Unusable OAuth refresh token

[tennox]

I'm developing an app an chose to use our existing Nextcloud as OAuth SSO - which is great in general 👍 - but currently requires users to re-authenticate with Nextcloud very frequently, which is quite tedious (see #17165).

The access token has an expiry of 1 hour, which is rather short, but fine - as long as the refresh token has a long validity, but I don't think this is the case for Nexcloud - the refresh token seems to have the same expiry.

Auto-refreshing the token from my backend for every user every hour seems a bit overkill ... I switched to client-side OAuth, so that's not a possibility either

I would opt for changing this refresh token validity. At least make it configurable. (also the 1h on the access token imho)

[tennox]

I respect it's not high on your priority list - but it's very unfortunate to not have a working token refresh workflow.
users always need a popup to sign in again.

The code explicitly says "We handle the initial and refresh tokens the same way", so I think this is a structural issue 🤔

Do you need details?
Am I doing something wrong?
Do I have to enter the codebase and craft a PR? (& would you accept it?)

[joshtrichards]

I'm not familiar with this area of code nor have I looked too closely, but any chance #40766 was targeting this?

Cc: @julien-nc