refresh tokens do not seen to work

protected function ensureValidAccessToken(RequestEvent $event) { // Check if the access token has expired. if (!$this->isTokenExpired($tokens->getAccessToken())) { return; /* in case we have a valid Access Token -> return */ } // Logout if there's no valid refresh token. if ($this->isTokenExpired($tokens->getRefreshToken())) { $this->logout($event); return; } */ How do we get here? As long as we have a valid access token we will never get a refresh token */ // Update the tokens. /* $tokens->getRefreshToken() is null? -> Fail? */ $tokens = $plugin->getJsonWebTokensforRefresh($tokens->getRefreshToken());

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 2 months ago →
🇮🇹Italy apaderno Brescia, 🇮🇹
Comment 2 months ago →
🇮🇹Italy apaderno Brescia, 🇮🇹

Comment 2 months ago →

System Message

matthijs → committed 49dab4e5 on 2.x

Issue #3507175: Add a setting to use a realm only for authentication

Comment 2 months ago →
🇧🇪Belgium matthijs
Since the lifetime of the access token is rather short and there's no refresh token I saw no other workaround than adding a setting that allows you to use a realm only for authentication. This means that Drupal will not store the OpenID Connect tokens, validate the remote session or trigger a remote logout when applicable.

So basically when a user logs in using OpenID Connect the remote session is "forgotten" after the claims are processed.
Comment 2 months ago →
System Message

matthijs → committed f6dd94a6 on 2.x
Issue #3507175: Update checkbox description
Comment about 2 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

refresh tokens do not seen to work

Problem/Motivation

Steps to reproduce

Proposed resolution

Comments & Activities