Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: Keycloak Refresh Tokens before Expiry #190

Merged
merged 1 commit into from
Nov 27, 2024
Merged

Fix: Keycloak Refresh Tokens before Expiry #190

merged 1 commit into from
Nov 27, 2024

Conversation

GODrums
Copy link
Contributor

@GODrums GODrums commented Nov 27, 2024
edited
Loading

Motivation

Currently, users are forced to refresh the Hephaestus-Website (every 30 minutes) when the access token expires and subsequent requests include invalid authentication/JWT token.

Description

This PR fixes the token expiry issue by adding a refresh interval checking for expiry every 60 seconds. Keycloak then refreshes the token itself (triggers a new request to the Keycloak-server).

The PR implements ideas from this best practices guide: https://github.com/akoserwal/keycloak-integrations/blob/main/angular-keycloak/src/main.ts

Additional security suggestions from this Medium article could indepently used for higher security.

Testing Instructions

  • Run application-server and webapp
  • Login on the website
  • Wait for the set accessTokenValidity set in the Keycloak Admin Interface (previously 30min)
  • Check if new requests, e.g. switching the leaderboard, still load

Screenshots (if applicable)

Checklist

General

  • PR title is clear and descriptive
  • PR description explains the purpose and changes
  • Code follows project coding standards
  • Self-review of the code has been done
  • Changes have been tested locally
  • Screenshots have been attached (if applicable)
  • Documentation has been updated (if applicable)

@GODrums GODrums added bug Something isn't working priority:critical Urgent tasks needing immediate resolution. labels Nov 27, 2024
@GODrums GODrums self-assigned this Nov 27, 2024
@github-actions github-actions bot added client size:S This PR changes 10-29 lines, ignoring generated files. labels Nov 27, 2024
FelixTJDietrich
FelixTJDietrich approved these changes Nov 27, 2024
View reviewed changes
Copy link
Collaborator

@FelixTJDietrich FelixTJDietrich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for fixing this!

@FelixTJDietrich FelixTJDietrich merged commit 2e8e6ca into develop Nov 27, 2024
5 checks passed
@FelixTJDietrich FelixTJDietrich deleted the fix/keycloak-token-expiry branch November 27, 2024 09:08
@GODrums GODrums mentioned this pull request Nov 27, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FelixTJDietrich FelixTJDietrich FelixTJDietrich approved these changes

Assignees

@GODrums GODrums

Labels
bug Something isn't working client priority:critical Urgent tasks needing immediate resolution. size:S This PR changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GODrums @FelixTJDietrich