This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Expose keyval timeouts for the OIDC integration via NIC's configmap & helm chart. #5099
Labels
proposal
An issue that proposes a feature request
Comments
|
Hi @jo-carter thanks for reporting! Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂 Cheers! |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Is your feature request related to a problem? Please describe.
When extending expiration duration for ID Token beyond 1 hour, the default OIDC configuration will delete the ID token from associated keyval zone after exactly 1 hour.
Refresh of tokens (using refresh token) are not guaranteed to return ID Token (even if still active/expiration has not passed) - in the use-case that prompted this feature request - the IDP did not.
This effectively limited session duration to 1 hour before a re-login flow was required.
Describe the solution you'd like
Expose keyval timeouts found here as NIC configmap keys, and via helm values file key.
Describe alternatives you've considered
This issue was resolved in the short term by adjusting and manually overriding the oidc_common.conf file in the NIC container using a configmap injected via volume mount.
Other options included building custom NIC images, with that file adjusted with desired timeouts.
Both approaches are less convenient / require more ongoing maintaincence than configuration via configmap key / helm values file key.
The text was updated successfully, but these errors were encountered: