Network errors with OIDC authentication cause unintended user logout

[asalimonov]

Describe the bug

Users are being logged out unexpectedly when experiencing network connectivity issues during refreshing page or during navigation between page. As I noticed OCIS Web incorrectly treats temporary network failures as authentication errors, resulting in immediate session termination and redirection to the access denied page.
I have not seen such behavior before, tested on other online services, nothing similar.

I noticed this bug because Safari cancels a context of the current requests upon receiving a page refresh event. This causes the Vue application to throw an exception and subsequently force a logout.

Steps to reproduce

1. Log in to the application using OIDC authentication
2. Trigger one of the following scenarios
3.Perform a fast page refresh (F5)
    * Perform a fast page refresh (F5)
    * Simulate slow/unresponsive network conditions using browser dev tools
    * Short downtime of OIDC service (Authelia in my case)
4. Observe the logout behavior and error messages

Expected behavior

User shouldn't be logged out in case several page refresh events or during network connectivity issues between User's web browser and OIDC service.

Temporary network failures should not trigger logout
System should retry failed requests with appropriate backoff strategy
User session should remain intact during brief network interruptions.

Actual behavior

User is immediately logged out upon network error
Error messages displayed:
Something went wrong
We're having trouble connecting to the login service. If the problem continues, please contact support.

Browser's console contains errors:

  TypeError: Load failed
  [authService:initializeContext] - updating context with saved access_token
  code: "ERR_NETWORK"
  config: {transitional: {silentJSONParsing: true, forcedJSONParsing: true, clarifyTimeoutError: false}, adapter: ["xhr", "http", "fetch"], transformRequest: Array, transformResponse: Array, timeout: 0, …}
  message: "Network Error"
  name: "AxiosError"
  request: XMLHttpRequest {listeners: Object, onreadystatechange: null, readyState: 4, timeout: 0, withCredentials: false, …}
  Fetch API cannot load https://auth.{{ domain }}/.well-known/openid-configuration due to access control checks.

Setup

- Web version: 12.0.2
- oCIS version: 7.2.0
- browser: Safari

Additional context

No response

[LukasHirt]

Hi @asalimonov, thank you for the thorough report. The situation is indeed bad. We'll look into implementing a recovery logic so that users do not lose their active sessions.