Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not invalidate main token on OAuth #11082

Merged
merged 1 commit into from
Sep 6, 2018
Merged

Do not invalidate main token on OAuth #11082

merged 1 commit into from
Sep 6, 2018

Conversation

rullzer
Copy link
Member

@rullzer rullzer commented Sep 6, 2018

Fixes #10584

We deleted the main token when using the login flow else mutliple tokens
would show up for a single user.

However in the case of OAuth this is perfectly fine as the
authentication happens really in your browser:

  1. You are already logged in, no need to log you out
  2. You are not logged in yet, but since you log in into the exact same
    browser the expected behavior is to stay logged in.

Signed-off-by: Roeland Jago Douma roeland@famdouma.nl

@rullzer
Do not invalidate main token on OAuth
be2d8cc 
Fixes #10584

We deleted the main token when using the login flow else mutliple tokens
would show up for a single user.

However in the case of OAuth this is perfectly fine as the
authentication happens really in your browser:

1. You are already logged in, no need to log you out
2. You are not logged in yet, but since you log in into the exact same
browser the expected behavior is to stay logged in.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer added this to the Nextcloud 15 milestone Sep 6, 2018
ChristophWurst
ChristophWurst approved these changes Sep 6, 2018
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense 👍

@rullzer rullzer merged commit 70a21de into master Sep 6, 2018
@rullzer rullzer deleted the fix/10584/no_invalidate_token_oauth branch September 6, 2018 11:14
@rullzer rullzer mentioned this pull request Sep 6, 2018
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Oct 19, 2018
Closed
@Teifun2
Copy link

Teifun2 commented Jul 17, 2020

I might be totally wrong here but i think my issue is connected to this one.

For my flutter app i use the login flow v2 . The problem is that the session with which the apptoken for the app is generated stays open. This results in two new sessions where i would like to have only one.

Sadly i cannot figure out who to close the session which was opened to create the apptoken.

@GTVolk GTVolk mentioned this pull request Dec 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@icewind1991 icewind1991 icewind1991 approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@blizzz blizzz Awaiting requested review from blizzz

@juliushaertl juliushaertl Awaiting requested review from juliushaertl

Assignees
No one assigned
Labels
3. to review Waiting for reviews bug feature: authentication
Projects
None yet
Milestone
Nextcloud 15
Development

Successfully merging this pull request may close these issues.

Performing the OAuth authorisation flow leads to logout in the browser
5 participants
@rullzer @Teifun2 @icewind1991 @ChristophWurst @nickvergessen