Improve OIDC session handling logic

Introduce conditional session refresh middleware addition based on new 'SessionValidity' config option. This change ensures that the OIDC session refresh middleware is only appended to the Django settings when a valid session expiry period is configured, enhancing the flexibility and configurability of authentication sessions. The expiry time is converted from minutes to seconds to align with OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS requirements.
2024-01-13 14:25:33 +01:00 · 2024-01-13 14:25:33 +01:00 · ea09e6a49e
parent f11311c69c
commit ea09e6a49e
1 changed files with 3 additions and 1 deletions
--- a/pix360/settings.py
+++ b/pix360/settings.py
@ -127,7 +127,9 @@ if "OIDC" in CONFIG:
    OIDC_CREATE_USER = CONFIG.getboolean("OIDC", "CreateUsers", fallback=False)
    OIDC_RP_SIGN_ALGO = CONFIG.get("OIDC", "Algorithm", fallback="RS256")

-    MIDDLEWARE.append("mozilla_django_oidc.middleware.SessionRefresh")
+    if expiry := CONFIG.getint("OIDC", "SessionValidity", fallback=0):
+        MIDDLEWARE.append("mozilla_django_oidc.middleware.SessionRefresh")
+        OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = expiry * 60

 AUTH_PASSWORD_VALIDATORS = [
    {