Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] jetty-openid : honouring expiry time

Andrew,

sounds like a feature that might be developed.  Can you please open an issue to request this.

On Thu, 2 Mar 2023 at 16:15, Andrew McGuinness <andrew@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I've started using jetty-openid for authentication (with jetty 10), and as far as I can see, once a user has authenticated successfully with openid, their session stays authenticated for the lifetime of the session (based on idle time or cookie exipry).

I would have thought ideally the session should only remain authenticated until the expiry time returned with the access token is reached. At that point the refresh token should be used to obtain a new valid access token.

Does that sound right? Is it a feature that might be developed?









_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users


--
Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com

Back to the top