Support for "silent authentication/session refresh" (#17)

Add support for prompt=none and automatic session refresh if configured. This also requires disabling the access_token code that enforces permanent session (this should be set by the user instead) To use this feature, simply pass: OIDCAuthentication(client_registration_info={'session_refresh_interval': 900, ...}).
zamzterz · Aug 24, 2017 · 5641e34 · 5641e34
1 parent 235d342
commit 5641e34
Show file tree

Hide file tree

Showing 5 changed files with 496 additions and 65 deletions.
diff --git a/README.md b/README.md
@@ -54,6 +54,23 @@ auth = OIDCAuthentication(client_registration_info=client_info)
 **Note: The redirect URIs registered with the provider MUST include `<application_url>/redirect_uri`,
 where `<application_url>` is the URL for the Flask application.**
 
+#### Session refresh
+
+If your OpenID Connect provider supports the `prompt=none` parameter, the library can automatically support session refresh on your behalf.
+This ensures that the user session attributes (OIDC claims, user being active, etc.) are valid and up-to-date without having to log the user out and back in.
+To use the feature simply pass the parameter requesting the session refresh interval as such:
+```python
+client_info = {
+    'client_id': 'cl41ekfb9j',
+    'client_secret': 'm1C659wLipXfUUR50jlZ',
+    'session_refresh_interval_seconds': 900
+
+}
+auth = OIDCAuthentication(client_registration_info=client_info)
+```
+
+**Note: The client will still be logged out at whichever expiration time you set for the Flask session.
+
 #### Dynamic client registration
 
 If no `client_id` is specified in the `client_registration_info` constructor parameter, the library will try to

diff --git a/example/app.py b/example/app.py
@@ -6,10 +6,21 @@
 PORT = 5000
 app = Flask(__name__)
 
-app.config.update({'SERVER_NAME': 'localhost:{}'.format(PORT),
-                   'SECRET_KEY': 'dev_key'})
-auth = OIDCAuthentication(app, issuer="https://localhost:50009")
 
+# See http://flask.pocoo.org/docs/0.12/config/
+app.config.update({'SERVER_NAME': 'example.com',
+                   'SECRET_KEY': 'dev_key',
+                   'PREFERRED_URL_SCHEME': 'https',
+                   'SESSION_PERMANENT': True, # turn on flask session support
+                   'PERMANENT_SESSION_LIFETIME': 2592000, # session time in seconds (30 days)
+                   'DEBUG': True})
+
+client_info = {
+	'client_id': '',
+	'client_secret': ''
+}
+
+auth = OIDCAuthentication(app, client_registration_info=client_info, issuer="auth.example.net")
 
 @app.route('/')
 @auth.oidc_auth