Changes lost when session timed out using External LoginProvider for Backoffice authentication

[mcl-sz]

Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)

13.4 and below

Bug summary

We use OpenId to login backoffice users based on the info in the docs: https://docs.umbraco.com/umbraco-cms/v/13.latest-lts/reference/security/external-login-providers#static-extension-class After 20 minutes the loginscreen appears and show the message "Session timed out".

The problem is that when the user is loggedin again via OpenId, the user is redirected to the Welcome-dashboard and the changes to the content are gone.

I've tried to keep the userlogin be refreshed adding "offline_access" to the scope but it doesn't help.

Specifics

No response

Steps to reproduce

• Add an OpenId provider for the backoffice as described in https://docs.umbraco.com/umbraco-cms/v/13.latest-lts/reference/security/external-login-providers#static-extension-class
• Wait 20 minutes and login again with OpenId.

You will be redirected to the Welcome-dashboard instead of the contenitem.

Expected result / actual result

I would expect that the screen is only locked and that you can edit the content again after logging in, without losing it.

[github-actions[bot]]

Hi there @mcl-sz!

Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.

We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.

• We'll assess whether this issue relates to something that has already been fixed in a later version of the release that it has been raised for.
• If it's a bug, is it related to a release that we are actively supporting or is it related to a release that's in the end-of-life or security-only phase?
• We'll replicate the issue to ensure that the problem is as described.
• We'll decide whether the behavior is an issue or if the behavior is intended.

We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.

Thanks, from your friendly Umbraco GitHub bot :robot: :slightly_smiling_face:

[iOvergaard]

This is an unfortunate side-effect of using external logins on V13 and below. We cannot do much about it with the current architecture in V13, since it takes quite a bit of refactoring to move to a more async context that would allow us to log in through a new window or tab or overlay. However, this issue has been addressed in V14 with the new Backoffice architecture, and I would be happy to know if that works for you, when, or if you ever get to do the upgrade!