Support for reusing used RT in a short time window

[rickliujh]

Is your feature request related to a problem? Please describe.

We're using the fosite to provide the OAuth2 service. There is one issue that our client has. When they are using the refresh token(ed RT) to refresh to access token(ed AT), the request got processed in the server, but cause some network interruption, they missed the response. In this case, they had to ask the user to log back in, Which leads to a bad user experience.

Have any plan for including this feature for now?

Describe the solution you'd like

Therefore, we consider having a short time window to reusing the old RT when the client missed the response.
Then,

1. Having a toggle to choosing if enable the feature.
2. The time window of reuse RT can be configurable.

Describe alternatives you've considered

N/A

Additional context

N/A

[aeneasr]

See also discussion at ory/hydra#1831

Short answer: we'd like to support that (optionally) but it's quite complicated to implement. If you want to contribute this change we'd be happy to help where we can!

[rickliujh]

See also discussion at ory/hydra#1831

Short answer: we'd like to support that (optionally) but it's quite complicated to implement. If you want to contribute this change we'd be happy to help where we can!

I'm glad to do that. This feature is in our scrum plan actually, we have an internal RFC for this one so far. Would you want to review it? And where should I put it normally?

[aeneasr]

Yes, a RFC sounds great! Sorry for the late reply!

[rickliujh]

Never mind, the RFC is for our internal service, I'll take some time to adapt to fosite. And one question: where should I put RFC when it was done?

[aeneasr]

Probably best as a new issue or here :)

[rickliujh]

Sure thing, I'm working on it.

[mitar]

And update on this?

[rickliujh]

Sorry, I was too busy last year. I will take the time to try if I can finish it in our New Year Vacation

[github-actions]

Hello contributors!

I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue

• open a PR referencing and resolving the issue;
• leave a comment on it and discuss ideas on how you could contribute towards resolving it;
• leave a comment and describe in detail why this issue is critical for your use case;
• open a new issue with updated details and a plan for resolving the issue.

Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.

Unfortunately, burnout has become a topic of concern amongst open-source projects.

It can lead to severe personal and health issues as well as opening catastrophic attack vectors.

The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.

If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.

Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!

Thank you 🙏✌️