Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add RefreshOIDCAccessToken middleware #377

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add RefreshOIDCAccessToken middleware #377

wants to merge 1 commit into from

Commits on May 16, 2022

  1. Add RefreshOIDCAccessToken middleware 

    The OP can provide a refresh_token to the client on authentication. This
can later be used to get a new access_token. Typically refresh_tokens
have a longer TTL than access_tokens and represent the total allowed
session length. As a bonus, the refresh happens in the background and
does not require taking the user to a new location (which also makes it
more compatible with e.g., XHR).

If there is no refresh token stored, making refreshing impossible, OR
the refresh request fails with a 401, indicating the OP session has
terminated, the user is taken through a refresh flow similar to the
SessionRefresh middleware.

If any error occurs during refresh, the middleware aborts, but does not
perform any cleanup on the session.

Co-Authored-By: Jason Anderson <jasonanderson@uchicago.edu>
    Germano Guerrini and Jason Anderson committed May 16, 2022
    Configuration menu
    Copy the full SHA
    162a177 View commit details
    Browse the repository at this point in the history