You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "exceptionfactory (via GitHub)" <gi...@apache.org> on 2023/03/22 01:38:05 UTC

[GitHub] [nifi] exceptionfactory commented on pull request #7013: NIFI-4890 Refactor OIDC with support for Refresh Tokens

exceptionfactory commented on PR #7013:
URL: https://github.com/apache/nifi/pull/7013#issuecomment-1478804044

   Thanks for the testing @emiliosetiadarma!
   
   After some discussion with @mcgilman, I pushed an update to change the source of initial application Bearer Token expiration.
   
   The previous implementation derived the application Bearer Token expiration from the ID Token, but the update changes the approach to derive the expiration from the Access Token. This strategy aligns both initial expiration and refreshed expiration to derive from the Access Token expiration.
   
   Some Identity Providers return the same expiration value for both the ID Token and the Access Token, so the end result will not change for those providers. Changing the source of the application Bearer Token expiration to the Access Token expiration provides a consistent approach, and the updated section of the Administrator's Guide reflects these changes. Some Identity Providers make the Access Token expiration configurable, so this also aligns with expected integration behavior.
   
   I also rebased the pull request from the current main branch.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org