From b142a72a9e5c984ceb25b239dfa1b3dddd4a91a9 Mon Sep 17 00:00:00 2001 From: Perry Harrington Date: Mon, 10 Jul 2023 19:58:33 -0700 Subject: [PATCH] Added on-demand session token refresh Added a special case that allows AJAX queries to refresh the session on demand. AJAX queries simply need to add the header 'X-Refresh-OIDC-Token' to the request and it will reset the session expiration so it generates a reauth redirect. This allows SPAs and other Javascript driven applications to proactively control session refresh. --- mozilla_django_oidc/middleware.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mozilla_django_oidc/middleware.py b/mozilla_django_oidc/middleware.py index 1b050325..67f3847e 100644 --- a/mozilla_django_oidc/middleware.py +++ b/mozilla_django_oidc/middleware.py @@ -120,8 +120,13 @@ def process_request(self, request): LOGGER.debug("request is not refreshable") return - expiration = request.session.get("oidc_id_token_expiration", 0) now = time.time() + + if hasattr(request, 'headers') and 'X-Refresh-OIDC-Token' in request.headers: + request.session['oidc_id_token_expiration'] = now + + expiration = request.session.get("oidc_id_token_expiration", 0) + if expiration > now: # The id_token is still valid, so we don't have to do anything. LOGGER.debug("id token is still valid (%s > %s)", expiration, now)