Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59510

Keep OAuth 2 connections alive across users' sessions

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.3, Future Dev
    • Fix Version/s: None
    • Labels:
    • Affected Branches:
      MOODLE_33_STABLE

      Description

      Access tokens can be very short-lived: https://tools.ietf.org/html/rfc6749#section-4.2.2 exemplarily specifies a lifetime of one hour, which is implemented accordingly in ownCloud and Nextcloud 

      This results in situations in which users have to re-authorise Moodle after one hour is elapsed. I assume that this will be very annoying.

      However, ownCloud authorisations transmit a refresh token that is used to obtain a new access token without manual interaction. The refresh token mechanism is already supported for (and used by) connected system accounts, and should be extended to connected user accounts accordingly.

      Alternative solution: Increase the expiry period of access tokens in affected services, i.e. try to convince own- / Nextcloud to change this. However, this does not solve the general case. Also I think that short-lived access tokens are sensible, e.g. to prevent replay attacks.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jan.dagefoerde Jan Dageförde
                Participants:
                Component watchers:
                Andrew Nicols, Mathew May, Michael Hawkins, Shamim Rezaie, Simey Lameze, Adrian Greeve, Mihail Geshoski, Peter Dias
              • Votes:
                4 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: