I am using mod_auth_openidc with Apache and varnish catch reverse proxy in front of Grafana to offload SSO OAuth2; once I login, after sometime I get the below fetch error, as I investigated the issue; found that the OAuth token gets expired and mod_auth_openidc is not able to refresh the token; I was able to trace the flow
Failed to fetch dashboard
NetworkError when attempting to fetch resource.
mod_auth_openidc token refresh flow
- Token gets expired and the http get call is redirected to oauth server with HTTP 302
- The redirection fails with http 403 error HTTP Options method is used instead of get or post
Firefox network flow --
And if the Browser is refreshed and full page gets loaded everything is fine, strange
- The mod_auth_openidc redirection to oauth server with http 302
- The token gets refreshed and oauth server redirects to the application with http 302
- The page gets loaded with http 200
Firefox network flow --
Seems like the OAuth Server is not processing the HTTP Option method; I tried to disable at Apache level using 'Require method GET POST' then mod_auth_openidc did not work; Any points or help is appreciated
-- Thank you
Thank you, I was able to resolve the issue with a workaround.
The issue was due to XHRs Request was getting Blocked(cors), as the OAuth server is in different domain
Changing the OIDCSessionInactivityTimeout to 24hrs worked and resolved the issue
Below link provides the full inside and configuration
https://github.com/zmartzone/mod_auth_openidc/issues/220