Skip to content

Do not invalidate main token on OAuth #11082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rullzer merged 1 commit into from
Sep 6, 2018
Merged

Do not invalidate main token on OAuth #11082

rullzer merged 1 commit into from
Sep 6, 2018

Conversation

@rullzer
Copy link
Member

@rullzer rullzer commented Sep 6, 2018

Fixes #10584

We deleted the main token when using the login flow else mutliple tokens
would show up for a single user.

However in the case of OAuth this is perfectly fine as the
authentication happens really in your browser:

  1. You are already logged in, no need to log you out
  2. You are not logged in yet, but since you log in into the exact same
    browser the expected behavior is to stay logged in.

Signed-off-by: Roeland Jago Douma [email protected]

@rullzer
Do not invalidate main token on OAuth
be2d8cc 
Fixes #10584

We deleted the main token when using the login flow else mutliple tokens
would show up for a single user.

However in the case of OAuth this is perfectly fine as the
authentication happens really in your browser:

1. You are already logged in, no need to log you out
2. You are not logged in yet, but since you log in into the exact same
browser the expected behavior is to stay logged in.

Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer rullzer added this to the Nextcloud 15 milestone Sep 6, 2018
ChristophWurst
ChristophWurst approved these changes Sep 6, 2018
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense 👍

@rullzer rullzer merged commit 70a21de into master Sep 6, 2018
@rullzer rullzer deleted the fix/10584/no_invalidate_token_oauth branch September 6, 2018 11:14
@rullzer rullzer mentioned this pull request Sep 6, 2018
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Oct 19, 2018
Closed
@Teifun2
Copy link

Teifun2 commented Jul 17, 2020

I might be totally wrong here but i think my issue is connected to this one.

For my flutter app i use the login flow v2 . The problem is that the session with which the apptoken for the app is generated stays open. This results in two new sessions where i would like to have only one.

Sadly i cannot figure out who to close the session which was opened to create the apptoken.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@icewind1991 icewind1991 icewind1991 approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@blizzz blizzz Awaiting requested review from blizzz

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

Assignees

No one assigned

Labels

3. to review Waiting for reviews bug feature: authentication

Projects

None yet

Milestone

Nextcloud 15

Development

Successfully merging this pull request may close these issues.

Performing the OAuth authorisation flow leads to logout in the browser

6 participants

@rullzer @Teifun2 @icewind1991 @ChristophWurst @nickvergessen