Once a web application user is logged in using OpenID Connect, the state of his session must be regularly checked (see OpenID Connect Session Management).
When a session has expired, a silent renewal can be performed or a simple redirect to the logout page instead.
We could use the oicd-client.js library to ease the implementation.
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Migrated | gitlab-migration | T3082 Improve Save Code Now handling | ||
| Migrated | gitlab-migration | T1226 Save code now email notification for submitter | ||
| Migrated | gitlab-migration | T2217 Plumbings | ||
| Migrated | gitlab-migration | T2219 Authentication / authorization | ||
| Migrated | gitlab-migration | T1982 Add user authentication and permissions to swh-web | ||
| Migrated | gitlab-migration | T2048 Use OpenID Connect to authenticate and authorize users in Django | ||
| Migrated | gitlab-migration | T2248 Check OIDC user session state in frontend |
After experimenting with both session renewal approaches, the backend one seems a better choice here as it is quite easy to implement using a custom Django middleware.
So checking user session state on the frontend is not a real necessity, closing this as Wontfix.