Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-135155

Liferay as OpenId Connect client server should not treat not returning a refresh_token in refreash_token exchange as no refresh_token granted

    Details

      Description

      By specification:
      https://datatracker.ietf.org/doc/html/rfc6749#section-6

         If valid and authorized, the authorization server issues an access
         token as described in Section 5.1.  If the request failed
         verification or is invalid, the authorization server returns an error
         response as described in Section 5.2.
      
         The authorization server MAY issue a new refresh token, in which case
         the client MUST discard the old refresh token and replace it with the
         new refresh token.  The authorization server MAY revoke the old
         refresh token after issuing a new refresh token to the client.  If a
         new refresh token is issued, the refresh token scope MUST be
         identical to that of the refresh token included by the client in the
         request.
      

      It is up to OIDC provider to return a new refresh token or not in a refresh_token exchange response, however our Liferay code treat no refresh_token in a refresh_token exchange response as no refresh_token granted, meaning Liferay will not issue new token refresh process next time.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              gabor.lovas Gábor Lovas
              Reporter:
              arthur.chen Arthur Chen
              Participants of an Issue:
              Recent user:
              Clarissa Velazquez
              Engineering Assignee:
              Arthur Chen
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                16 weeks, 5 days ago

                  Packages

                  Version Package
                  7.2.10 DXP FP16
                  7.2.X
                  7.3.X
                  7.4.2 CE GA3 DXP 7,4
                  7.4.13 DXP GA1
                  7.4.3.4 CE GA4
                  Master