Replies: 1 comment
-
|
This is a longstanding feature request, see this open PR: #2428
i think to do this securely is not trivial. personally from UX perspective I think the OIDC mapper should not update whenever I log in, I would find such a behaviour very annoying as user - but I can understand that that is more a subjective view and there are probably use cases where it makes sense. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I would like to refresh data from OIDC provider every time user logs in. Currently it does not seem to be possible. It seems OIDC mapper will only trigger on registration.
Another option seems to use after login hook and ask for OIDC credentials from identity and use accessToken that is stored there. But this token is only from the initial user registration. It will expire fast and will be useless. Refresh token is most of the time empty (would need to do some annoying things to get that from google for example) and is also only the initial token. If you use it for the first time then most OIDC providers will invalidate it but Kratos does not save the new refreshToken anywhere.
I think Kratos should expose accessToken to the after login hook on every OIDC login. Then we could build whatever logic we want to get the new data. I don't think that should even be stored.
Beta Was this translation helpful? Give feedback.
All reactions