You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When visitor access token is refreshed, the role information directly assigned from ExtCell entries.
This problem has long been there for years but somehow not found so far since it can only be observed after the token is refreshed (usually after 1 hr expiration time.)
Original Incident (from dixon)
It seems that refreshed vis token seems not working
Below are the introspected results of the tokens.
ME
Both access token and refreshed access token can access own Cell's box.
Now after writing some tests trying to reproduce the problem, I still cannot reproduce it yet but have noticed that the role URL is in path-based format whereas the unit is obviously run in sub-domain mode. Probably the problem should lie somewhere around here.
shimono
changed the title
Refreshed Visitor Access Token cannot access target Cell's box
Refreshed visitor access token does not have Roles directly assigned from ExtCell.
Mar 5, 2020
Problem
When visitor access token is refreshed, the role information directly assigned from ExtCell entries.
This problem has long been there for years but somehow not found so far since it can only be observed after the token is refreshed (usually after 1 hr expiration time.)
Original Incident (from dixon)
It seems that refreshed vis token seems not working
Below are the introspected results of the tokens.
ME
Both access token and refreshed access token can access own Cell's box.
Access token ("AR~vsF") to access my box:
{
"sub": "https://dixonsiu.appdev.personium.io/#me",
"iss": "https://dixonsiu.appdev.personium.io/",
"active": true,
"exp": 1574153285,
"iat": 1574066885,
"client_id": "https://app-personium-calendar.appdev.personium.io/",
"p_roles": [
]
}
Refresh token ("RR~2XfU") of the above:
{
"sub": "https://dixonsiu.appdev.personium.io/#me",
"iss": "https://dixonsiu.appdev.personium.io/",
"active": true,
"exp": 1574153287,
"iat": 1574066887,
"client_id": "https://app-personium-calendar.appdev.personium.io/",
"p_roles": [
]
}
Refreshed access token ("AR~_s0icPE") of 1:
{
"sub": "https://dixonsiu.appdev.personium.io/#me",
"iss": "https://dixonsiu.appdev.personium.io/",
"active": true,
"exp": 1574070487,
"iat": 1574066887,
"client_id": "https://app-personium-calendar.appdev.personium.io/",
"p_roles": [
]
}
Friend
Only the access token can access a friend's box. After it is refreshed, it no longer accesses a friend's box anymore.
Access token ("AV~cqp4...") to access a friend's box:
p_roles not empty.
Refresh token ("RV~DrEWrl...") of the above:
{
"active": false
}
Refreshed access token ("AV~bhYm2-...") of 1:
p_roles are empty.
{
"sub": "https://dixonsiu.appdev.personium.io/#me",
"aud": null,
"iss": "https://shimono.appdev.personium.io/",
"active": true,
"exp": 1574068286,
"iat": 1574064686,
"client_id": "https://app-personium-calendar.appdev.personium.io/",
"p_roles": [
]
}
The text was updated successfully, but these errors were encountered: