OIDC token not refreshed

nebulon

That is to be expected, as Cloudron does not implement OAuth refresh tokens, since it not a full OAuth provider.
I guess the fix needs to happen upstream to not show that error, but just log the user out like a normal session timeout.

kahrpatrick

Alright I see. Either way this is not an ideal solution as users have to frequently re-login.

kahrpatrick

After using Dokuwiki with the current OIDC integration for a while I realize it is hardly usable in practice. Due to the short validity period of an access token, it frequently happens that pages cannot be saved as the session already timed out while working on a page. Is there any way to increase the session duration?

nebulon

We currently use dokuwiki-plugin-oauth with dokuwiki-plugin-oauthgeneric this may have been the wrong choice then for OpenID. Have to investigate if the dokuwiki-openid plugin can be made to work by now.

kahrpatrick

Yes, anything that would allow to set a longer session timeout would already help a lot. Thanks for looking into this.

nebulon

In the meantime, can you try to set this value very high (it is in seconds) at conf/dokuwiki.php:

$conf['auth_security_timeout'] = 900;

You can change that file with the filemanager, no need to restart the app afterwards.

kahrpatrick

@nebulon Thanks! Will do.

girish

@kahrpatrick we submitted a PR at https://github.com/cosmocode/dokuwiki-plugin-oauth/pull/153 . But maybe now we look into refresh token support in our code.

nebulon

The next Cloudron release will contain support for refresh tokens, so this issue will go away then. Until then setting the auth_security_timeout to a high value will mitigate the issue.

kahrpatrick

@nebulon Thank you very much!