Support refresh tokens (#7802)
MSC: https://github.com/matrix-org/matrix-doc/pull/2918 Fixes https://github.com/vector-im/element-web/issues/18698 Fixes https://github.com/vector-im/element-web/issues/20648 **Requires https://github.com/matrix-org/matrix-js-sdk/pull/2178** **Note**: There's a lot of logging in this PR. That is intentional to ensure that if/when something goes wrong we can chase the exact code path. It does not log any tokens - just where the code is going. Overall, it should be fairly low volume spam (and can be relaxed at a later date). ---- This approach uses indexeddb (through a mutex library) to manage which tab actually triggers the refresh, preventing issues where multiple tabs try to update the token. If multiple tabs update the token then the server might consider the account hacked and hard logout all the tokens. If for some reason the timer code gets it wrong, or the user has been offline for too long and the token can't be refreshed, they should be sent to a soft logout screen by the server. This will retain the user's encryption state - they simply need to reauthenticate to get an active access token again. This additionally contains a change to fix soft logout not working, per the issue links above. Of interest may be the IPC approach which was ultimately declined in favour of this change instead: https://github.com/matrix-org/matrix-react-sdk/pull/7803
This commit is contained in:
Travis Ralston
GitHub
parent
a958cd20f1
commit
839593412c
9 changed files with 504 additions and 25 deletions
|
|
@ -37,6 +37,7 @@ import AuthBody from "../../views/auth/AuthBody";
|
|||
import AuthHeader from "../../views/auth/AuthHeader";
|
||||
import InteractiveAuth from "../InteractiveAuth";
|
||||
import Spinner from "../../views/elements/Spinner";
|
||||
import { TokenLifecycle } from "../../../TokenLifecycle";
|
||||
|
||||
interface IProps {
|
||||
serverConfig: ValidatedServerConfig;
|
||||
|
|
@ -415,6 +416,7 @@ export default class Registration extends React.Component<IProps, IState> {
|
|||
initial_device_display_name: this.props.defaultDeviceDisplayName,
|
||||
auth: undefined,
|
||||
inhibit_login: undefined,
|
||||
refresh_token: TokenLifecycle.instance.isFeasible,
|
||||
};
|
||||
if (auth) registerParams.auth = auth;
|
||||
if (inhibitLogin !== undefined && inhibitLogin !== null) registerParams.inhibit_login = inhibitLogin;
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import AccessibleButton from '../../views/elements/AccessibleButton';
|
|||
import Spinner from "../../views/elements/Spinner";
|
||||
import AuthHeader from "../../views/auth/AuthHeader";
|
||||
import AuthBody from "../../views/auth/AuthBody";
|
||||
import { TokenLifecycle } from "../../../TokenLifecycle";
|
||||
|
||||
const LOGIN_VIEW = {
|
||||
LOADING: 1,
|
||||
|
|
@ -154,6 +155,7 @@ export default class SoftLogout extends React.Component<IProps, IState> {
|
|||
},
|
||||
password: this.state.password,
|
||||
device_id: MatrixClientPeg.get().getDeviceId(),
|
||||
refresh_token: TokenLifecycle.instance.isFeasible,
|
||||
};
|
||||
|
||||
let credentials = null;
|
||||
|
|
@ -187,6 +189,7 @@ export default class SoftLogout extends React.Component<IProps, IState> {
|
|||
const loginParams = {
|
||||
token: this.props.realQueryParams['loginToken'],
|
||||
device_id: MatrixClientPeg.get().getDeviceId(),
|
||||
refresh_token: TokenLifecycle.instance.isFeasible,
|
||||
};
|
||||
|
||||
let credentials = null;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue