Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't force relogin on expired token, when anonymous user has enough permissions. #425

Open
msm-cert opened this issue Oct 16, 2024 · 0 comments
Assignees
Labels
type:bug Something isn't working zone:backend Backend oriented tasks zone:frontend Frontend oriented tasks
Milestone

Comments

@msm-cert
Copy link
Member

Another issue related to the OIDC flows - right now, when:

  • user logs in once
  • then their token expires
  • the user visits any page

The user will always be redirected to a login flow. Even if the page is accessible by an anonymous user. So this is not just logging the user out, this is always forcing the relogin.

When token expires, user should just be regularly logged out, and have permissions like any other anonymous user would.

@msm-cert msm-cert added type:bug Something isn't working zone:frontend Frontend oriented tasks zone:backend Backend oriented tasks labels Oct 16, 2024
@msm-cert msm-cert modified the milestones: v1.5.0, Sprint 1 Oct 16, 2024
@msm-cert msm-cert modified the milestones: v1.5.0, v1.6.0 Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type:bug Something isn't working zone:backend Backend oriented tasks zone:frontend Frontend oriented tasks
Projects
None yet
Development

No branches or pull requests

2 participants