Andrew, sounds like a feature that might be developed. Can you please open an issue to request this.
On Thu, 2 Mar 2023 at 16:15, Andrew McGuinness < and...@dev.sunshineriding.co.uk> wrote: > I've started using jetty-openid for authentication (with jetty 10), and as > far as I can see, once a user has authenticated successfully with openid, > their session stays authenticated for the lifetime of the session (based on > idle time or cookie exipry). > > I would have thought ideally the session should only remain authenticated > until the expiry time returned with the access token is reached. At that > point the refresh token should be used to obtain a new valid access token. > > Does that sound right? Is it a feature that might be developed? > > > > > > > > > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users > -- Greg Wilkins <gr...@webtide.com> CTO http://webtide.com
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users