Skip to content

jooby-pac4j oidc: never renew profile? #3425

New issue
New issue
Closed
Closed
jooby-pac4j oidc: never renew profile?#3425
Labels
bugpac4j
Milestone
3.1.1
@tkarlinski

Description

@tkarlinski
tkarlinski
opened on May 17, 2024

Hello,

I'm having an issue with renewing the profile after has expired (for OIDC flow).

The problem arises because the profile is cleared every time in the ProfileManager, as the class has not set the config. Consequently, the profile is never renewed.

Take a look at the code:
In Pac4JModule the current user is set as follows:

application.setCurrentUser(new Pac4jCurrentUser());

The current user class has the following method:

  public Object apply(Context ctx) {
    Pac4jContext pac4jContext = Pac4jContext.create(ctx);
    ProfileManager pm = new ProfileManager(pac4jContext, pac4jContext.getSessionStore());
    return pm.getProfile().orElse(null);
  }

Here, we have an initialized ProfileManager without a config. The config should probably be set using the public method of ProfileManager setConfig(Config config).

The getProfile method calls the removeOrRenewExpiredProfiles method in ProfileManager, which includes the following condition:

    protected void removeOrRenewExpiredProfiles(final LinkedHashMap<String, UserProfile> profiles, final boolean readFromSession) {
        var profilesUpdated = false;
        for (final var entry : profiles.entrySet()) {
            final var key = entry.getKey();
            final var profile = entry.getValue();
            if (profile.isExpired()) {
                LOGGER.debug("Expired profile: {}", profile);
                profilesUpdated = true;
                profiles.remove(key);
                if (config != null && profile.getClientName() != null) {
                    final var client = config.getClients().findClient(profile.getClientName());
                    if (client.isPresent()) {
                        try {
                            final var newProfile = client.get().renewUserProfile(profile, context, sessionStore);
                            if (newProfile.isPresent()) {
                                LOGGER.debug("Renewed by profile: {}", newProfile);
                                profiles.put(key, newProfile.get());
                            }
                        } catch (final RuntimeException e) {
                            logger.error("Unable to renew the user profile for key: {}", key, e);
                        }
                    }
                }
            }
        }
        if (profilesUpdated) {
            saveAll(profiles, readFromSession);
        }
    }

In the method you see the condition

if (config != null && profile.getClientName() != null) {

I suspect that this condition will always be null when ProfileManager is called by Pac4jCurrentUser, resulting in the profile always being cleared.

Could you please advise me on how to bypass this problem? Or perhaps it should be fixed?

Thank you.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugpac4j

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions