From 48588152f543f95ed690e6a922cdf82a60a8429e Mon Sep 17 00:00:00 2001 From: Akhil Date: Fri, 6 Jan 2023 13:59:01 +0530 Subject: [PATCH] Add setting oidc_refresh_tokens_enabled --- README.md | 6 ++++++ lib/AppInfo/Application.php | 3 ++- lib/Controller/LoginController.php | 5 ++++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index db869d5..cf9c221 100644 --- a/README.md +++ b/README.md @@ -209,6 +209,12 @@ $CONFIG = array ( // - 'plain' // The default value is empty, which won't apply the PKCE flow. 'oidc_login_code_challenge_method' => '', + + // If OIDC server has refresh tokens enabled and + // you want to manage session at OIDC server by storing + // and refreshing tokens. Defaults to false. + 'oidc_refresh_tokens_enabled' => false, + ); ``` ### Usage with [Keycloak](https://www.keycloak.org/) diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index fdf8b1d..a0737c4 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -127,7 +127,8 @@ public function boot(IBootContext $context): void }); } - if (!$this->tokenService->refreshTokens()) { + $refreshTokensEnabled = $this->config->getSystemValue('oidc_refresh_tokens_enabled', false); + if ($refreshTokensEnabled && !$this->tokenService->refreshTokens()) { $userSession->logout(); } diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php index 65d9e62..8459aa5 100644 --- a/lib/Controller/LoginController.php +++ b/lib/Controller/LoginController.php @@ -94,8 +94,11 @@ public function oidc() $oidc->authenticate(); $tokenResponse = $oidc->getTokenResponse(); - $this->tokenService->storeTokens($tokenResponse); + $refreshTokensEnabled = $this->config->getSystemValue('oidc_refresh_tokens_enabled', false); + if ($refreshTokensEnabled) { + $this->tokenService->storeTokens($tokenResponse); + } $user = null; if ($this->config->getSystemValue('oidc_login_use_id_token', false)) { // Get user information from ID Token