Skip to content

Do not invalidate main token on OAuth#11082

Merged
rullzer merged 1 commit intomasterfrom
fix/10584/no_invalidate_token_oauth
Sep 6, 2018
Merged

Do not invalidate main token on OAuth#11082
rullzer merged 1 commit intomasterfrom
fix/10584/no_invalidate_token_oauth

Conversation

@rullzer
Copy link
Member

@rullzer rullzer commented Sep 6, 2018

Fixes #10584

We deleted the main token when using the login flow else mutliple tokens
would show up for a single user.

However in the case of OAuth this is perfectly fine as the
authentication happens really in your browser:

  1. You are already logged in, no need to log you out
  2. You are not logged in yet, but since you log in into the exact same
    browser the expected behavior is to stay logged in.

Signed-off-by: Roeland Jago Douma roeland@famdouma.nl

@rullzer
Do not invalidate main token on OAuth
be2d8cc 
Fixes #10584

We deleted the main token when using the login flow else mutliple tokens
would show up for a single user.

However in the case of OAuth this is perfectly fine as the
authentication happens really in your browser:

1. You are already logged in, no need to log you out
2. You are not logged in yet, but since you log in into the exact same
browser the expected behavior is to stay logged in.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer added this to the Nextcloud 15 milestone Sep 6, 2018
ChristophWurst
ChristophWurst approved these changes Sep 6, 2018
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense 👍

@rullzer rullzer merged commit 70a21de into master Sep 6, 2018
@rullzer rullzer deleted the fix/10584/no_invalidate_token_oauth branch September 6, 2018 11:14
@rullzer rullzer mentioned this pull request Sep 6, 2018
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Oct 19, 2018
Closed
@Teifun2
Copy link

Teifun2 commented Jul 17, 2020

I might be totally wrong here but i think my issue is connected to this one.

For my flutter app i use the login flow v2 . The problem is that the session with which the apptoken for the app is generated stays open. This results in two new sessions where i would like to have only one.

Sadly i cannot figure out who to close the session which was opened to create the apptoken.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@icewind1991 icewind1991 icewind1991 approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@blizzz blizzz Awaiting requested review from blizzz

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

Assignees

No one assigned

Labels

3. to review Waiting for reviews bug feature: authentication

Projects

None yet

Milestone

Nextcloud 15

Development

Successfully merging this pull request may close these issues.

Performing the OAuth authorisation flow leads to logout in the browser

5 participants

@rullzer @Teifun2 @icewind1991 @ChristophWurst @nickvergessen