Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-141198

OpenID Connect does not store refreshed token

    Details

      Description

      LPS-124963 changed technique of storing OpenID Connect session to HTTP session. After refreshing the tokens the code does not store the updated OpenIdConnectSessionImpl object to httpSession. Code in OpenIdConnectSessionProviderImpl.getOpenIdConnectSession(HttpSession) creates new OpenIdConnectSession instance from serialized data every time and OpenIdConnectServiceHandlerImpl was not updated to reflect this change.

      Symptoms: after expiration of access token OpenID Connect refreshes it in every request (can be seen in log: [OpenIdConnectServiceHandlerImpl:433] User session auth token is invalid, attempting to use refresh token to obtain a valid auth token).

      Proposed patch against com.liferay.portal.security.sso.openid.connect.impl-5.0.32:

       
      --- OpenIdConnectServiceHandlerImpl.java.orig	2021-06-24 06:36:54.000000000 +0200
      +++ OpenIdConnectServiceHandlerImpl.java_	2021-10-20 13:24:30.873200323 +0200
      @@ -113,7 +113,11 @@
       
       		if (!hasValidAccessToken(openIdConnectSessionImpl)) {
       			try {
      -				return refreshAuthToken(openIdConnectSessionImpl);
      +				boolean result = refreshAuthToken(openIdConnectSessionImpl);
      +				if (result) {
      +					OpenIdConnectSessionProviderImpl.setOpenIdConnectSession(httpSession, openIdConnectSessionImpl);
      +				}
      +				return result;
       			}
       			catch (OpenIdConnectServiceException
       						openIdConnectServiceException) {
      

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            pavol_simo Pal'o Šimo
            Participants of an Issue:
            Recent user:
            Pal'o Šimo
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Days since last comment:
              6 weeks, 3 days ago

                Packages

                Version Package