Skip to content

feat: Refresh token during active user sessions #1391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
julien-nc merged 1 commit into from
Mar 30, 2026
+10 −3
Merged

feat: Refresh token during active user sessions #1391

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions lib/Service/TokenService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,12 +80,14 @@ public function storeToken(array $tokenData): Token {
/**
* Get the token stored in the session
* If it has expired: try to refresh it
* If it is expiring and $refreshIfExpiring is true: proactively refresh it to keep the IdP session alive
*
* @param bool $refreshIfExpired
* @param bool $refreshIfExpiring Proactively refresh a still-valid but expiring token (past half its lifetime)
* @return Token|null Return a token only if it is valid or has been successfully refreshed
* @throws \JsonException
*/
public function getToken(bool $refreshIfExpired = true): ?Token {
public function getToken(bool $refreshIfExpired = true, bool $refreshIfExpiring = false): ?Token {
$sessionData = $this->session->get(self::SESSION_TOKEN_KEY);
$this->logger->debug('[TokenService] Get token from the session', ['session_id' => $this->session->getId()]);
if (!$sessionData) {
Expand All @@ -96,6 +98,11 @@ public function getToken(bool $refreshIfExpired = true): ?Token {
$token = new Token(json_decode($sessionData, true, 512, JSON_THROW_ON_ERROR));
// token is still valid
if (!$token->isExpired()) {
// proactively refresh when past half the token lifetime to keep the IdP session alive
if ($refreshIfExpiring && $token->isExpiring() && $token->getRefreshToken() !== null && !$token->refreshIsExpired()) {
$this->logger->debug('[TokenService] getToken: token is expiring, proactively refreshing to keep IdP session alive, expires in ' . strval($token->getExpiresInFromNow()));
return $this->refresh($token);
}
$this->logger->debug('[TokenService] getToken: token is still valid, it expires in ' . strval($token->getExpiresInFromNow()) . ' and refresh expires in ' . strval($token->getRefreshExpiresInFromNow()));
return $token;
}
Expand Down Expand Up @@ -157,7 +164,7 @@ public function checkLoginToken(): void {
return;
}

$token = $this->getToken();
$token = $this->getToken(refreshIfExpired: true, refreshIfExpiring: true);
if ($token === null) {
$this->logger->debug('[TokenService] checkLoginToken: token is null');
// if we don't have a token but we had one once,
Expand Down Expand Up @@ -226,7 +233,7 @@ public function refresh(Token $token): Token {
$sessionData = $this->session->get(self::SESSION_TOKEN_KEY);
if ($sessionData) {
$currentToken = new Token(json_decode($sessionData, true, 512, JSON_THROW_ON_ERROR));
if (!$currentToken->isExpired()) {
if (!$currentToken->isExpired() && !$currentToken->isExpiring()) {
$this->logger->debug('[TokenService] Token already refreshed by another request');
return $currentToken;
}
Expand Down
Loading