search

open-formulieren / open-forms

Smart and dynamic forms
https://open-forms.readthedocs.io
Other
37 stars 26 forks source link

:bug: [#4528] Disable OIDC SessionRefresh middleware #4757

Closed stevenbal closed 1 month ago

stevenbal commented 1 month ago

previously, if the session in the OIDC provider expired and the sessionrefresh middleware is triggered, the user can not automatically re-authenticate, causing to 403s (and losing changes made in the form designer). In order to avoid session synchronization issues, we remove the SessionRefresh completely, meaning that OIDC is used for logging in, but Open Forms itself is then in charge of managing the session.

Closes #4528

Changes

Checklist

Check off the items that are completed or not relevant.

stevenbal commented 1 month ago

@sergei-maertens does this need backporting?

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 96.56%. Comparing base (bfc679d) to head (7073aa1). Report is 3 commits behind head on master.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #4757 +/- ## ======================================= Coverage 96.56% 96.56% ======================================= Files 746 746 Lines 25202 25200 -2 Branches 3318 3317 -1 ======================================= - Hits 24336 24335 -1 Misses 602 602 + Partials 264 263 -1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

sergei-maertens commented 1 month ago

@sergei-maertens does this need backporting?

yeah let's do it! it's a simple patch, shouldn't cause any trouble and it can take away a lot of frustration

stevenbal commented 1 month ago

Backports: