OIDC token not refreshed
-
wrote on Oct 17, 2024, 10:09 AM last edited by
It seems that the OIDC integration does not properly handle refresh tokens. I get the following message, after which I have to manually repeat the OIDC login:
Service did not provide a Refresh Token. You will be logged out when the session expires.Since Cloudron OIDC is working with other services, I suppose this is a bug in the Dokuwiki oauthgeneric plugin?
-
That is to be expected, as Cloudron does not implement OAuth refresh tokens, since it not a full OAuth provider.
I guess the fix needs to happen upstream to not show that error, but just log the user out like a normal session timeout. -
wrote on Oct 17, 2024, 2:23 PM last edited by
Alright I see. Either way this is not an ideal solution as users have to frequently re-login.
-
wrote on Oct 24, 2024, 9:14 AM last edited by
After using Dokuwiki with the current OIDC integration for a while I realize it is hardly usable in practice. Due to the short validity period of an access token, it frequently happens that pages cannot be saved as the session already timed out while working on a page. Is there any way to increase the session duration?
-
N nebulon marked this topic as a question on Oct 24, 2024, 9:32 AM
-
wrote on Oct 24, 2024, 12:09 PM last edited by
Yes, anything that would allow to set a longer session timeout would already help a lot. Thanks for looking into this.
-
In the meantime, can you try to set this value very high (it is in seconds) at
conf/dokuwiki.php:$conf['auth_security_timeout'] = 900;You can change that file with the filemanager, no need to restart the app afterwards.
-
In the meantime, can you try to set this value very high (it is in seconds) at
conf/dokuwiki.php:$conf['auth_security_timeout'] = 900;You can change that file with the filemanager, no need to restart the app afterwards.
wrote on Oct 29, 2024, 9:20 AM last edited by@nebulon Thanks! Will do.
-
@kahrpatrick we submitted a PR at https://github.com/cosmocode/dokuwiki-plugin-oauth/pull/153 . But maybe now we look into refresh token support in our code.
-
N nebulon has marked this topic as solved on Oct 29, 2024, 3:38 PM
-
K kahrpatrick has marked this topic as solved on Nov 4, 2024, 8:43 AM
-
The next Cloudron release will contain support for refresh tokens, so this issue will go away then. Until then setting the
auth_security_timeoutto a high value will mitigate the issue.wrote on Nov 4, 2024, 8:44 AM last edited by@nebulon Thank you very much!