UserInfo callback cached

Created on 15 July 2024, about 2 months ago

Updated 23 July 2024, about 2 months ago

I've got 2 Drupal sites. One with oauth2_server, the other with openid_connect

I've been getting replicable issues with a "sub" mismatch.

I can log in with one user, and then in another browser, log in with another user, and if performed rapidly, the second login returns the userinfo from the first user.

Digging in, I see the /Oauth2/UserInfo/ controller callback method is not always called when openid_connect fetches the userinfo.

The response appears to be cached, at least for some time.

I've tried adding:
no_cache: 'TRUE' to the route definition in oauth2_server.routing.yml .. but no luck there.

This controller uses an OAuth2 namespace response object instead of any Drupal / Symfony one, so cannot seem to setCacheableDependency() or max-age 0.

This endpoint needs to always return UserInfo for the user logging in currently, not the last time somebody logged in.

Any ideas how this could be or why?

🐛 Bug report

Status

Closed: works as designed

Version

2.0

Component

Code

Created by

🇺🇸United States markusa

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @markusa
Comment about 2 months ago →
🇺🇸United States markusa
nginx fastcgi caching was the culprit. Nothing with this module wrong for this issue
Status changed to Closed: works as designed about 2 months ago5:26pm 23 July 2024
Comment about 2 months ago →
🇺🇸United States markusa

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024