github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-02-14 17:49:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(session): add feature toggle for automatic refreshing

Browse Source
This commit is contained in:
Trong Huu Nguyen
2023-09-15 08:58:12 +02:00
parent 0b3cd4d9f6
commit c4911b1344
6 changed files with 85 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/configuration.md
View File

@@ -38,7 +38,10 @@ The following flags are available:
| `session.inactivity` | boolean | Automatically expire user sessions if they have not refreshed their tokens within a given duration. | |
| `session.inactivity-timeout` | duration | Inactivity timeout for user sessions. | `30m` |
| `session.max-lifetime` | duration | Max lifetime for user sessions. | `1h` |
| `session.refresh` | boolean | Enable refresh tokens. In standalone mode, will automatically refresh tokens if they are expired as long as the session is valid (i.e. not exceeding `session.max-lifetime` or `session.inactivity-timeout`). | |
| `session.refresh` | boolean | Enable refresh tokens. | |
| `session.refresh-auto` | boolean | Enable automatic refresh of tokens. Only available in standalone mode. Will automatically refresh tokens if they are expired as long as the session is valid (i.e. not exceeding `session.max-lifetime` or `session.inactivity-timeout`). | |
| `shutdown-graceful-period` | duration | Graceful shutdown period when receiving a shutdown signal after which the server is forcibly exited. | |
| `shutdown-wait-before-period` | duration | Wait period when receiving a shutdown signal before actually starting a graceful shutdown. Useful for allowing propagation of Endpoint updates in Kubernetes. | |
| `sso.domain` | string | The domain that the session cookies should be set for, usually the second-level domain name (e.g. `example.com`). | |
| `sso.enabled` | boolean | Enable single sign-on mode; one server acting as the OIDC Relying Party, and N proxies. The proxies delegate most endpoint operations to the server, and only implements a reverse proxy that reads the user's session data from the shared store. | |
| `sso.mode` | string | The SSO mode for this instance. Must be one of `server` or `proxy`. | `server` |

5
docs/sessions.md
View File

@@ -29,12 +29,13 @@ The ability to refresh tokens requires the `session.refresh` flag to be enabled.
The behaviour for refreshing depends on the [runtime mode](configuration.md#modes) for Wonderwall.
In standalone mode, tokens will at the _earliest_ automatically be renewed 5 minutes before they expire.
In standalone mode, tokens can automatically be refreshed by enabling the `session.refresh-auto` flag.
If enabled, token will at the _earliest_ automatically be renewed 5 minutes before they expire.
If the token already _has_ expired, a refresh attempt is still automatically triggered as long as the session itself not has ended or is marked as inactive.
Automatic refreshes happens whenever the end-user visits or requests any path that is proxied to the upstream application.
In SSO mode, tokens are not automatically refreshed, and must be manually refreshed by performing a request to [the `/oauth2/session/refresh` endpoint](endpoints.md#oauth2sessionrefresh).
In SSO mode, tokens can not be automatically refreshed. They must be refreshed by performing a request to [the `/oauth2/session/refresh` endpoint](endpoints.md#oauth2sessionrefresh).
## Session Inactivity