mod_auth_openidc: Refresh token fails
I am using mod_auth_openidc with Apache and varnish catch reverse proxy in front of Grafana to offload SSO OAuth2; once I login, after sometime I get the below fetch error, as I investigated the issue; found that the OAuth token gets expired and mod_auth_openidc is not able to refresh the token; I was able to trace the flow
Failed to fetch dashboard
NetworkError when attempting to fetch resource.
mod_auth_openidc token refresh flow
- Token gets expired and the http get call is redirected to oauth server with HTTP 302
- The redirection fails with http 403 error HTTP Options method is used instead of get or post
Firefox network flow --
And if the Browser is refreshed and full page gets loaded everything is fine, strange
- The mod_auth_openidc redirection to oauth server with http 302
- The token gets refreshed and oauth server redirects to the application with http 302
- The page gets loaded with http 200
Firefox network flow --
Seems like the OAuth Server is not processing the HTTP Option method; I tried to disable at Apache level using 'Require method GET POST' then mod_auth_openidc did not work; Any points or help is appreciated
-- Thank you
Thank you, I was able to resolve the issue with a workaround.
The issue was due to XHRs Request was getting Blocked(cors), as the OAuth server is in different domain
Changing the OIDCSessionInactivityTimeout to 24hrs worked and resolved the issue
Below link provides the full inside and configuration
- How to get a pandas dataframe from an apache log?
- apache2 service Failed on restart - Failed to start apache2.service: Unit not found
- Unable to establish SSL connection, how do I fix my SSL cert?
- Cannot resolve symbol 'IOUtils'
- phpMyAdmin in Xampp not working
- Leaflet.js - can't get my current location on some browsers
- How to Show a 503 Error for a Single Page
- How to Show a 503 Error for a Specific URL on a Website Using .htaccess
- Why can Ruby apparently not find the Capistrano current directory?
- AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.24.0.2. Set the 'ServerName' directive globally
- PHP8.3 - Can't load php_curl (Windows 11, Apache 2.4.53)
- localhost blocked on Chrome with "Privacy Error"
- Sending JSON Data to Solr using cUrl
- How to specify where flask should store cookies (flask Session)
- Laravel | Shared hosting routes not working properly
- 403 Forbidden error when uploading files from Postman to PHP API
- PHPMyAdmin max upload size will not change, wrong php.ini file
- NotOLE2FileException: Invalid header signature; read 0x0000000000000000, expected 0xE11AB1A1E011CFD0
- How do I skip certains rules for parameter in a path in ModSecurity?
- tomcat startup issue on windows with intellij-idea
- How to enable local network users to access my WAMP sites?
- Configure Apache2 to host REST API
- Fatal Error Call to undefined function curl_init()
- Setup Node.JS Server on Ubuntu
- PHP and mod_fcgid: ap_pass_brigade failed in handle_request_ipc function
- How can Sinatra be configured to run within a virtual sub-directory of a reverse proxy?
- Apache config: RewriteRule in <If> block never rewrites
- .htaccess 403 Forbidden
- How can i show the images outside the web root directory in my php application?
- XAMPP installation on Win 8.1 with UAC Warning