public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
oauth2-proxy/pkg/middleware
History
Francesco Pasqualini 2e1261c4be
fix: invalidate session on fatal OAuth2 refresh errors (#3333) 
* fix: invalidate session on fatal OAuth2 refresh errors

When a token refresh fails with a fatal OAuth2 error (invalid_grant,
invalid_client), the session is now cleared from the session store
and the cookie is removed, forcing re-authentication.

Previously, fatal refresh errors were logged but the stale session
continued to be served, leaving users logged in indefinitely after
their session was revoked at the provider level.

Transient errors (network timeouts, server errors) continue to
preserve the existing session as before.

Fixes #1945

Signed-off-by: Francesco Pasqualini <frapas@gmail.com>

* fix: apply review nits and add CHANGELOG entry

Signed-off-by: Francesco Pasqualini <frapas@gmail.com>
Signed-off-by: Jan Larwig <jan@larwig.com>

---------

Signed-off-by: Francesco Pasqualini <frapas@gmail.com>
Signed-off-by: Jan Larwig <jan@larwig.com>
 		2026-04-12 14:48:55 +02:00
..
testdata/metrics Add Prometheus metrics endpoint 2021-02-15 13:45:26 +00:00
basic_session.go fix(1356): test if session variable is null (#1357) 2021-09-09 12:12:29 +01:00
basic_session_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
headers.go feat: migrate google used organization id and header normalization booleans to pointers 2025-11-16 22:39:01 +01:00
headers_test.go feat: migrate google used organization id and header normalization booleans to pointers 2025-11-16 22:39:01 +01:00
healthcheck.go (#649) Remove blank helthcheck user agents and paths when setting up the healthcheck middleware 2020-07-06 14:07:38 +12:00
healthcheck_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
jwt_session.go Add --bearer-token-login-fallback option (#2924) 2025-04-21 13:40:39 +01:00
jwt_session_test.go adapting unit tests and fixing minor issues introduced with the derefing 2025-11-16 22:38:57 +01:00
metrics.go Add Prometheus metrics endpoint 2021-02-15 13:45:26 +00:00
metrics_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
middleware_suite_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
readynesscheck.go feat: readiness check (#1839) 2022-12-23 09:08:12 +00:00
readynesscheck_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
redirect_to_https.go Make HTTPS Redirect middleware Reverse Proxy aware 2021-01-16 13:55:48 -08:00
redirect_to_https_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
request_logger.go Move Logging to Middleware Package (#1070) 2021-03-06 17:27:16 +00:00
request_logger_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
scope.go Request ID Logging (#1087) 2021-03-21 18:20:57 +00:00
scope_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
session_utils.go Add Basic Auth session loader middleware 2020-07-19 17:21:42 +01:00
session_utils_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
stored_session.go fix: invalidate session on fatal OAuth2 refresh errors (#3333) 2026-04-12 14:48:55 +02:00
stored_session_test.go fix: invalidate session on fatal OAuth2 refresh errors (#3333) 2026-04-12 14:48:55 +02:00