Page MenuHomeSoftware Heritage

Handle webapp authentication error when session is no longer active
Closed, ResolvedPublic

Description

When a user has authenticated through Keycloak in the webapp, its OpenID Connect profile is put in
cache in order to simplify authentication on each HTTP request and avoid sending too much requests
to the Keycloak server.

Nevertheless, when a user session has been terminated without using the logout link (for instance a user
can logout from all its authenticated sessions using the Keycloak account UI), the expired OIDC profile is
still in webapp cache which causes errors and prevent new user logins (related sentry issue).

We should catch error related to no longer active Keycloak user session in django authentication backend
and remove the expired OIDC profile from cache to allow user to properly login again.