[ https://issues.apache.org/jira/browse/NIFI-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17579646#comment-17579646 ]
Malthe Borch commented on NIFI-4890: ------------------------------------ [~ecerulm], I think this is better handled in the NiFi server code. If a JWT token is expired (this is checked by the server code), then today, the response becomes a 401 Unauthorized. Instead, what should happen is that NiFi should: # Check that the JWT wasn't revoked # Check if we have a stored refresh token # Call the refresh url to get an updated access token and group memberships and such # Issue a new JWT This would then be completely transparent to the user. > OIDC Token Refresh is not done correctly > ---------------------------------------- > > Key: NIFI-4890 > URL: https://issues.apache.org/jira/browse/NIFI-4890 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI > Affects Versions: 1.5.0 > Environment: Environment: > Browser: Chrome / Firefox > Configuration of NiFi: > - SSL certificate for the server (no client auth) > - OIDC configuration including end_session_endpoint (see the link > https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration) > > Reporter: Federico Michele Facca > Assignee: Raz Dobkies > Priority: Major > > It looks like the NIFI UI is not refreshing the OIDC token in background, and > because of that, when the token expires, tells you that your session is > expired. and you need to refresh the page, to get a new token. -- This message was sent by Atlassian Jira (v8.20.10#820010)