Integration and Sharing Refresh Tokens in Corteza for OIDC Authentication

💻 Core Engineering
#1

Hi Corteza Community,

I’m working on integrating multiple applications with Corteza as the main panel, and I’m facing challenges related to handling refresh tokens obtained through OIDC authentication.

Here’s a summary of the issues I’m encountering:

  1. Accessing Refresh Tokens via Auth Client API:
    • I’ve noticed that Corteza stores refresh tokens obtained through OIDC in its database. However, I’m struggling to find a way to access these refresh tokens programmatically using the Corteza Auth Client API. I would appreciate any guidance or insights on how to retrieve and utilize these refresh tokens through the API.
{
  "Code": "",
  "Scope": "profile api",
  "Access": "ZDE4MDCXMTGTNMRHOS0ZYTMZLWI3ZJQTMTQXNDY0OWQ3ZJG4",
  "UserID": "356446617575882755 355472184640077827",
  "Refresh": "MWI3ZWY1Y2MTNJVIZS01YZCXLWI2ZTGTNTFLN2JJMDIWNJI4",
  "ClientID": "355472187559247875",
  "RedirectURI": "http://localhost:18080/auth/callback",
  "CodeCreateAt": "0001-01-01T00:00:00Z",
  "CodeChallenge": "",
  "CodeExpiresIn": 0,
  "AccessCreateAt": "2023-11-15T07:17:22.48149918Z",
  "AccessExpiresIn": 7200000000000,
  "RefreshCreateAt": "2023-11-15T07:17:22.48149918Z",
  "RefreshExpiresIn": 259200000000000,
  "CodeChallengeMethod": ""
}
  1. I’m exploring the possibility of using the Admin->Aplication->App selector->Configuration Box to facilitate the sharing of refresh tokens between Corteza and other applications. The goal is to establish seamless OIDC authentication, allowing users to access other applications from the Corteza main panel without the need for additional logins. If anyone has experience with this or has suggestions on the best practices for handling such configurations, I’d greatly appreciate your input.

Thank you in advance for your assistance!

1 Like
#2

Did you figure out the solutions for 2 of them?

1 Like
#3

Refresh tokens are presented to you when you obtain the access token.

I would strongly suggest you do not share Corteza access/refresh tokens between different applications; grab a token for each application.
As a side note, IIRC, if you refresh the token, the old token gets expired so you can’t really share those regardless

#4

I’ve implement a Nextjs project running with Corteza (proxy with nginx). Although same domain but still get errro when call auth/default-client api. Here are the error:

Screenshot 2024-04-02 at 15.16.52
Screenshot 2024-04-02 at 15.16.52756×218 23.3 KB

Screenshot 2024-04-02 at 15.17.08

#5

what’s the second successful (I’m guessing) request?

#6

It’s not. It will only success if I access the Corteza first (at root /) then access the my custom application by it’s handle (e.g: /chat-module). I’m reading the corteza vue lib to remake it with NextJS, But still struggle