moonming commented on issue #12495: URL: https://github.com/apache/apisix/issues/12495#issuecomment-3200057876
Hi, @RegMTS thanks for the detailed report and clear description of your use case. Currently, Apache APISIX’s openid-connect plugin does not share session / refresh token context across multiple routes. This is why you are observing either refresh token failures or login loops when trying to protect both SPA and API routes with separate plugin instances. One possible direction to address this limitation would be to allow the plugin to use an external session store (e.g., Redis), so that different routes (or even different APISIX nodes) could share the same OIDC session context. In theory, this could solve the mismatch you are experiencing during token refresh. At the moment, this feature is not implemented. We’d be very interested to hear your feedback: - Would external session storage fit your architecture? - Do you see other approaches that could help in your scenario? Contributions and design discussions around this feature are very welcome. Thanks again for raising this important use case! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
