You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Ruben Laguna (Jira)" <ji...@apache.org> on 2020/12/16 09:00:00 UTC
[jira] [Commented] (NIFI-4890) OIDC Token Refresh is not done
correctly
[ https://issues.apache.org/jira/browse/NIFI-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17250176#comment-17250176 ]
Ruben Laguna commented on NIFI-4890:
------------------------------------
The token expiration "exp" SHOULD be honored, I think that would be a bad design to allow a config parameter to disable that.
IMHO, the Nifi UI (javascript) should check the expiration of the token before sending each API request (the token is sent in each API request in the Authorization header) and if the token is expired or about to expire it should perform the [Refresh grant|oauth.com/oauth2-servers/access-tokens/refreshing-access-tokens/] using the refresh_token that it got in the login phase to get a new access token. Once NiFi UI gets the new access token (with a new expiration date) then it can use it to perform the API request.
[~RazDob15], are you implementing this already?
> OIDC Token Refresh is not done correctly
> ----------------------------------------
>
> Key: NIFI-4890
> URL: https://issues.apache.org/jira/browse/NIFI-4890
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 1.5.0
> Environment: Environment:
> Browser: Chrome / Firefox
> Configuration of NiFi:
> - SSL certificate for the server (no client auth)
> - OIDC configuration including end_session_endpoint (see the link https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration)
> Reporter: Federico Michele Facca
> Assignee: Raz Dobkies
> Priority: Major
>
> It looks like the NIFI UI is not refreshing the OIDC token in background, and because of that, when the token expires, tells you that your session is expired. and you need to refresh the page, to get a new token.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)