OIDC Session Refresh

We have a scenario where we have integrated with custom SSO via OIDC Module. It is working fine. So when the User logs in via the custom SSO Login Page, he is redirected to Homepage of the Mendix App after successful sign in.   Now the user is continously using the Application for 1 hour and we need to refresh the SSO again at the end of it so further actions are not rejected by the custom SSO, because the custom SSO provides an access token which we are internally using to call various APIs and they will fail to work if the SSO session is expired.   Currently the SSO session will expire after 1 hour, but the Mendix session is automatically refreshed by the runtime. So we need to identify the 1 hour time and also refresh the custom SSO Session.   Has anybody done this before ?   Thanks & Regards, Aniketh
1 answers

Hi Aniketh,


The following makes the assumption that you are using the platform supported OIDC module at version 2.0 or higher.


Your experience is correct in that the Mendix session is kept alive by user activity and it is separate from the SSO session which is usually based on the expiration datetime of token obtained from your IDP during SSO login. 


The OIDC module contains 2 helpful microflows for making use of the token:

1. GetCurrentToken - will return the OAuth token for the currently logged in user that was obtained during the SSO process.

2. GetNewAccessTokenUsingRefreshToken - will use the refresh token (if available) of the currently logged in user to obtain a new token and update the OIDC user token with a new one.  Using this as an initial step in your API calls will ensure the user has a valid and non-expired token. 


Your Azure app registration and OIDC configuration will need to include the offline_access scope for a refresh token to be included in the original SSO response.