OpenID Connect: refreshing the cookie

Hi,

When https://github.com/bitly/oauth2_proxy/pull/389 was implemented, it seems that the [RefreshSessionIfNeeded](https://github.com/bitly/oauth2_proxy/pull/389/files#diff-0e18159d630972da194b7289c16d1b99R75) function's definition is dummy? Why would we not use the refresh token instead and actually refresh the session?
 
Right now, if `cookie-refresh` is set, the dummy function is executed, and the code proceeds to [ValidateSessionState](https://github.com/bitly/oauth2_proxy/blob/b0c1c851770ec12b72e211e4c68c3dd37d5f9638/oauthproxy.go#L632) (`saveSession && !revalidated`), which throws the ugly `removing session. error validating` and instantly de-authenticate.

In other words, as of now, if `-cookie-expire=24h` and `-cookie-refresh=1h`, instead of having at least 24h worth of session, or infinity if the page is visited every < 24h, we get dope 1h long sessions.

/cc @ericchiang 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

OpenID Connect: refreshing the cookie #523

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

OpenID Connect: refreshing the cookie #523

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions