You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2023/03/28 12:36:00 UTC

[jira] [Commented] (NIFI-4890) OIDC Token Refresh should be supported

    [ https://issues.apache.org/jira/browse/NIFI-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17705973#comment-17705973 ] 

ASF subversion and git services commented on NIFI-4890:
-------------------------------------------------------

Commit 26400fcbe97dcb617454a118f901b3431d4becc1 in nifi's branch refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=26400fcbe9 ]

NIFI-4890 Refactor OIDC with support for Refresh Tokens (#7013)

* NIFI-4890 Refactored OIDC with support for Refresh Tokens

- Implemented OIDC Authorization Code Grant Flow using Spring Security Filters
- Implemented OIDC RP-Initiated Logout 1.0
- Implemented OAuth2 Token Revocation RFC 7009 for Refresh Tokens
- Added OIDC Bearer Token Refresh Filter for updating application Bearer Tokens from Refresh Token exchanges
- Added configurable Token Refresh Window to application properties
- Removed original implementation and supporting classes

* NIFI-4890 Set Bearer Token expiration based on Access Token

* NIFI-4890 Corrected spelling and naming issues based on feedback

This closes #7013 

> OIDC Token Refresh should be supported
> --------------------------------------
>
>                 Key: NIFI-4890
>                 URL: https://issues.apache.org/jira/browse/NIFI-4890
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core UI
>    Affects Versions: 1.5.0
>         Environment: Environment:
> Browser: Chrome / Firefox 
> Configuration of NiFi: 
> - SSL certificate for the server (no client auth) 
> - OIDC configuration including end_session_endpoint (see the link https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration) 
>            Reporter: Federico Michele Facca
>            Assignee: David Handermann
>            Priority: Major
>             Fix For: 2.latest
>
>         Attachments: image-2022-10-20-12-23-38-675.png
>
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> It looks like the NIFI UI is not refreshing the OIDC token in background, and because of that, when the token expires, tells you that your session is expired. and you need to refresh the page, to get a new token.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)