my backend for every user every hour seems a bit overkill ...I switched to client-side OAuth, so that's not a possibility eitherI would opt for changing this refresh token validity. At least make it configurable. (also the 1h on the access token imho)