Details
-
Type:
Task
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Labels:None
-
Story Points:3
-
Epic Link:
-
Sprint:Spring 5 : 16 Mar to 27 Mar, Spring 6 : 30 Mar to Apr 10, Spring 7 : 13 Apr to 24 Apr, Spring 8 : 24 Apr to 8 May, Spring 8 : 11 May to 25 May, Spring 9 : 25 May to 8 Jun, Summer 1: 8 Jun - 19 Jun
Description
Situation: The access token generated by CyVerse automatically expires after 57,600 seconds (16 hours). This effectively forces users to log back in to the system every day. Unfortunately there is no way around this as refresh tokens do not exist for the Terrain API (as of March 23, 2020). After the access token has expired, if a user does anything in BioViz Connect that requires an API call, they receive an error (for example that files/folders could not be retrieved). This is somewhat confusing as it appears that something has gone wrong on our end.
Task: Come up with a user-friendly way to log the user out after 16 hours. Something like: after 16 hours the user receives a notification/popup informing them that their session has expired and that they will need to re-login. There would be a button that would return them to the CyVerse-BioViz Connect login page so they could quickly re-enter their credentials and then get back to work.
Attachments
Issue Links
- relates to
-
-
- Closed
-
Activity
Testing on Mac on chaitanya.bioviz.org on Firefox.
Using the logout URL to test: https://auth.cyverse.org/cas5/logout?service=https://chaitanya.bioviz.org/
User redirected successfully to prior location if in analyses log, home directory, shared, or community.
BioViz Connect breaks if the user is in Search when logged out. When I logged back in and it tried to redirect back to Search, it then logged me back out again and upon logging in went to connect.bioviz.org.
For the redis expiry, make sure we update the documentation for setting up the redis database.
One Edge Case to keep in mind for future purposes.
1) Search for a file
2) Hit the logout URL in another tab
3) Refresh the page
The user is redirected to the login page and when logged back in the user is shown a new list of files. The root cause for this issue is the page cannot identify which section the user is currently in from the URL after a page refresh.
All other Scenario's are working as expected.
Working correctly, closing issue.
Dr. Loraine pointed out that it would be nice if a user was returned to the same directory location when they logged back in after the token has expired.
Situation: User is in a directory, 16 hours has passed and the token expires. User is logged out and sent back to cyverse login page. User logs back in and instead of going to the base home directory, is redirected to whatever directory they were previously working in.
Thoughts: When the user is logged out and we send them to the cyverse login page (https://auth.cyverse.org/cas5/oauth2.0/authorize) we include a redirect URI. We may be able to set this as the user's current URI so that when they log back in they are sent to the directory where they were working.