Refresh Token handling for OIDC

[ihardyslide]

trafficstars

Hi,

is the OIDC integration in Coral currently perfoming a refresh token flow? I think as far as I have understood the source code, once a access-token is grabbed from the OIDC authentication provider, Coral creates it's own token from it which is then used for further authentication with Coral.

As I understand, this token lives as long as "Session Duration" is configured in Admin Dashboard. The shortest amount of time which can be configured there is 1 hour.

Unfortunately, our authentication provider only provides tokens which live 5mins.

So as soon as I want to communicate with the authentication provider's API after >5mins (to get infos about the user), I need to get a new access-token. For this I would need to call the OIDC provider with refresh_token grant_type instead of authorization_code.

My question is, would I need to customize a full refresh token flow, or only customize the configuration in the admin dashboard? Maybe I missed something entirely.

I hope someone can clear this a bit up for me, thank you in advance!