[
https://issues.apache.org/jira/browse/NIFI-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17579646#comment-17579646
]
Malthe Borch commented on NIFI-4890:
------------------------------------
[~ecerulm], I think this is better handled in the NiFi server code.
If a JWT token is expired (this is checked by the server code), then today, the
response becomes a 401 Unauthorized.
Instead, what should happen is that NiFi should:
# Check that the JWT wasn't revoked
# Check if we have a stored refresh token
# Call the refresh url to get an updated access token and group memberships
and such
# Issue a new JWT
This would then be completely transparent to the user.
> OIDC Token Refresh is not done correctly
> ----------------------------------------
>
> Key: NIFI-4890
> URL: https://issues.apache.org/jira/browse/NIFI-4890
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 1.5.0
> Environment: Environment:
> Browser: Chrome / Firefox
> Configuration of NiFi:
> - SSL certificate for the server (no client auth)
> - OIDC configuration including end_session_endpoint (see the link
> https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration)
>
> Reporter: Federico Michele Facca
> Assignee: Raz Dobkies
> Priority: Major
>
> It looks like the NIFI UI is not refreshing the OIDC token in background, and
> because of that, when the token expires, tells you that your session is
> expired. and you need to refresh the page, to get a new token.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
