> I had gotten the service processes to work with the approach I documented above -- use interactive login to grab a token which saves into oidctoken.dat. This approach worked multiple times, but it would often need to re-interactive login after only one or two runs instead of successfully refreshing.
- Just reviewing the TryDoRefreshTokenAsync source (OidcToeknManager), the refresh tokens themselves supposedly have a short shelf-life (“refresh tokens are always one time use only so we need to store this new refresh token we got so it can be used the next time”)
- After breaking into the code, I gathered my refresh tokens and ran them through https://jwt.io/
- My expiry is coming back as a week from today - which is a bit surprising given the comment
I’ll run some further tests around the jwtExpiryTimeHours to see how this interacts with the refresh token. If you see any anomalous behaviour on your end, please do add it back to this thread as I’m coalescing all of this into a Knowledge Base article on auth debugging for Horde.
Edit:
- Further tests completed - if a Token is hand presented via the BuildConfiguration.xml <Horde><Token>token from api/v1/admin/token</Token></Horde>, the entire refresh path will be circumvented and TryDoRefreshTokenAsync won’t be invoked, so you should be in the clear on this
Julian