[
https://issues.apache.org/jira/browse/NIFI-4890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17621260#comment-17621260
]
David Handermann commented on NIFI-4890:
----------------------------------------
Thanks for the additional comments [~Browne]. I have been evaluating options
for refactoring the OIDC implementation to support refresh tokens.
By way of background, can you provide any details on the OIDC provider you are
using? In deployments where it is possible to control the token lifetime, there
are options, but I understand many providers limit token validity and require
refresh token handling.
> OIDC Token Refresh is not done correctly
> ----------------------------------------
>
> Key: NIFI-4890
> URL: https://issues.apache.org/jira/browse/NIFI-4890
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 1.5.0
> Environment: Environment:
> Browser: Chrome / Firefox
> Configuration of NiFi:
> - SSL certificate for the server (no client auth)
> - OIDC configuration including end_session_endpoint (see the link
> https://auth.s.orchestracities.com/auth/realms/default/.well-known/openid-configuration)
>
> Reporter: Federico Michele Facca
> Assignee: David Handermann
> Priority: Major
>
> It looks like the NIFI UI is not refreshing the OIDC token in background, and
> because of that, when the token expires, tells you that your session is
> expired. and you need to refresh the page, to get a new token.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
